The data of train commuters in the U.K. who use the free Wi-Fi in Network Rail-managed stations were unintentionally leaked due to an unsecured Amazon Web Services (AWS) cloud storage, as reported by Security Discovery researcher Jeremy Fowler.
Among the data thought to be exposed in the leak are commuters’ travel habits, contact information such as email addresses, and dates of birth. Approximately 10,000 users were affected. Among the affected stations include London Bridge, Chelmsford, Colchester, Harlow Mill, Wickford, and Waltham Cross.
The researcher found the database online and discovered that it was not password-protected, noting that the unsecured database can provide a secondary entry point for malware infection. The leak has been brought to the attention of Wi-Fi provider C3UK, who attested that they thought that the storage can only be accessed by them and the security team, and didn’t know that the information was exposed.
The company had since secured the exposed database, which they claim to be a backup copy of the actual database. They also disclosed that they chose not to inform the U.K. Information Commissioner's Office (ICO), a non-departmental organization that upholds information rights, as the exposed data has not been stolen or accessed by any party.
Securing Cloud Storages
The risks posed by unsecured data highlight the importance of complying with data protection and privacy regulations such as General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard (PCI-DSS), and Health Insurance Portability and Accountability Act (HIPAA). These regulations require enterprises to secure personally identifiable information and any violation could lead to a fine.
To secure cloud storage platforms, enterprises should follow best practices for stronger identity and access management control and authentication. Security settings should also be configured properly.
Solutions especially curated for the security of the cloud environment can also help enterprises protect their data. Trend Micro™ Cloud One™ Cloud Conformity Security is designed to ensure real-time security for cloud infrastructure. It helps enterprises comply with regulations such as GDPR, PCI-DSS, HIPAA and industry best practices for cloud platforms and services by automating security and compliance checks. It also provides full visibility, simplified reporting, and seamless workflow integration.