www.theregister.com
Open in
urlscan Pro
104.18.4.22
Public Scan
URL:
https://www.theregister.com/2023/06/12/lantum_s3_bucket_leak/
Submission: On June 18 via api from US — Scanned from DE
Submission: On June 18 via api from US — Scanned from DE
Form analysis 2 forms found in the DOM
POST /CBW/custom
<form id="RegCTBWFAC" action="/CBW/custom" class="show_regcf_custom" method="POST">
<h5>Manage Cookie Preferences</h5>
<ul>
<li>
<label>
<input type="checkbox" disabled="disabled" checked="checked" name="necessary" value="necessary">
<strong>Necessary</strong>. <strong>Always active</strong>
</label>
<label for="accordion_necessary" class="accordion_toggler">Read more<img width="7" height="10" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/arrow_down_grey.svg" class="accordion_arrow"></label>
<div class="accordion">
<input type="checkbox" id="accordion_necessary">
<p class="accordion_info"> These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect. </p>
</div>
</li>
<li>
<label>
<input type="checkbox" name="tailored_ads" value="tailored_ads">
<strong>Tailored Advertising</strong>. </label>
<label for="accordion_advertising_tailored_ads" class="accordion_toggler">Read more<img width="7" height="10" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/arrow_down_grey.svg"
class="accordion_arrow"></label>
<div class="accordion">
<input type="checkbox" id="accordion_advertising_tailored_ads">
<p class="accordion_info"> These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers,
and in some cases selecting advertisements that are based on your interests. </p>
</div>
</li>
<li>
<label>
<input type="checkbox" name="analytics" value="analytics">
<strong>Analytics</strong>. </label>
<label for="accordion_analytics" class="accordion_toggler">Read more<img width="7" height="10" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/arrow_down_grey.svg" class="accordion_arrow"></label>
<div class="accordion">
<input type="checkbox" id="accordion_analytics">
<p class="accordion_info"> These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our
sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance. </p>
</div>
</li>
</ul> See also our <a href="https://www.theregister.com/Profile/cookies/">Cookie policy</a> and <a href="https://www.theregister.com/Profile/privacy/">Privacy policy</a>. <input type="submit" value="Accept Selected" class="reg_btn_primary"
name="accept" id="RegCTBWFBAC">
</form>POST /CBW/all
<form id="RegCTBWFAA" action="/CBW/all" method="POST" class="hide_regcf_custom">
<input type="submit" value="Accept All Cookies" name="accept" class="reg_btn_primary" id="RegCTBWFBAA">
</form>Text Content
Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”. REVIEW AND MANAGE YOUR CONSENT Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer. MANAGE COOKIE PREFERENCES * Necessary. Always active Read more These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect. * Tailored Advertising. Read more These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests. * Analytics. Read more These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance. See also our Cookie policy and Privacy policy. Customize Settings Sign in / up TOPICS Security SECURITY All SecurityCyber-crimePatchesResearchCSO (X) Off-Prem OFF-PREM All Off-PremEdge + IoTChannelPaaS + IaaSSaaS (X) On-Prem ON-PREM All On-PremSystemsStorageNetworksHPCPersonal Tech (X) Software SOFTWARE All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization (X) Offbeat OFFBEAT All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us (X) Special Features SPECIAL FEATURES Spotlight on Databases Defense Tech Week Energy Efficient Datacenters Spotlight on RSA Emerging Clean Energy Tech Week The Reg in Space VENDOR VOICE Vendor Voice VENDOR VOICE All Vendor VoiceAmazon Web Services (AWS) Business TransformationDDNGoogle Cloud for StartupsIntel vPro (X) Resources RESOURCES Whitepapers Webinars Newsletters CYBER-CRIME 12 LANTUM S3 BUCKET LEAK IS PRESCRIPTION FOR CHAOS FOR THOUSANDS OF UK DOCTORS 12 FREELANCE AGENCY EXPOSED PERSONAL DETAILS THAT WOULD BE HIGHLY VALUABLE IN THE WRONG