Learner driver data exposed in worrying breach – thousands affected
A major Brazilian driving school appears to have exposed the sensitive information of as many as 400,000 individuals after failing to properly secure a cloud database.
Researchers from Cyber news claim to have found an unprotected Google Cloud Storage bucket containing information about Brazilian students’ driver’s licenses – Licença De Aprendizagem De Direção Veicular.
The learner’s permit is a document that the Brazilian government issues to people who are currently taking driving lessons, allowing them to drive a vehicle during lessons. Cyber news says the archive is most likely owned by a driving school from Sao Paulo called Centro de Formação de Condutores Free Alda.
Still available
Most of the exposed data bears a Detran insignia – which stands for State Department of Traffic (Departamento Estadual de Trânsito).
The researchers believe that up to 400,000 individuals have had sensitive data exposed in this way, including full names, photographs, postal addresses, government ID numbers, taxpayer numbers, driver’s license details including date of issue and validity, signatures , IP addresses. and user phone models. This is more than enough to commit all kinds of cybercrime, from identity theft to wire fraud.
The professionals think that the archive is misconfigured or not properly secured. It is impossible to determine how long it remained open, or whether anyone had accessed it before finding it. The Cyber news The team says they made the discovery on June 2 and the school was subsequently contacted by Brazil’s CERT. But until September 19, the archive was still accessible to anyone who knew where to look.
“The exposed data could be misused by malicious actors for identity theft, fraud or other illegal activities. Furthermore, such a breach could undermine public trust in public authorities responsible for managing and protecting sensitive personal information.” Cyber news researchers said.