North Dakota-based TV station Valley News Live had more than 1.8 million files from its job portal leaked due to a misconfigured Amazon AWS S3 storage bucket, according to Cybernews.
Over a million of the exposed files were applicants' resumes and CVs containing names, phone numbers, home and email addresses, birthdates, employment histories, educational backgrounds, and social media links, more than 50% of which were gathered between 2017 and 2024, reported Cybernews researchers, who warned about the potential cybersecurity risks stemming from the leaked details."The exposed data includes highly sensitive personal identifiers, creating numerous attack vectors for cybercriminals, where personal information can be used to create synthetic identities or fraudulent accounts," said researchers, who added that the Gray Television subsidiary has yet to respond to the notifications they have given.Organizations have also been urged to limit public access, leverage AWS Key Management Service for encryption keys, adopt server-side encryption and SSL/TLS protocols, and adhere to best practices to avoid leaks stemming from unsecured servers.
Over a million of the exposed files were applicants' resumes and CVs containing names, phone numbers, home and email addresses, birthdates, employment histories, educational backgrounds, and social media links, more than 50% of which were gathered between 2017 and 2024, reported Cybernews researchers, who warned about the potential cybersecurity risks stemming from the leaked details."The exposed data includes highly sensitive personal identifiers, creating numerous attack vectors for cybercriminals, where personal information can be used to create synthetic identities or fraudulent accounts," said researchers, who added that the Gray Television subsidiary has yet to respond to the notifications they have given.Organizations have also been urged to limit public access, leverage AWS Key Management Service for encryption keys, adopt server-side encryption and SSL/TLS protocols, and adhere to best practices to avoid leaks stemming from unsecured servers.