HANDS Lindsay Clark Mon 12 Jun 2023 // 12:34 UTC Updated A UK agency for freelance doctors has potentially exposed personal details relating to 3,200 individuals via unsecured S3 buckets, which one expert said could be used to launch ID theft attacks or blackmail. Lantum, an online locum doctor agency, had left the storage accessible on its old backend system, Network Locum, according to researchers. Cybernews discovered the Amazon AWS S3 bucket, potentially exposing 98,000 files relating to thousands of individuals. The security analysis company monitors various cloud blob storage to understand the potential for misconfiguration. In the process, it discovered the Lantum S3 bucket, which was accessible and indexed on some IoT search engines. The analysts said any malicious actor could have found the repository of personal data relating to the 2014-2016 period. "We then tried to contact Lantum multiple times with no response. We have asked for NCSC help and were advised to report it to NHS too. However, after multiple attempts, we received no response," the researchers said. The bucket was closed almost immediately after the publication. Files contain personal information of general practitioners using its services, including passport details, national insurance numbers, resumes, medical documents, professional certificates, payroll details and invoices. Lantum told Cybernews it complied with security standard ISO27001 and had been audited. ISO27001 covers controls that guide data storage. The Register has offered Lantum the opportunity to comment. According to a statement given to doctors' news site Pulse, a spokesperson for Lantum said: "While this data may have been accessible to unauthorised individuals, there is currently no indication that data has been accessed and no reason to suspect that this is the case. "We are, however, treating this matter as a potential data breach and will continue to liaise with any individuals who may be affected should more information be revealed by our investigations." But one doctor with tech expertise was not reassured. * Another security calamity for Capita: An unsecured AWS bucket * T-Mobile US suffers second data theft within months * McGraw Hill's S3 buckets exposed 100,000 students' grades and personal info * AWS strains to make Simple Storage Service not so simple to screw up Dr Marcus Baw, immediate past chair of Royal College of GPs Health Informatics Group, said the accessible information was personally sensitive and could leave affected doctors exposed. "Those are the kinds of details you would pick if you wanted to be in a very strong position to create a fake identity," he said. As well as ID theft, there was a danger of blackmail as the records include details of complaints related to regulatory body the General Medical Council, many of which may be unproven or vexatious. Baw warned it might take years for the details to resurface in the form of ID theft campaigns after the details have been traded on the dark web. He said Lantum should be able to analyze downloads from the S3 buckets in question to asses if there had been any unusual activity, and notify the doctors affected. "They need to admit it. They need to contact every doctor that has ever registered with them and say they are at risk and describe the magnitude of the risk. They could offer to pay underwriting companies to protect those affected against identity theft," Baw said. Formerly known as Network Locum, Lantum rebranded in 2017. In 2022, Lantum announced it received $15 million in funding from Finch Capital, Piton Capitol, Samos, and Cedar-Sinai Hospital. ® UPDATED TO ADD ON JUNE 14 A Lantum spokesperson has been in touch to tell us: "We have been alerted to the existence of a potential vulnerability relating to historic data held on an old website 'Network Locum' that has been out of use since 2016. We were able to take action to ensure that the data was fully secured and made inaccessible. "The data includes detailed personal information about healthcare professionals that have used our services in the past, and