On December 1, 2017, a researcher found a misconfigured AWS S3 bucket exposing personal information, including Social Security numbers, dates of birth, driver’s license numbers, and employer and salary information of Rhodes Auto Sales customers. Rhodes Auto Sales is located in Longview, TX. The exposed bucket was an inactive database containing automobile loan financing applications completed in 2013. The Texas Attorney General’s office was notified, according to databreaches.net, and the AWS S3 bucked has been secured. The NJCCIC recommends administrators of Amazon S3 storage buckets review our previous NJCCIC Cyber Alert on the risks associated with misconfigured S3 buckets, audit their security settings, and implement the mitigation strategies provided as soon as possible. Customers of Rhodes Auto Sales whose information may have been exposed should closely monitor their financial banking statements and consider placing a security freeze on their credit files by contacting the three major credit bureaus.