Cybernews reports that Oberlin Marketing had more than 320,000 sensitive files, most of which are Medicare applications, leaked by a misconfigured Amazon AWS S3 bucket, which remains unsecured despite several notifications to the Indiana-based insurance brokerage company.
Medicare applicant data inadvertently exposed included individuals' names, birthdates, home addresses, genders, phone numbers, signatures, health information, and financial details, according to Cybernews researchers, who discovered the unprotected AWS S3 bucket.
"Cybercriminals may exploit this information to access financial services or conduct unauthorized transactions, which could cause significant financial and reputational damage to victims. For Medicare clients, who may be elderly, such fraud could have particularly severe long-term consequences," said researchers.
Organizations have been urged to better protect their data from such unintentional exposures by strengthening access controls and updating permissions, as well as leveraging AWS Key Management Service for encryption key management, activating server-side encryption, and tracking access logs for potential unauthorized access.
