{ "id": "8b2bea51-9d50-49c7-9438-e73b4214b1f0", "created_at": "2026-04-06T00:18:50.33839Z", "updated_at": "2026-04-10T03:30:33.003048Z", "deleted_at": null, "sha1_hash": "eab4f77c29fecc3f19bb6e5324c22c21fd5ee8c7", "title": "A Misconfigured Amazon S3 Exposed Almost 50 Thousand PII in Australia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 249475, "plain_text": "A Misconfigured Amazon S3 Exposed Almost 50 Thousand PII in\r\nAustralia\r\nArchived: 2026-04-05 14:53:34 UTC\r\nA misconfigured Amazon S3 bucket has accidentally\r\ncompromised 48,270 personally identifiable information (PII) from Australian employees working in government\r\nagencies, banks, and a utility company. The leaked PIIs include full names, passwords, IDs, phone numbers, email\r\naddresses, and some credit card numbers. Salary and expense details were also exposed.\r\n25,000 staff records involving internal expenses from insurance company AMP were exposed, while utility\r\ncompany UGL had 17,000 records exposed. Affected government agencies include the Australian Department of\r\nFinance (3,000 employee records breached) and the Australian Electoral Commission (1,470), while the National\r\nDisability Insurance Agency had their details openly accessible.  1,500 employees at Rabobank were also affected.\r\nThe Department of Prime Minister and Cabinet stated that when the Australian Cyber Security Centre (ACSC)\r\nbecame aware of the situation, they immediately contacted the external contractor and worked with them to secure\r\nthe information and remove the vulnerability.  \r\n“Now that the information has been secured, the ACSC and affected government agencies have been working with\r\nthe external contractor to put in place effective response and support arrangements,” they added.\r\nAmazon S3 is a highly scalable cloud storage service where employees can store and retrieve data from websites\r\nand mobile apps. The PIIs were reportedly exposed following a misconfiguration on the system’s Amazon S3\r\nbucket. No foul play has been suspected so far; the cause of the accidental breach points to an unnamed third-party\r\ncontractor not properly securing the web service.  \r\nThis data breach incident is not the first one involving misconfigured Amazon S3 buckets this year. Financial\r\npublishing firm Dow Jones \u0026 Company exposed data including names, addresses, and partial credit card numbers\r\nof 2.2 million customers. Researchers also discovered a trove of sensitive corporate data in a publicly accessible\r\nAmazon S3 bucket owned by Verizon. Thousands of files containing PII of US citizens with classified security\r\nclearance were also compromised.\r\nhttps://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/a-misconfigured-amazon-s3-exposed-almost-50-thousand-pii-in-australia\r\nPage 1 of 2\n\nThis latest incident follows the massive data breach that took place in Australia a year ago when 1.2 million\r\nrecords relating to 550,000 blood donor applicants from the Australian Red Cross Blood Service were exposed.\r\nThe private information contained in the leaked records included answers to a sensitive question on whether the\r\napplicant had engaged in risky sexual behavior over the past year. Other compromised information included\r\nnames, blood types, birth dates, email and snail mail addresses and phone numbers.\r\nSolutions\r\nTrend Micro Deep Security as a Service is optimized for AWS, Azure, and VMware to protect servers instantly. It\r\nreduces strain on your overburdened IT department by offloading security set up, management, and system\r\nupdates to Trend Micro. Deep Security as a Service can start securing servers immediately without system\r\ninstallation or configuration.\r\nOrganizations should also choose the right cloud security solution for their organizations based on what can give\r\nthem the most protection. Trend Micro Deep Security for Cloud can provide proactive detection and prevention of\r\nthreats, while Hybrid Cloud Security provides optimal security for hybrid environments that incorporate physical,\r\nvirtual, and cloud workloads.\r\nHIDE\r\nLike it? Add this infographic to your site:\r\n1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your\r\npage (Ctrl+V).\r\nImage will appear the same size as you see above.\r\nSource: https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/a-misconfigured-amazon-s3-exposed-almost-50-thousand\r\n-pii-in-australia\r\nhttps://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/a-misconfigured-amazon-s3-exposed-almost-50-thousand-pii-in-australia\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MITRE" ], "references": [ "https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/a-misconfigured-amazon-s3-exposed-almost-50-thousand-pii-in-australia" ], "report_names": [ "a-misconfigured-amazon-s3-exposed-almost-50-thousand-pii-in-australia" ], "threat_actors": [ { "id": "75108fc1-7f6a-450e-b024-10284f3f62bb", "created_at": "2024-11-01T02:00:52.756877Z", "updated_at": "2026-04-10T02:00:05.273746Z", "deleted_at": null, "main_name": "Play", "aliases": null, "source_name": "MITRE:Play", "tools": [ "Nltest", "AdFind", "PsExec", "Wevtutil", "Cobalt Strike", "Playcrypt", "Mimikatz" ], "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434730, "ts_updated_at": 1775791833, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/eab4f77c29fecc3f19bb6e5324c22c21fd5ee8c7.pdf", "text": "https://archive.orkl.eu/eab4f77c29fecc3f19bb6e5324c22c21fd5ee8c7.txt", "img": "https://archive.orkl.eu/eab4f77c29fecc3f19bb6e5324c22c21fd5ee8c7.jpg" } }