Sensitive data on 80 million households exposed online
| Unprotected database containing sensitive data of over 80 million US households is exposed.
It’s bad enough when a large database has leaked personal information, but even more worrying when the owner of the database cannot be identified.
An unprotected database containing sensitive personal data for more than 80 million US households has been discovered hosted in a Microsoft server. The data includes full names and addresses, plus coded information such as dwelling type, gender, income, homeowner status and marital status.
So far, there are no clues as to the owner of the database.
However, all persons in the database are over the age of 40, and the presences of “member_code” and “score” in each entry suggests this is for some kind of service.
The emphasis on household information and residences suggests that the database could possibly belong to a home-oriented company. According to CNET, Rotem have said that the server that hosts the data came online in February, indicating that the data is relatively recent.
Apparently, responsibility for securing the information falls to the client renting the server. In this instance, Microsoft is merely the host. It can reach out to the customer, but it is not clear whether this has happened. Microsoft declined to comment.
Regardless of who is responsible for the data, the fact remains this is a serious privacy breach. Anyone with malicious intent could use the data for fraud, stalking or even break-ins, if the database is discovered.
This is yet another case that underscores the fragility of personal data. Personal information is only as secure as a company makes it – and individuals are rarely told how and where their data is actually stored.
Sadly, in many cases, inadaquate data protection and security is only discovered after a data breach has occured.