spot_img
spot_img

Over 7,50,000 applications for US birth certificate copies exposed online

An online company that allows users to obtain a copy of their birth and death certificate from US state governments has exposed a massive cache of applications — including their personal information.

More than 7,52,000 applications for copies of birth certificates were found on an Amazon Web Services (AWS) storage bucket. (The bucket also had 90,400 death certificate applications but these could not be accessed or downloaded.)

The bucket wasn’t protected with a password, allowing anyone who knew the easy-to-guess web address access to the data.

Each application process differed by state, but performed the same task: allowing customers to apply to their state’s record-keeping authority — usually a state’s department of health — to obtain a copy of their historical records. The applications we reviewed contained the applicant’s name, date-of-birth, current home address, email address, phone number, and historical personal information, including past addresses, names of family members, and the reason for the application — such as applying for a passport or researching family history.

The applications for copies of birth certificates from many U.S. states — including California, New York, and Texas — were left online. (Image: TechCrunch)
The applications for copies of birth certificates from many U.S. states — including California, New York, and Texas — were left online. (Image: TechCrunch)

The applications dated back to late-2017 and the bucket was updating daily. In one week, the company added about 9,000 applications to the bucket.

About Fidus Information Security

U.K.-based penetration testing company Fidus Information Security found the exposed data. TechCrunch verified the data by matching names and addresses against public records.

Fidus and TechCrunch sent several emails prior to publication to warn of the exposed data, but we received only automated emails and no action was taken. We are not naming the company. When reached, Amazon would not intervene but said it would inform the customer.

We also reached out to the local data protection authority to warn of the security lapse, but it did not immediately comment.

Read more:

Stay on top - Get the daily Stories from Vyapaar Jagat in your inbox

Recent Articles

spot_img

Related Stories

Deneme bonusu veren siteler
supertotobet1248.com
https://joyfulantidotes.com/
maltepe escort ümraniye escort ataşehir escort anadolu yakası escort
Deneme Bonusu Veren Siteler
bonus veren siteler listesi
tedxpenn.com
deneme bonusu veren siteler
deneme bonusu veren siteler
https://www.fapjunk.com
hd porno