Unsecured AWS server exposed 3TB in airport employee records


Level 85
Thread author
Honorary Member
Top Poster
Content Creator
Malware Hunter
Aug 17, 2014
An unsecured server has exposed sensitive data belonging to airport employees across Colombia and Peru.

On Monday, the SafetyDetectives cybersecurity team said the server belonged to Securitas. The Stockholm, Sweden-based company provides on-site guarding, electronic security solutions, enterprise risk management, and fire & safety services. In a report shared with ZDNet, SafetyDetectives said one of Securitas's AWS S3 buckets was not appropriately secured, exposing over one million files on the internet.

The server contained approximately 3TB of data dating back to 2018, including airport employee records. While the team was not able to examine every record in the database, four airports were named in exposed files: El Dorado International Airport (COL), Alfonso Bonilla Aragón International Airport (COL), José María Córdova International Airport (COL), and Aeropuerto Internacional Jorge Chávez (PE).

The misconfigured AWS bucket, which did not require any authentication to access, contained two main datasets related to Securitas and airport employees. Among the records were ID card photos, Personally identifiable information (PII), including names, photos, occupations, and national ID numbers. In addition, SafetyDetectives says that photographs of airline employees, planes, fueling lines, and luggage handling were also found in the bucket. Unstripped .EXIF data in these photographs was exfiltrated, providing the time and date the photographs were taken as well as some GPS locations.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.