The Washington-based non-profit organization Leadership for Educational Equity (LEE) left an unprotected Elasticsearch database that contained a total of 5.2 million documents.
The accessible information included the full names of the people, their home addresses, their gender, ethnicity, corps year, prospect information, and their Salesforce ID.
The database didn’t contain any medical-related information or the payment data of the members.
It was found that the database itself was editable, contained IP addresses, ports, and pathways, so any visitor would have admin rights that would enable them to edit anything or even to dive deeper into the LEE network.
Source: https://www.technadu.com/leadership-for-educational-equity-leaks-data-3-7-million-members/76286/
"id": "LEA2489423",
"linkid": "leadership-for-educational-equity",
"type": "Data Leak",
"date": "08/2019",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"