MPD FM

MPD FM, a facility management and security company providing services to various UK government departments, left an open instance that exposed employee passports, visas, and other sensitive data.

The exposed files included a trove of severely sensitive information, exposing MDP FM’s employees.

The team urged MPD FM—or anybody else facing the same problem—should immediately revoke public access to the exposed instance and to go back and look for any unauthorized connections in the access logs. Server-side encryption should be used to protect critical items in the Amazon S3 bucket, whoever is in charge of it.

Source: https://securityaffairs.com/149440/security/mpd-fm-data-leak.html

"id": "MPD41511923",
"linkid": "mpdfmofficial",
"type": "Data Leak",
"date": "08/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"