The personal data of more than 752,000 applicants filed to obtain copies of birth and death certificates was found on an unprotected Amazon Web Services database.
The leaked data has been tracked back to a company that provides the online request forms for copies of birth and death certificates to state governments. States contracting with the company include California, New York, and Texas. The publicly available data includes names, mailing addresses, email addresses, phone numbers, family information, and birth dates.
Cybersecurity company Fidus Information Security found the data online with no password protection a situation that was later verified by TechCrunch. Prior to publishing their findings warnings were sent to the company responsible for the data compromise. No action had been taken to secure the data at the time of publication of this blog post.
Misconfigured AWS storage continues to be a persistent source of data leaks and compromises, affecting companies including Capital One, Dow Jones, Sprint, and others.
Read the original report here.