Unprotected Azure Database Exposed Data On 80 Million US Households
There were approximately 127 million US households in 2017, this unprotected Microsoft Azure database exposed information on 80 million of them, or approximately 62%. However, the owner of said database still remains a mystery. The type of data exposed included the full name (first, last, and middle initial); full addresses, including street addresses, cities, counties, states, and ZIP codes; exact longitude and latitude; and dates of birth of every person in the household. Yes, the kids too! In addition, the researchers referenced in the attached article, stated they also observed the “title, gender, marital status, income, homeowner status and dwelling type.” It is fair to note that the researchers did not discover any social security numbers.
If you recall in previous posts, we discussed that, out of the box, Microsoft and AWS cloud services supply and secure the infrastructure for cloud platforms. However, they do not secure the databases that sit on that infrastructure, that is the responsibility of the customer.
When the mystery company in question finally has to come clean and confess that they had an unprotected Microsoft Azure database exposed to the internet for an unknown period of time the discussion about a federal privacy regulation will take center stage yet again. There are approximately 13 million households in California, therefore the California Consumer Privacy Act will also take the stage, shedding light on the reason the legislation exists and possibly strengthening the argument by supporters that it should not be watered down.