Airport employees, sensitive records of around 3 TB, were reportedly exposed online from a compromised AWS S3 bucket belonging to Securitas, a Sweden-based company that provides on-site guarding, electronic security solutions, enterprise risk management, and fire & safety services.

According to SafetyDetectives, cybersecurity airport employees primarily across Colombia & Peru were affected in this data breach which also includes over a million other files dated back in 2018. Upon further investigation, the names of four airports came out in exposed files: El Dorado International Airport (COL), Alfonso Bonilla Aragón International Airport (COL), José María Córdova International Airport (COL), and Aeropuerto Internacional Jorge Chávez (PE).

The unsecured AWS bucket, which was found to be misconfigured, contained two main datasets related to Securitas and airport employees that did not require any authentication to access. While, SafetyDetectives team couldn't examine every record in the database, however along with the photographs of ID cards, Personally identifiable information (PII), including names, photos, occupations, & national ID numbers, the compromised S3 Bucket also includes information about airlines, aircraft, fueling lines, & luggage handling were present in those exposed lists of employees' records.

The unstripped .EXIF data was exfiltrated from these photographs providing the time and date the photographs were taken as well as some GPS locations.

"Considering Securitas' strong presence throughout Colombia and the rest of Latin America, companies in other industries, could have been exposed," the security researchers stated above. "It's also probable that various other places that use Securitas' security services are affected."

Additionally, application IDs used for airport activities, including incident reports, were also found in those compromised S3 Buckets pointing the security researchers to the likely owner in the first place.

The cybersecurity researchers reached out to Securitas on October 28, 2021, and followed up on November 2 after receiving no response. Securitas communicated with the SafetyDetectives team and secured the server on the same day and also informed Swedish CERT about the same.