Assist Security, a London-based private security firm catering to hospitals, rail operators, and luxury fashion brands, had 124,035 files amounting to 46.48 GB exposed as a result of a server misconfiguration, The Register reports.
Included in the data exposed by the server were personally identifiable information, job application forms, Security Industry Authority cards, payroll details, TrustID validated documents, and invoices from up to two decades ago, according to independent security researcher JayeLTee, who noted the lack of encryption for the leaked payroll information. Immediate action to secure the open server has been taken by Assist Security upon JayeLTee's disclosure. "In light of new information we have received, we continue to engage with the ethical hacker to understand the extent of data they may have unlawfully exfiltrated and be retaining. This includes working with them seeking to ensure the secure deletion of any unlawfully retained data and further reviewing the facts to determine if notifications to regulatory bodies, such as the ICO, impacted individuals or law enforcement are warranted," said Assist Security.
Included in the data exposed by the server were personally identifiable information, job application forms, Security Industry Authority cards, payroll details, TrustID validated documents, and invoices from up to two decades ago, according to independent security researcher JayeLTee, who noted the lack of encryption for the leaked payroll information. Immediate action to secure the open server has been taken by Assist Security upon JayeLTee's disclosure. "In light of new information we have received, we continue to engage with the ethical hacker to understand the extent of data they may have unlawfully exfiltrated and be retaining. This includes working with them seeking to ensure the secure deletion of any unlawfully retained data and further reviewing the facts to determine if notifications to regulatory bodies, such as the ICO, impacted individuals or law enforcement are warranted," said Assist Security.
