Following up on my blog post concerning a data leak reported by BeyondRecognition.net, I just received an email from AWS stating that they have removed the Enron Email Data Set from their platform, making it unavailable for download and use.
I am delighted to hear this. Of course, this doesn’t stop EDRM from hosting it themselves or uploading it elsewhere, and that’s an issue that still needs to be addressed.
Of note, AWS indicated that they would be contacting John Martin of BeyondRecognition.net. John had reported the leak to them the week before I started squawking about it on this blog, but had gotten no response. In their email to me, AWS wrote that they had “located his email, which unfortunately did not surface to our team. We’ll be investigating further to ensure this doesn’t happen in the future.”
I’m glad they’re investigating that aspect, too, but that is exactly why big firms like AWS should have a link from their home page with a high-priority email address (and ideally, a phone number) that people can use to report data leaks. This breach was not AWS’s fault, but it’s frustrating not being able to reach someone to get a prompt response.
I expect BeyondRecognition.net will have more to say on this incident, and will add a link if/when they update their site. I know that there was a discussion of the whole situation on a mail list, and hopefully, they’ll summarize some of the key points and positions. Law Technology News had reported on some of it last week, providing some historical context on the legal aspects involved in the release of the data set. Frankly, I don’t care what legal or historical context anyone provides – the data set was publicly available and for more than 10 years, has been exposing personally identifiable information, including Social Security numbers. Ten years ago, some of us didn’t accept this when county clerks said they had to publish records with SSN, and I certainly don’t accept a federal agency continuing to publish a data set that puts people at risk of ID theft.