National Credit Federation

The National Credit Federation (NCF) inadvertently exposed over 100 gigabytes of information, potentially impacting tens of thousands of customers. Sensitive financial and personal data such as credit card and bank account numbers, scanned copies of Social Security cards, and credit reports from the three major credit bureaus were publically accessible through an unsecured Amazon Web Services S3 storage bucket. In November of this year, the NJCCIC released an alert warning members about the risks associated with misconfigured Amazon S3 buckets. We recommend that administrators of Amazon S3 storage buckets review our previous NJCCIC Cyber Alert, audit their security settings, and implement the mitigation strategies provided as soon as possible. Customers of the NCF should closely monitor their financial banking statements and consider placing a security freeze with the major credit bureaus.