Exploit: Unsecured Database
CaptainU: College Recruiter
Risk to Small Business: 1.117 = Extreme
Cybersecurity researchers recently uncovered an unsecured Amazon S3 (Simple Storage Service) bucket containing nearly 1 million records of sensitive high school student academic information. The exposed data included GPA, ACT, SAT, and PSAT scores, unofficial transcripts, student IDs, students’ and parents’ names, email addresses, home addresses, and phone numbers – plus pictures and videos of students’ athletic achievements, messages from students to coaches, and other recruitment materials. The files are still available.
Individual Risk: 1.190 = Extreme
CaptainU is claiming that this information was always intended to be publically available, although that message differs from what parents and students were told about how information was shared by the company. Any student with a profile at this company should consider their information exposed and take appropriate measures against identity theft, spear phishing, fraud, and other criminal uses.
Customers Impacted: 1 million
How it Could Affect Your Customers’ Business: Handling sensitive data, especially for children, creates an extra level of responsibility. Companies that fail at taking that seriously will inevitably lose business. This incident also opens CaptainU up to regulatory scrutiny and lawsuits.