The World Baseball Softball Confederation (WBSC) exposed approximately 50,000 files, some of which were extremely sensitive, by leaving a data repository online.
The inquiry revealed that the compromised information belonged to the WBSC, which oversees baseball, softball, and other sports internationally.
Concerningly, copies of 4,600 different national passports were among the items in the incorrectly configured AWS bucket, which the WBSC shut down after being alerted by the team.
Cybercriminals may use passports to mimic victims and steal their identities since they contain a lot of personal information, such as complete names, dates of birth, and passport numbers.
TPRM report: https://scoringcyber.rankiteo.com/company/wbsc
"id": "wbs01621023",
"linkid": "wbsc",
"type": "Data Leak",
"date": "09/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Sports',
'name': 'World Baseball Softball Confederation (WBSC)',
'type': 'Organization'}],
'attack_vector': 'Misconfigured AWS Bucket',
'data_breach': {'number_of_records_exposed': 50000,
'personally_identifiable_information': ['Full Names',
'Dates of Birth',
'Passport Numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Passport Information',
'Other Sensitive Files']},
'description': 'The World Baseball Softball Confederation (WBSC) exposed '
'approximately 50,000 files, some of which were extremely '
'sensitive, by leaving a data repository online. The '
'compromised information included copies of 4,600 different '
'national passports in an incorrectly configured AWS bucket.',
'impact': {'data_compromised': ['Passport Information',
'Other Sensitive Files'],
'identity_theft_risk': 'High',
'systems_affected': ['AWS Bucket']},
'post_incident_analysis': {'root_causes': 'Misconfigured AWS Bucket'},
'references': [{'source': 'Cyber Incident Description'}],
'response': {'containment_measures': 'Shut down the AWS bucket'},
'title': 'WBSC Data Exposure Incident',
'type': 'Data Exposure',
'vulnerability_exploited': 'Incorrectly Configured AWS Bucket'}