‘2.3 billion data files leaked online since GDPR import’.

‘2.3 billion data files leaked online since GDPR import’.

According to security company Digital Shadows, no less than 2.3 billion data files have been leaked since the introduction of the European privacy law GDPR. The files include login details for business IT systems, customer passport details, bank details and medical information.

As a result, the number of leaked files has increased by more than 50 percent in a year, writes Computer Weekly. And that while customers all over the world now have more power than ever to respond to companies that don’t protect their personal data.

Digital Shadows also looked at how many files were leaked per country. In the United Kingdom there were 98 million, in Germany 121 million and in the United States 326 million. However, there is good news for the Netherlands and Luxembourg: since the GDPR came into force, the number of data leaks has decreased in both countries.

In the Netherlands the number decreased by 8 percent, in Luxembourg it was 28 percent. In Luxembourg, however, the new laws were not implemented until 20 November.

Types of leaks

About half of the leaks were via the server message block (SMB) protocol, according to the security company. But other technologies were also misconfigured, which caused problems. For example, 20 percent of the leaks were due to FTP services, 16 percent to rsync sites, 8 percent to Amazon S3 cloud storage buckets and 3 percent to NAS devices.

Furthermore, companies appear to be vulnerable to ransomware attacks because they do not take adequate steps to protect data. 17 million of the leaked files are already encrypted by ransomware, according to the researchers. 11 percent of them were encrypted by NamPoHyu-ransomware, also known as MegaLocker. And that was only in the first two weeks after the ransomware was discovered in April 2019.

Amazon S3

However, the researchers did see a significant decrease in data leakage via Amazon S3 buckets. In November 2018, Amazon introduced its S3 Block Public Access, which provides more comprehensive security controls for Amazon’s services. Since the introduction of these features, the number of leaked S3 buckets has dropped from over 16 million to just 1,895.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.