October 24, 2023 at 06:10AM
A third-party contractor running a database without password protection exposed over 500,000 records related to vehicle seizures by the Irish National Police. The exposed data includes scanned identity documents and incident summary reports containing names and details of drivers and officers. The database is owned and operated by an unnamed Limerick-based contractor who promptly remediated the issue. Various police forces in the UK have also recently reported data incidents.
Based on the meeting notes, here are the key takeaways:
1. A third-party contractor running a database without password protection exposed over 500,000 records related to vehicle seizures by the Irish National Police (Garda).
2. The exposed records included scanned identity documents, insurance investigation inquiries, certificates of vehicle registration, and other potentially sensitive data.
3. Incident summary reports containing names and details of drivers, witnesses, and multiple Garda officers were also exposed.
4. Security researcher Jeremiah Fowler estimated that approximately 150,000 vehicle owners may have been affected by the incident.
5. The Limerick-based contractor, which owns and operates the database, promptly remediated the issue upon notification.
6. The Garda declined to comment on the findings but stated an immediate investigation has been launched.
7. The Garda spokesperson emphasized the obligations of towing companies to protect supplied information, including personal data, and extended responsibility to third-party storage providers.
8. Fowler found no evidence suggesting malicious actors accessed or exfiltrated data from the public cloud storage repository.
9. Access to the repository may have been set to “public” in error due to the need for multiple organizations, including the police and towing companies, to access the documents.
10. This incident adds to a series of data breaches reported by various police forces in the UK in recent months.
Please let me know if you need any further clarification or additional information.