DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Trump’s campaign mute about data security #fail?

Posted on September 14, 2016 by Dissent

It may not be on the level of failing to adequately secure State Department communications, but it seems Donald Trump’s organization could use a refresher course on data security. And when it finishes that, it might want to tackle a course on transparency.

On Sunday night, DataBreaches.net received an email from MacKeeper Security Research Center lead researcher Chris Vickery. In the course of his research, he had discovered that Donald Trump’s organization had a leaky bucket on their Amazon S3 server that was exposing the resumes of those who had applied to the organization for internship positions. Chris was understandably uncertain as to the best route to try to get a message to the campaign so that they could promptly secure the files.

On Monday morning, both Chris and this blogger took to Twitter to tweet to Trump to try to get his attention. Despite a few attempts and retweets from helpful followers, that approach failed to get any response. Nor did tweets to major news outlets trying to get their attention succeed (probably because they had all suddenly realized that yes, maybe Clinton’s health was an issue that they should have been covering).

But thanks to one of my followers on Twitter who sent me a private message, I was able to connect with the director of an insurance company involved with Trump’s organization. Once I explained the situation to him, he immediately called the right people. The bucket was quickly secured after his call. I’d thank him and his firm publicly, but they prefer not to be named publicly.

DataBreaches.net requested a statement from Trump’s organization about the leak, but  has received no response – no explanation of for how long the files had been accessible or who was responsible. Not even a thank-you for taking the time to try to alert them to the problem. To my knowledge, they have not made any public acknowledgement of the data leak nor responded to inquiries from a number of media outlets who were aware of the situation.

Keep in mind that we do not know what else was exposed on that leaky bucket because Chris made an ethical decision that it was more important to get the bucket secured quickly to protect the intern applicants than to continue exploring what else may have been exposed. As Chris explained in a statement shared with this site:

If my initial findings are correct, then any file in that S3 bucket could have been downloaded. All you had to do was guess the file’s path and name. The exposed intern resumes are a good example of sensitive data that can be unintentionally released, but we may never know if there were even more sensitive files exposed as well.

Indeed.

So how do those whose resumes were exposed feel about the leak? Contacted by DataBreaches.net, Yoon Joon So, replied:

I’m pretty disappointed that this happened. The Trump campaign should know about the importance (of) secure emails better than anyone else.

You’d think so, wouldn’t you?

Another applicant, Vinny Meller, told DataBreaches.net:

While I’m not too uncomfortable with the information provided to the Trump campaign being leaked, I’m not very happy about it. The possibility of information I provide being unsecured isn’t something I ever think really think about, because having decent security in place is not difficult in 2016. I’m definitely pretty disappointed in the Trump campaign over it. Even though I am disappointed, I think everybody should always be ready for something like this to happen, and keep that possibility in the back of your mind. I always try to keep information I give out to things like this to a minimum for that reason.

Now that’s a wise young man – maybe too wise for a campaign that didn’t take the security of his information seriously enough to even post anything on their site as to how to escalate communications about a data security concern – and a campaign that hasn’t yet even acknowledged the problem or been transparent about it.

Will the campaign contact those whose information was exposed? I guess we’ll have to wait to see. In the meantime, read Chris’s coverage of this leak on MacKeeper Security Watch.

Category: Business SectorCommentaries and AnalysesExposureOf NoteU.S.

Post navigation

← Computer Breach Could Have Exposed Trauma Victims to Further Anguish
St. Francis Health System hacked: TheDarkOverlord? (UPDATE) →

2 thoughts on “Trump’s campaign mute about data security #fail?”

  1. Regret says:
    September 14, 2016 at 1:47 pm

    Intelligence agencies around the world must have people actively seeking mud on leading political figures in the U.S., and probably some political opponents do the same. Some leaks are electronic, but they probably also have moles. With your endless examples of people and organizations who should know better, but behave as if they don’t, I’d think both Trump and Clinton would be wise to assume that nothing their team does or says is secret. However, wise doesn’t seem to be in their repertoire.

    1. Dissent says:
      September 14, 2016 at 2:07 pm

      Yeah. By the way, it seems Clinton’s PAC, HillaryPAC, also had a leaky bucket on Amazon S3, also discovered by Chris Vickery. Lorenzo Franceschi-Bicchierai has that story over on Motherboard.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Masimo Manufacturing Facilities Hit by Cyberattack
  • Education giant Pearson hit by cyberattack exposing customer data
  • Star Health hacker claims sending bullets, threats to top executives: Reports
  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked
  • UK: Legal Aid Agency hit by cyber security incident
  • Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
  • PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
  • Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The App Store Freedom Act Compromises User Privacy To Punish Big Tech
  • Florida bill requiring encryption backdoors for social media accounts has failed
  • Apple Siri Eavesdropping Payout Deadline Confirmed—How To Make A Claim
  • Privacy matters to Canadians – Privacy Commissioner of Canada marks Privacy Awareness Week with release of latest survey results
  • Missouri Clinic Must Give State AG Minor Trans Care Information
  • Georgia hospital defeats data-tracking lawsuit
  • No Postal Service Data Sharing to Deport Immigrants

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.