The donation site GiveSendGo, used by truckers in Ottawa to protest against national vaccine mandates suffered a security lapse that exposed donors' passports and driver's licenses.
Amazon-hosted S3 bucket containing over 50 gigabytes of files, including passports and driver's licenses of the individuals that participated in the Freedom Convoy in Canada was found exposed.
GiveSendGo soon secured it in a short time and informed the affected individuals.
Source: https://techcrunch.com/2022/02/08/ottawa-trucker-freedom-convoy-exposed-donation/
TPRM report: https://scoringcyber.rankiteo.com/company/givesendgo-com
"id": "giv225011522",
"linkid": "givesendgo-com",
"type": "Breach",
"date": "02/2022",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of a geographical region"{'affected_entities': [{'customers_affected': 'Donors participating in the '
'Freedom Convoy in Canada',
'industry': 'Fundraising/Donation Platform',
'name': 'GiveSendGo',
'type': 'Company'}],
'attack_vector': 'Misconfigured S3 Bucket',
'customer_advisories': 'Informed affected individuals',
'data_breach': {'file_types_exposed': ['Passport files',
"Driver's License files"],
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Passports',
"Driver's Licenses"]},
'description': "A security lapse exposed donors' passports and driver's "
'licenses on the GiveSendGo donation site used by truckers in '
'Ottawa to protest against national vaccine mandates.',
'impact': {'data_compromised': ['passports', "driver's licenses"],
'identity_theft_risk': 'High',
'systems_affected': 'Amazon S3 Bucket'},
'response': {'communication_strategy': 'Informed affected individuals',
'containment_measures': 'Secured the exposed S3 bucket'},
'title': 'GiveSendGo Data Exposure Incident',
'type': 'Data Exposure',
'vulnerability_exploited': 'Misconfigured Amazon S3 Bucket'}