Le Mans Endurance Management, the company that operates the FIA World Endurance Championship‘s website, has leaked the personal data of hundreds of drivers by leaving their IDs and drivers’ licenses publicly accessible on Google Cloud Storage, according to a report by Cybernews.
How the data breach happened
The Cybernews research team discovered two misconfigured Google Cloud Storage buckets on June 16th, containing over 1.1 million files. Among them were hundreds of passports, government-issued IDs, and drivers’ licenses belonging to FIA World Endurance Championship (FIA WEC) drivers.
The FIA WEC is a global racing competition that features eight endurance races across the world, including its flagship event – the 24 Hours of Le Mans. Hundreds of drivers and top car brands, such as Cadillac, Ferrari, and Porsche, participate in the prestigious race, which has three stages left to finish this year.
What are the risks for the affected drivers
The exposed data could pose serious risks for the affected drivers, as malicious actors could use it for identity theft, fraud, phishing, or even physical harm. The drivers’ personal information could also be sold on the dark web or used for blackmail or extortion.
The data breach also raises questions about the security practices of Le Mans Endurance Management and its compliance with data protection regulations, such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). The company could face legal action and hefty fines if it failed to protect the drivers’ data adequately and notify them of the incident promptly.
Suggestions for Le Mans Endurance Management
- The incident should be thoroughly investigated to trace the origin of the leak.
- All systems or procedures that allowed the incident to happen should be evaluated and improved.
- The bucket and its contents should be protected from public access.
- The access logs should be reviewed to check if data was compromised.
- Drivers whose data was exposed should be notified in case of data breach and guided on how to protect their identity.
- The company should enhance its security measures to avoid future leaks.
Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Facebook: Eagle Tech Corp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp