An unsecured AWS server, found open to the public Internet, is the root cause of a huge compromise of data of airport employees in Colombia and Peru. This server, according to a report, belongs to Securitas, a Stockholm-based multinational company that provides security services like security guarding, fire and safety, and supply-chain risk management among others.

Affected airports

Approximately 3TB of data dating back to 2018 was housed on the server, the report says. It also names Securitas client airports most affected by this breach: El Dorado International Airport, Alfonso Bonilla Aragón International Airport, and José María Córdova International Airport in Colombia; and Aeropuerto Internacional Jorge Chávez in Peru. SafetyDetectives, who wrote the report, hasn’t examined every file in the bucket—there were almost 1.5 million files—but noted with high probability that all client airports of Securitas are affected. The report authors believe other airports in Latin America may also have been exposed.

What was leaked

A compromised AWS server exposed sensitive company data, employee PII, and datasets of Securitas employees and airport employees. These datasets include photos of ID cards and unmarked photos. As you may expect, these ID cards contain details like full names, national ID number, ID photo, and occupation.

Other data included photos of airline employees, planes, fueling lines, and more. SecurityDetectives said that exposing these photos also exposes the photos’ EXIF (Exchangeable Image File Format) data, such as GPS location, time and date, and device used to capture the images.

“Exposed employees are not just official airport staff but include staff from several different private companies, one of which was Securitas. There were photos of people, places, planes, and various other airport functions on the bucket.” the report adds.

Lastly, the exposed AWS bucket also contains Android apps used by security personnel to fulfil certain tasks like reporting incidents.

Breach impact

At this point, many of us are already familiar with the possible impacts any breach could cause to companies and affected parties.

For affected airlines, the likelihood of criminals impersonating airline and even Securitas personnel is a huge risk. This could lead to individuals or groups (think guerilla groups and terrorist organizations) gaining unlawful access to restricted areas within airline grounds.

Of course, any leaked data could be sold for profit. If not this, online criminals could target personnel whose data has been leaked, tricking them into falling for fraud and scam attempts.

Similar impersonation security infiltration attempts could happen against Securitas. On top of that, the company could face multiple sanctions and fines for violating data privacy laws against affected Colombian and Peruvian citizens.