we have advised those potentially affected to take precautions to protect their identity." They added that there was no indication the data had been accessed, but said: "We are, however, treating this matter as a potential data breach and will continue to liaise with any individuals who may be affected should more information be revealed by our investigations. "The data in question relates to documents uploaded between 2014 and 11th September 2016. "This data was stored on an old version of the Lantum platform 'Network Locum' that is no longer live, which Lantum migrated away from as part of an upgrade in September 2016. "We would stress that since 2016, we have been operating on a completely different and highly secure platform, which conforms to the latest UK government approved and international security standards and undergoes regular testing." The biz added it had informed the UK's privacy watchdog, the ICO; and brought in specialist privacy and cyber consultants. Perl Developer? The Register needs you Share SIMILAR TOPICS * Amazon * AWS * Healthcare More like these × SIMILAR TOPICS * Amazon * AWS * Healthcare * NHS * S3 NARROWER TOPICS * AWS Graviton * Ebook * EC2 * GPDPR * Kindle * Pfizer BROADER TOPICS * Cloud Computing * Government of the United Kingdom * Jeff Bezos SIMILAR TOPICS Share 12 COMMENTS SIMILAR TOPICS * Amazon * AWS * Healthcare More like these × SIMILAR TOPICS * Amazon * AWS * Healthcare * NHS * S3 NARROWER TOPICS * AWS Graviton * Ebook * EC2 * GPDPR * Kindle * Pfizer BROADER TOPICS * Cloud Computing * Government of the United Kingdom * Jeff Bezos TIP US OFF Send us news -------------------------------------------------------------------------------- OTHER STORIES YOU MIGHT LIKE AMAZON CONFIRMS IT LOCKED MICROSOFT ENGINEER OUT OF HIS ECHO GEAR OVER FALSE CLAIM Racist tirade at delivery driver never actually happened Personal Tech3 days | 229 DOD NETWORKS AMAZON'S OFF-GRID DCS USING SES'S NEW MEO SATS TLA WTF IMO The Reg in Space6 days | AMAZON ISN’T SOLD ON AMD’S TINY ZEN 4C CORES IN MANYCORE BERGAMO PROCESSORS Or Ampere's Arm cores for that matter PaaS + IaaS4 days | 1 BRINGING SECURITY TO ACCOUNT: WHY IDENTITY MUST BE UNIFIED As identity management becomes the new security perimeter, cyber risk underwriters want to see resilient IAM control ID sprawl Sponsored Feature AWS TEASES MYSTERIOUS MIL-SPEC 'SNOWBLADE' SERVER Hybrid cloud hardware capable of running 208 vCPUs and a handful of cloud services while living on the edge On-Prem11 days | 11 AWS EXPERIMENT WITH LAMBDA IN CLOUDLESS CONFIGURATION FAILS TO IMPRESS Service took a long nap in the notorious EAST-1 region Off-Prem4 days | 8 INDIVIDUAL DATA PLATFORMS FOR ALL HEALTH PROVIDERS UNDER CONTROVERSIAL NHS PLANS Procurement under threat of legal action imagines trusts will tailor systems for their own use cases PaaS + IaaS18 days | 11 ORACLE CERNER BLEEDS JOBS AS VETERANS AFFAIRS PROJECT STALLS Health acquisition freezes recruitment after $10 billion contract put on hold Databases2 days | 7 HEALTHCARE ORG WITH OVER 100 CLINICS USES OPENAI'S GPT-4 TO WRITE MEDICAL RECORDS The doctor, and their steno-bot, will see you now. Then see another patient quickly because they don't have to stop and scrawl notes AI + ML12 days | 38 HAS AMAZON FOUND THE ULTIMATE LOCK-IN? CHEAP CELLPHONE SERVICE FOR PRIME Updated Web giant downplays rumors of deals with carriers Networks16 days | 19 AMAZON FINDS SOMETHING ELSE AI CAN SUPPOSEDLY DO WELL: SPOTTING DAMAGED GOODS Any chance of an ML model to identify labor law violations? No? Surprise AI + ML17 days | 20 AMAZON RING, ALEXA ACCUSED OF EVERY NIGHTMARE IOT SECURITY FAIL YOU CAN IMAGINE Staff able to watch customers in the bathroom? Tick! Obviously shabby infosec? Tick! Training AI as an excuse for data retention? Tick! Security17 days | 91 The Register Biting the hand that feeds IT ABOUT US * Contact us * Advertise with us * Who we are OUR WEBSITES * The Next Platform * DevClass * Blocks and Files YOUR PRIVACY * Cookies Policy * Your Consent Options * Privacy Policy * T's & C's Copyright. All rights reserved © 1998–2023