IAG-backed UpGuard alerts of major US security breach

Firm uncovered sensitive US government information on an unsecured Amazon server

IAG-backed UpGuard alerts of major US security breach

Insurance News

By Mina Martin

An IAG-backed cybersecurity firm has uncovered a major US security breach.

The breach involved the US Department of Defence (DoD) and Booz Allen Hamilton, a consulting giant which has an US$86 million contract with the National Geospatial-Intelligence Agency (NGA), an agency under the DoD.

According to tech website Gizmodo, a cyber security analyst with UpGuard uncovered sensitive US government information from Booz Allen Hamilton on an unsecured Amazon server – a leak which it immediately reported to the consulting giant, The Australian reported.

“In short, information that would ordinarily require a top-secret level security clearance from the DoD was accessible to anyone looking in the right place; no hacking was required to gain credentials needed for potentially accessing materials of a high classification level,’’ UpGuard said.

The information was secured within 10 minutes of the report, and, according to a spokesman for the agency which confirmed the leak to Gizmodo, no classified information was disclosed.

“NGA takes the potential disclosure of sensitive but unclassified information seriously and immediately revoked the affected credentials,” the spokesman said.

He also clarified that the Amazon server from which the data was leaked was “not directly connected to classified networks.”

The consulting giant said it had begun investigating the accessibility of certain security keys in a cloud environment.

“We secured those keys, and are continuing with a detailed forensic investigation. As of now, we have found no evidence that any classified information has been compromised as a result of this matter,’’ a spokesman told Gizmodo.

The Silicon Valley cybersecurity firm UpGuard recently opened its Sydney office, and was last year backed by insurance giant IAG in its US$17 million fundraising.


Related stories:
Customer data is being sold over the ‘dark net,’ says IAG boss
IAG backs UpGuard in US$17 million fundraising

Keep up with the latest news and events

Join our mailing list, it’s free!