More than 1,000 GB of data and over 1.6 million files from dozens of municipalities in the US were left exposed, according to a new report from a team of cybersecurity researchers with security company WizCase.
All of the towns and cities appeared to be connected through one product: mapsonline.net, which is owned by a Massachusetts company called PeopleGIS. The company provides information management software to local governments across Massachusetts, New Hampshire and Connecticut.
Ata Hakçıl and his team discovered more than 80 misconfigured Amazon S3 buckets holding data related to these municipalities. The data ranged from residential records like deeds and tax information to business licenses and job applications for government positions.
Due to the sensitive nature of the documents, many of the forms included people’s email address, physical address, phone number, driver’s license number, real estate tax information, license photographs and photos of property.
The researchers shared redacted photos of the data available.