i think this is pretty important, so i'll TL;DR:<p>"We recently discovered an unsecured Amazon Simple Storage Service (S3) bucket that contains more than 55,000 call recordings between loan support workers and American consumers with outstanding student loans.<p>This open database also contains more than 25,000 PDFs, many of which are scans or photos of proof of income (such as pay receipts or tax returns). Both the proofs of income and call recordings contain the loaners’ social security numbers, among other sensitive personal data.<p>The database seems to belong to members of the Student Advocates Group, which an FTC press release named as a student loan debt relief scheme that “bilked millions out of consumers by charging illegal upfront fees and falsely promising to lower or even eliminate consumers’ loan payments or balances.”<p>Because the bucket contains sensitive data from people across the US, including California residents, the bucket owner may have to pay damages and penalties under the CCPA, since:<p>-The leaked data contains highly personal information (including names plus social security numbers and tax ID numbers,)
-The data is both non-encrypted and non-redacted (all samples in this article have been redacted by CyberNews)
-The leak is “a result of the business’s violation of the duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information.”"