Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

San Francisco’s transport agency exposes drivers’ parking permits and addresses

A misconfiguration in the Metropolitan Transportation Commission (MTC) systems caused a leak of over 26K files, exposing clients’ parking permits and home addresses. The MTC is a governmental agency responsible for regional transportation planning and financing in the San Francisco Bay Area. The latest research by Cybernews shows that the agency left public access to […]

Metropolitan Transportation Commission

A misconfiguration in the Metropolitan Transportation Commission (MTC) systems caused a leak of over 26K files, exposing clients’ parking permits and home addresses.

The MTC is a governmental agency responsible for regional transportation planning and financing in the San Francisco Bay Area.

The latest research by Cybernews shows that the agency left public access to Amazon Web Services (AWS) buckets storing over 26,000 files.

Leaked files included PDF files with Bay Area Rapid Transit (BART) carpool parking permits sent out by the agency. The permits were obtained through the 511.org website, an online platform providing transportation information in the Bay Area.

Thousands of leaked permits exposed the users’ full names and home addresses. Our researchers found that the letters are dated between 2016 and 2021.

The researchers contacted MTC, and public access to the data was closed. Cybernews reached out to MTC for an official comment but has yet to hear back from them.

While the leaked parking permits are no longer valid, malicious actors could use the exposed data for identity theft and to craft spear phishing attacks.

MTC data
Screenshot of a leaked permit. Image by Cybernews

If you want to know how MTC can mitigate the potential risks take a look at the original post:

https://cybernews.com/security/san-francisco-mtc-bart-data-leak/

Updated on October 27 [01:15 PM GMT]. The original version of the article incorrectly stated that a misconfiguration in the Metropolitan Transportation Commission (MTC) systems caused a leak of clients‘ vehicle plate numbers. In actuality, among other data, vehicle permit numbers and not vehicle registration numbers were exposed. The headline and the remaining paragraphs were updated to reflect the correct data.

About the author: Paulina Okunytė, Journalist at Cybernews

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Metropolitan Transportation Commission )