DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Trump’s campaign mute about data security #fail?

Posted on September 14, 2016 by Dissent

It may not be on the level of failing to adequately secure State Department communications, but it seems Donald Trump’s organization could use a refresher course on data security. And when it finishes that, it might want to tackle a course on transparency.

On Sunday night, DataBreaches.net received an email from MacKeeper Security Research Center lead researcher Chris Vickery. In the course of his research, he had discovered that Donald Trump’s organization had a leaky bucket on their Amazon S3 server that was exposing the resumes of those who had applied to the organization for internship positions. Chris was understandably uncertain as to the best route to try to get a message to the campaign so that they could promptly secure the files.

On Monday morning, both Chris and this blogger took to Twitter to tweet to Trump to try to get his attention. Despite a few attempts and retweets from helpful followers, that approach failed to get any response. Nor did tweets to major news outlets trying to get their attention succeed (probably because they had all suddenly realized that yes, maybe Clinton’s health was an issue that they should have been covering).

But thanks to one of my followers on Twitter who sent me a private message, I was able to connect with the director of an insurance company involved with Trump’s organization. Once I explained the situation to him, he immediately called the right people. The bucket was quickly secured after his call. I’d thank him and his firm publicly, but they prefer not to be named publicly.

DataBreaches.net requested a statement from Trump’s organization about the leak, but  has received no response – no explanation of for how long the files had been accessible or who was responsible. Not even a thank-you for taking the time to try to alert them to the problem. To my knowledge, they have not made any public acknowledgement of the data leak nor responded to inquiries from a number of media outlets who were aware of the situation.

Keep in mind that we do not know what else was exposed on that leaky bucket because Chris made an ethical decision that it was more important to get the bucket secured quickly to protect the intern applicants than to continue exploring what else may have been exposed. As Chris explained in a statement shared with this site:

If my initial findings are correct, then any file in that S3 bucket could have been downloaded. All you had to do was guess the file’s path and name. The exposed intern resumes are a good example of sensitive data that can be unintentionally released, but we may never know if there were even more sensitive files exposed as well.

Indeed.

So how do those whose resumes were exposed feel about the leak? Contacted by DataBreaches.net, Yoon Joon So, replied:

I’m pretty disappointed that this happened. The Trump campaign should know about the importance (of) secure emails better than anyone else.

You’d think so, wouldn’t you?

Another applicant, Vinny Meller, told DataBreaches.net:

While I’m not too uncomfortable with the information provided to the Trump campaign being leaked, I’m not very happy about it. The possibility of information I provide being unsecured isn’t something I ever think really think about, because having decent security in place is not difficult in 2016. I’m definitely pretty disappointed in the Trump campaign over it. Even though I am disappointed, I think everybody should always be ready for something like this to happen, and keep that possibility in the back of your mind. I always try to keep information I give out to things like this to a minimum for that reason.

Now that’s a wise young man – maybe too wise for a campaign that didn’t take the security of his information seriously enough to even post anything on their site as to how to escalate communications about a data security concern – and a campaign that hasn’t yet even acknowledged the problem or been transparent about it.

Will the campaign contact those whose information was exposed? I guess we’ll have to wait to see. In the meantime, read Chris’s coverage of this leak on MacKeeper Security Watch.


Related:

  • Missouri Adopts New Data Breach Notice Law
  • Qantas obtains injunction to prevent hacked data’s release
  • Ransomware attack disrupts Korea's largest guarantee insurer
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • Global operation targets NoName057(16) pro-Russian cybercrime network in Operation Eastwood
  • More than 100 British government personnel exposed by Ministry of Defence data leak
Category: Business SectorCommentaries and AnalysesExposureOf NoteU.S.

Post navigation

← Computer Breach Could Have Exposed Trauma Victims to Further Anguish
St. Francis Health System hacked: TheDarkOverlord? (UPDATE) →

2 thoughts on “Trump’s campaign mute about data security #fail?”

  1. Regret says:
    September 14, 2016 at 1:47 pm

    Intelligence agencies around the world must have people actively seeking mud on leading political figures in the U.S., and probably some political opponents do the same. Some leaks are electronic, but they probably also have moles. With your endless examples of people and organizations who should know better, but behave as if they don’t, I’d think both Trump and Clinton would be wise to assume that nothing their team does or says is secret. However, wise doesn’t seem to be in their repertoire.

    1. Dissent says:
      September 14, 2016 at 2:07 pm

      Yeah. By the way, it seems Clinton’s PAC, HillaryPAC, also had a leaky bucket on Amazon S3, also discovered by Chris Vickery. Lorenzo Franceschi-Bicchierai has that story over on Motherboard.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Government will ‘robustly defend’ compensation claims from Afghans put at risk by data breach
  • Authorities released free decryptor for Phobos and 8base ransomware
  • Singapore Facing ‘Serious’ Cyberattack by Espionage Group With Alleged China Ties
  • Missouri Adopts New Data Breach Notice Law
  • Qantas obtains injunction to prevent hacked data’s release
  • Ransomware attack disrupts Korea’s largest guarantee insurer
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • Global operation targets NoName057(16) pro-Russian cybercrime network in Operation Eastwood
  • More than 100 British government personnel exposed by Ministry of Defence data leak
  • New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • 𝐔𝐠𝐚𝐧𝐝𝐚 𝐨𝐫𝐝𝐞𝐫𝐬 𝐆𝐨𝐨𝐠𝐥𝐞 𝐭𝐨 𝐫𝐞𝐠𝐢𝐬𝐭𝐞𝐫 𝐚𝐬 𝐚 𝐝𝐚𝐭𝐚‑𝐜𝐨𝐧𝐭𝐫𝐨𝐥𝐥𝐞𝐫 𝐰𝐢𝐭𝐡𝐢𝐧 𝟑𝟎 𝐝𝐚𝐲𝐬 𝐚𝐟𝐭𝐞𝐫 𝐥𝐚𝐧𝐝𝐦𝐚𝐫𝐤 𝐩𝐫𝐢𝐯𝐚𝐜𝐲 𝐫𝐮𝐥𝐢𝐧𝐠.
  • Meta investors, Zuckerberg reach settlement to end $8 billion trial over Facebook privacy violations
  • ICE is gaining access to trove of Medicaid records, adding new peril for immigrants
  • Microsoft can’t protect French data from US government access
  • Texas Enacts Electronic Health Record Data Localization Law
  • Upstate NY county clerk again refuses to enforce Texas abortion judgment
  • Attorney General James Leads Coalition Urging Congress to Protect Americans from Masked ICE Agents

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report