Chris Vickery discovered an entirely unencrypted CouchDB installation that was accessible to the public internet.
The Kingo clients' Guatemalan national ID cards' front and back were both represented in the database via high-resolution photographic photographs.
Kingo required agents to capture images of a new customer's national identification card in addition to the signed client contract.
The business immediately safeguarded the database with a password.
Source: https://mackeeper.com/blog/data-breach-reports-2016/
TPRM report: https://scoringcyber.rankiteo.com/company/kingo
"id": "kin45321823",
"linkid": "kingo",
"type": "Data Leak",
"date": "07/2016",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'location': 'Guatemala',
'name': 'Kingo',
'type': 'Company'}],
'attack_vector': 'Unsecured Database',
'data_breach': {'data_encryption': 'None',
'file_types_exposed': ['High-resolution photographic images'],
'personally_identifiable_information': ['National ID cards'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['National ID cards']},
'description': 'Chris Vickery discovered an entirely unencrypted CouchDB '
'installation accessible to the public internet. The database '
'contained high-resolution photographic images of Guatemalan '
'national ID cards of Kingo clients.',
'impact': {'data_compromised': ['Guatemalan national ID cards'],
'systems_affected': ['CouchDB installation']},
'post_incident_analysis': {'corrective_actions': ['Password protection of the '
'database'],
'root_causes': ['Unencrypted CouchDB '
'installation']},
'response': {'containment_measures': ['Password protection of the database']},
'title': 'Kingo Data Leak Incident',
'type': 'Data Leak',
'vulnerability_exploited': 'Unencrypted CouchDB installation'}