IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Printing company exposes 343GB of sensitive military data

The leak is the latest in a series of data blunders discovered by vpnMentor's web-mapping project

UK Printing company Doxzoo inadvertently exposed 343GB of data through a misconfigured Amazon Web Services (AWS) S3 bucket, including sensitive information said to relate to branches of the UK and US military.

Potentially more than 100,000 users were affected by the data leak, with approximately 270,000 records exposed including personal information and payment information, as well as order details, passport information, and the contents of printing orders.

Among the exposed data was the copyrighted and sensitive work of Doxzoo clients, who spanned from military personnel to screenwriters. Researchers with vpnMentor, led by Noam Rotem and Ran Locar, found a wide range of information including university course material, screenplays, and internal military documents, some of which contained classified information.

“The items contained this leak often hold private and/or confidential information within,” said vpnMentor’s research team. 

“The promise of secure facilities and systems are key selling points for clients such as the military, and the breach of that guarantee is not only a failure in service, but also potentially holds a security risk along with it.”

The security firm has been finding pockets of exposed information for many months as part of a wider web-mapping project, and have recently detailed finding several alarming troves of exposed data.

These findings include a database of 604GB of text messages run by US-based communications firm TrueDialog, as well as sensitive information from British consultancy firms and consultants such as passport scans and financial documents.

The firm previously discovered exposed US military data in October 2019 due to a flaw in a reservations management system owned by the Best Western hotel chain. Personnel working for the US Department for Homeland Security (DHS) and the military was seen by researchers from vpnMentor, including travel arrangements both past and future.

Related Resource

How enterprises are embracing cyber security challenges

Enterprises across Europe, the Middle East and Africa are undergoing a significant transformation

Download now

The countries affected include not just the US and the UK, but clients in Sri Lanka, Nigeria and India, according to researchers. The UK-based printing company has a number of high profile clients and projects, including full-length books and sought-after paid wellness plans.

Doxzoo could have avoided this leak if they had taken basic security measures to protect the S3 bucket, vpnMentor said, including securing their servers, implementing proper access rules, and preventing system that don't need authentication from being accessed by the public through the internet.

The firm first discovered the exposed database on 22 January, before notifying the company four days later. Because Doxzoo didn’t respond to vpnMentor’s communication attempts, Amazon was notified on 5 February, and the bucket was finally closed on 11 February.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Ten ways to protect your company from the next big data breach
data breaches

Ten ways to protect your company from the next big data breach

18 Feb 2022
Gumtree site code made personal data of users and sellers publicly accessible
data protection

Gumtree site code made personal data of users and sellers publicly accessible

16 Dec 2021
Pizza chain exposed 100,000 employees' Social Security numbers
data breaches

Pizza chain exposed 100,000 employees' Social Security numbers

19 Nov 2021
83% of critical infrastructure companies have experienced breaches in the last three years
cyber security

83% of critical infrastructure companies have experienced breaches in the last three years

11 Nov 2021

Most Popular

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
Open source giant Red Hat joins HPE GreenLake ecosystem
automation

Open source giant Red Hat joins HPE GreenLake ecosystem

28 Jun 2022
Carnival hit with $5 million fine over cyber security violations
cyber security

Carnival hit with $5 million fine over cyber security violations

27 Jun 2022