Alteryx

On October 6, 2017, UpGuard Director of Cyber Risk Research Chris Vickery discovered a misconfigured Amazon Web Services S3 cloud storage bucket containing sensitive personal information for 123 million American households from Alteryx, a California-based data analytics firm. This bucket was configured to allow any AWS authenticated user to access and download its contents. The data exposed in the repository belongs to Alteryx partner Experian, the consumer credit reporting agency, as well as the US Census Bureau, providing data from both Experian and the 2010 US Census. The data exposed reveals home addresses and contact information, mortgage ownership and financial histories, and analysis of purchasing behavior. In November of this year, the NJCCIC released an alert warning members about the risks associated with misconfigured Amazon S3 buckets. We recommend that administrators of Amazon S3 storage buckets review our previous NJCCIC Cyber Alertaudit their security settings, and implement the mitigation strategies provided as soon as possible. Residents should closely monitor their financial banking statements and consider placing a security freeze on their credit files by contacting the three major credit bureaus.