Major UK Security Provider Leaks Trove of Guard and Suspect Data

Over 1.2 million records were exposed in a major data breach at UK security firm Amberstone. Learn the potential impact, what to do if affected, and how to stay secure.

Amberstone Security LTD., a prominent security provider in the United Kingdom linked to the Argenbright Group has suffered a major cybersecurity incident in which a misconfigured cloud database was found exposing 1.2 million documents with sensitive information.

The database, which spanned 245.3 GB, contained 1,274,086 documents, including PII, images of security guards, security credentials, incident reports, and names of theft suspects.

According to cybersecurity Jeremiah Fowler who discovered the database, found 4,492 profile pictures of security personnel, 99,151 images of alleged suspects, and a folder containing around 100,000 images labelled “guard pics” from 2017 to 2024 showing security personnel checking in for shifts and guard identification cards. 

In addition, the misconfigured database stored a list of customers and businesses using Amberstone Security’s services from various industries, including retail, distribution, leisure, events, hospitality, corporate, finance, healthcare, education, government, agriculture, ports, and residential security.

Fowler also found development files for an application called Guarded On Duty, developed by ATWRK LTD. On Google and Apple app stores its privacy policy is linked to Amberstone Security. The app allows security guards to log in and upload badge images to verify their scheduled shifts at specific job locations.

The app’s security practices summary indicates that it neither encrypts data nor transfers it over a secure connection, indicating potential data risk and a lack of fundamental security safeguards.

Major UK Security Provider Leaks Trove of Guard and Suspect Data
Screenshot from the leaked data (Credit: Website Planet/Jeremiah Fowler)

Nevertheless, Fowler sent a responsible disclosure notice to Amberstone Security after which the company promptly restricted public access to the database, revealing that it was managed by a third-party contractor.

The duration of the data exposure and potential access by others remain unknown. The database contained APK files, which could pose security risks if malicious actors gain access to the source files. These files may contain sensitive user data like login credentials or cybercriminals can alter them to inject malware, infiltrate the device and compromise other applications.

Organizations should remain alert to secure their source files from public access, as unauthorized use could have far-reaching consequences.

  1. Dark web market selling access to airport’s security system
  2. 900 U.S. Schools Hit by MOVEit Hack, Exposing Student Data
  3. Hackers Attack UK’s Nuclear Waste Services Through LinkedIn
  4. Conti ransomware gang demanded $40m from US school district
  5. Tycoon and Storm-1575 Linked to Phishing Attacks on US Schools
Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts