Security researchers disclosed a series of leaky databases on Monday that the researchers said includes data from State Farm, Sheet Metal Workers Union, Anchor Loans, and the U.S. military.
The leaks, disclosed by a research team at MacKeeper, highlight the challenges of securing customer data as small to mid-sized enterprises allow third-party consultants wide-scale access to customer data. Three of the leaking databases were discovered by MacKeeper security researcher Chris Vickery. According to a MacKeeper blog post, the insecure databases discovered by Vickery included Sheet Metal Workers Union, Goldberg Miller & Rubin, and the military consultant Venturist Inc.
Goldberg Miller & Rubin, a Philadelphia-headquartered law firm, was leaking approximately 3,000 detailed files that contained State Farm customer data, the post stated.
SC Media contacted the law firm on Monday to confirm the report, but the law firm's director of operations and marketing was unable to comment by press time.
Venturist Inc., a military consultant that was founded by Col. John Warden, provides strategic advice to the U.S. military. According to Vickery's blog post, an unauthenticated publicly exposed database contained data related to the U.S. Army, Navy, and Air Force Special Forces.
In a separate blog post, MacKeeper researchers disclosed an unsecured database that contained records of transaction details, investor communication logs, and client logins and passwords of the the lending company Anchor Loans. The database included social security numbers, passwords, e-mail addresses, driver's license numbers, financial details, salary and bank statements of loan applicants and the applicants' spouses.
MacKeeper spokesman Jeremiah Fowler told SC Media that the database was unencrypted and publicly available to anyone with internet access. “Once you have that information, you can even apply for a securitized loan,” he told SC Media.
The capabilities of security researchers are “dwarfed by that of hackers,” according to Alex Holden, chief information security officer at Hold Security. “If something has been found by researchers, there is a good chance that it has already been found by hackers and used ten times over,” he told SC Media.