Nearly every American household has been affected by a massive data breach that exposed their private information, but few people even know about it yet.
A “cyber risk team” of security researchers with UpGuard says Alteryx left a cloud-based data repository open to online access earlier this year. The Experian consumer credit reporting agency, already involved in one of the biggest data breaches in history, is a partner of Alteryx, a California-based data analytics firm.
In a statement, UpGuard reported:
Exposed within the repository are massive data sets belonging to Alteryx partner Experian, the consumer credit reporting agency, as well as the US Census Bureau, providing data sets from both Experian and the 2010 US Census. While the Census data consists entirely of publicly accessible statistics and information, Experian’s ConsumerView marketing database, a product sold to other enterprises, contains a mix of public details and more sensitive data.Taken together, the exposed data reveals billions of personally identifying details and data points about virtually every American household.
From home addresses and contact information, to mortgage ownership and financial histories, to very specific analysis of purchasing behavior, the exposed data constitutes a remarkably invasive glimpse into the lives of American consumers. While, in the words of Experian, “protecting consumers is our top priority,” the accumulation of this data in “compliance with legal guidelines,” only to then see it left downloadable on the public internet, exposes affected consumers to large-scale misuse of their information – whether through spamming and unwanted direct marketing, organized fraud techniques like “phantom debt collection,” or through the use of personal details for identity theft and security verification.
While many consumers will likely be troubled by the ability of private corporations to legally collect and sell this data, ranging from publicly available information to sensitive financial details, this exposure highlights a number of growing forms of cyber risk with systemic implications. The continuing concentration of data by a number of large enterprises, now wielding powerful technology of the sort provided by Alteryx, has not been accompanied by greater prudence and process improvement necessary to ensure that the data will remain securely stored. The result has been, in the same way warming waters increase the power of hurricanes, that data exposures such as this are capable of exposing the vast majority of American households to compromise with one error.
Finally, this incident reveals just how thoroughly third-party vendor risk is corroding the integrity of any public and private functions relying upon information technology. The exposure of massive amounts of data about many millions of American households gathered by a credit reporting agency reveals how the consequences of cyber insecurity can, in an increasingly interdependent technological environment, quickly afflict partners and expose their data as well.
An Alteryx spokesperson told Forbes it fixed the breach, and denied the exposed information put anyone at risk of identity theft. But Upguard researchers say that statement was “incredibly misleading,” adding:
“I do not understand how anyone could possibly claim there is no risk posed here. Addresses, phone numbers, banking, ethnicity, etc. is all present. There is a great deal of harm that could be done with this information.”
Upguard said the breach was detected Oct. 6, allowing anyone with an Amazon Web Services account access to the personal data of at least 123 million American households.
Full article: Data Breach Affecting ‘Nearly Every American Household’ (TruNews)
Note: For archiving purposes, a full version of the article will remain here.