5.5 million files leaked affecting cybersecurity firms, insurance companies, universities and more

The vpnMentor cybersecurity research team, led by Noam Rotem and Ran Locar, have uncovered an unsecured AWS S3 bucket with over 5.5 million files and more than 343GB in size that remains unclaimed.

In this case, after a few days of research, the research team identified the possibility that the data belongs to InMotionNow, and subsequently contacted the company with their findings. Although the unsecured S3 bucket is now closed, no one from the company ever responded to their attempts to reach out, so they are unable to confirm the ownership.

InMotionNow is a project management software company started in 1999 and headquartered near Raleigh, North Carolina. They boast FDA-compliant security standards, aimed at the verticals of their target customers.

Included here is a non-exhaustive list of the companies whose marketing material was found in the unsecured S3 bucket:

Cybersecurity firm ISC2.org had multiple data included in this breach as well.
Insurance company Brotherhood Mutual, which serves primarily religious institutions across the United States.
Universities, such as Kent State in Ohio and Purdue in Indiana, also had a plethora of files and information contained within the S3 bucket.
Potawatomi Hotel & Casino in Milwaukee, Wisconsin.
Consumer electronics company, Zagg (ZAGG), which designs and produces mobile accessories.
Non-profit organization, the Freedom Forum Institute, which fosters U.S. First Amendment freedoms for all.

Organizations affected by a variety of health industry regulations were found. They include, but may not be limited to:

Myriad Genetics (MYGN) – Genetic and disease testing company.
Performance Health – Physical Therapy equipment and supplies provider.

Data Impacted

Analytics reports
Internal presentations, including:
- Company strategy
- Annual revenue amounts
- Current customer count
Training materials
Internal client requests, including:
- Requester name
- Project name and details
Marketing strategies and collateral
Product labels
Business intelligence
Mailing lists with relevant PII

University donor lists, including:

Full names
Personal and work emails
Direct phone numbers
Credentials (degree, school, year)
Amount donated

For more information and detailed findings, please visit https://www.vpnmentor.com/blog/report-multiple-firms-breach/

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.