3TB of Airport Personnel Records Exposed on Unsecure AWS Server

3TB of Airport Personnel Records Exposed on Unsecure AWS Server

Recently, sensitive data belonging to airport staff in Colombia and Peru was exposed due to an unsecured server. According to the SafetyDetectives cybersecurity team, the server belongs to Securitas. This Stockholm, Sweden-based organization provides on-site guarding, business risk management, electronic security solutions, and fire & safety services.

SafetyDetectives said in a report that one of Securitas’ AWS S3 buckets was not properly protected, exposing over one million data to the internet. The server had around 3TB of data, including airport staff information, dating back to 2018. While the team was unable to study every entry in the database, they were able to identify these four airports in the leaked files:

  1. El Dorado International Airport (COL) 
  2. Alfonso Bonilla Aragón International Airport (COL) 
  3. José María Córdova International Airport (COL)  
  4. Aeropuerto Internacional Jorge Chávez (PE)

The two primary databases connected to Securitas and airport personnel were kept in the misconfigured AWS bucket, requiring no authentication to access. ID card photographs, personally identifiable information (PII), such as names, photos, occupations, and national ID numbers, were among the leaked documents.

Photographs of fueling lines, airline staff, planes, and luggage handling were also discovered in the bucket, as per SafetyDetectives. Unstripped .EXIF data in these images was stolen, revealing the time and date of their capture as well as specific GPS coordinates.

“Considering Securitas’ strong presence throughout Colombia and the rest of Latin America, companies in other industries could have been exposed,” researchers said. “It’s also probable that various other places that use Securitas’ security services are affected.”

The bucket also contained the application IDs specified within mobile applications. The IDs were used for airport operations, such as incident reports, which led the researchers to the most likely owner.

On October 28, 2021, the cybersecurity researchers contacted Securitas and followed up on November 2 after receiving no answer. Securitas had a meeting with the staff and protected the server the next day. The Swedish CERT was also notified.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.