Breach Brief – Alteryx
Alteryx, a California based data analytics company, has compromised the personal information of about 123 million American households. According to UpGuard of Silicon Valley Alteryx posted the information to a publicly available Amazon Web Services cloud-based data repository. The breach exposed sensitive details ranging from demographics like age and gender, to past retail purchases, specific interests, credit worthiness, interests, education, occupation, purchasing behaviors and hobbies. Though the information was considered anonymous it would be easy for a professional criminal or others with the knowledge to link the information with actual names.
According to UpGuard analyst Dan O’Sullivan the data was “left downloadable on the public internet.” O’Sullivan said that the data could have potentially been accessed by any of the more than a million AWS account holders.
O’Sullivan wrote in his blog post, “Exposed within the repository are massive data sets belonging to Alteryx partner Experian, the consumer credit reporting agency, as well as the U.S. Census Bureau. While the Census data consists entirely of publicly accessible statistics and information, Experian’s ConsumerView marketing database, a product sold to other enterprises, contains a mix of public details and more sensitive data,” O’Sullivan explained. “Taken together, the exposed data reveals billions of personally identifying details and data points about virtually every American household.”
Chris Vickery, UpGuard’s director told the Huffington Post, “Databases like this allow bad guys to have that information about large swaths of people,” he said. “So lots of fraud can be committed, even with systems that are designed to be based on personal knowledge.”
Even though some of its data was compromised Experian is saying the issue is strictly in Alteryx’s court. Experian said in statement, “This is an Alteryx issue. Data security has always been, and always will be, our highest priority. As a matter of security best practices, Experian vets all our clients and mandates robust security measures and controls to secure our data.”