Orsegups Participacoes, a Brazilian physical security company, exposed over 25GB of files through an unsecured Amazon Simple Storage Service (S3) bucket. The documents stored on the server included tax documents, receipts, payment slips, and a series of invoices for clients, both residential and commercial, who have used this service. The invoices included information such as the clients’ full name, Social Security numbers, addresses, and telephone numbers. The company stated that the S3 bucket “only stored legacy files from a portal that had already been disabled in 2017, in an AWS account that is no longer used.” Orsegups has its security team monitoring for the information being posted online.
Analyst Notes
As common with data leaks such as unsecured S3 buckets, the company typically does not know how long the data was exposed publicly. It is unclear if the data was accessed by an unknown party, which is why the company is monitoring to see if it gets posted publicly. Tax information and other documents with Social Security numbers are highly sought-after by threat actors for various reasons in Darknet forums and marketplaces. Information obtained from these documents during tax season can allow actors to file false tax returns. Commonly, S3 buckets and other types of servers are left unsecured due to companies not knowing how to properly configure them. Any company that uses cloud storage solutions should ensure their server settings are secure and if they are having trouble doing so should seek help to prevent leaks. More information can be found here: https://www.zdnet.com/article/brazilian-security-firm-exposes-more-than-25-gb-of-client-and-staff-data/?&web_view=true
