A misconfigured Amazon S3 bucket belonging to New Zealand-based LPM Property Management exposed over 31,000 sensitive documents, including passports, drivers licenses, and ID verification photos tied to tenants, landlords, and maintenance records, reports Cybernews.
Security researcher Jake Dixon of Vadix Solutions discovered the breach and alerted both LPM and CyberNews, but repeated attempts to reach the company went unanswered. It wasnt until Amazon Web Services was contacted that the exposed data was secured, more than a month later. The leak may have left personally identifiable information vulnerable to identity theft, phishing, and dark web exploitation, with estimates valuing the cache at over $600,000. According to CERT NZs Declan Ingram, such exposure highlights the critical need for businesses to isolate sensitive systems, limit access, and adopt network segmentation practices. While AWS acted to close the breach, LPM has not responded to inquiries. Experts warn affected individuals to monitor for fraud and take defensive cybersecurity steps.
Security researcher Jake Dixon of Vadix Solutions discovered the breach and alerted both LPM and CyberNews, but repeated attempts to reach the company went unanswered. It wasnt until Amazon Web Services was contacted that the exposed data was secured, more than a month later. The leak may have left personally identifiable information vulnerable to identity theft, phishing, and dark web exploitation, with estimates valuing the cache at over $600,000. According to CERT NZs Declan Ingram, such exposure highlights the critical need for businesses to isolate sensitive systems, limit access, and adopt network segmentation practices. While AWS acted to close the breach, LPM has not responded to inquiries. Experts warn affected individuals to monitor for fraud and take defensive cybersecurity steps.
