Data on 123 million U.S. households exposed

On Dec. 20, 2017, researchers at cybersecurity firm UpGuard Inc. confirmed that a cloud-based data repository containing data managed by California data analytics firm Alteryx Inc., was temporarily left online publicly exposing sensitive personal information on 123 million U.S. households. UpGuard first discovered the leak on Oct. 6, 2017.

According to UpGuard, exposed within the repository were data sets belonging to Alteryx partners credit bureau Experian and the U.S. Census Bureau. Publicly accessible data from the 2010 U.S. Census and data from Experian Information Solutions Inc.'s ConsumerView marketing database, which is sold to other enterprises, were available for download to Amazon Web Services authenticated users, UpGuard noted.

While no individual names were released, all combined the exposed data revealed billions of personally identifying details and data points about virtually every American household, from home address and contact information to mortgage ownership and financial histories to purchasing behavior, UpGuard wrote online regarding the incident.

Growing systemic problem

Other high-profile data incidents in recent months point to a systemic problem across multiple organizations charged with managing vast repositories of personal data.

"The continuing concentration of data by a number of large enterprises, now wielding powerful technology of the sort provided by Alteryx, has not been accompanied by greater prudence and process improvement necessary to ensure that the data will remain securely stored," wrote Dan O'Sullivan, a Cyber Resilience Analyst at UpGuard in a breach analysis blog. In the world of data, one mistake can have severe consequences. "This incident reveals just how thoroughly third-party vendor risk is corroding the integrity of any public and private function relying upon information technology," wrote O'Sullivan, adding that it is an enormous problem facing IT professionals and organizations today.

An Alteryx spokesperson told Forbes that it fixed the breach and denied that the information exposed posed any risk of identity theft. An Experian spokesperson stated that it was an Alteryx issue and "does not involve any Experian systems."

Editor's Note:

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.