A misconfigured AW3 bucket exposes data at D.W. Morgan

A misconfigured AW3 bucket exposes data at D.W. Morgan

https://www.websiteplanet.com/blog/dwmorgan-leak-report/

Exploit: Hacking

D.W. Morgan: Logistics and Supply Chain Management

featured-img-Three-Affiliated-Tribes-servers

Risk to Business: 1.717= Severe  Researchers at Website Planet uncovered a data breach at D.W. Morgan because of a misconfigured AW3 bucket. The exposed data included more than 2.5 million files equating to over 100GB of data related to D.W. Morgan’s clients and their shipments from 2013 to late 2021. Some files also included sensitive client data and employee PII. Website Planet revealed that records pertaining to deliveries for clients including Cisco, and Life Technologies was also exposed in files.

Qualys-server-exploited-to-steal-financial-files-img3

Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown
How It Could Affect Your Customers’ Business : Service providers like this are goldmines for cybercriminals, amping up supply chain risk for everyone.

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.