Report: Nearly every American household affected by massive data breach

By Ray Downs and Allen Cone  |  Updated Dec. 23, 2017 at 12:08 PM
share with facebook
share with twitter

Dec. 20 (UPI) -- Alteryx, a data analytics company, confirmed it publicly exposed sensitive personal information for 123 million U.S. households.

Security researchers with the UpGuard Cyber Risk Team posted on a blog Tuesday that the cloud-based data repository was left online by Alteryx, a data analytics firm based in Irvine, Calif. The breach of virtually every American household included massive data sets belonging to Experian, a credit reporting agency.

Anyone with an account on Amazon Web Services could access the database, which included street addresses, demographics, finances for families, information pertaining to house and auto ownership, Upguard reported.

"Simply put, one dummy sign-up for an AWS account, using a freshly created email address, is all that was necessary to gain access to this bucket's contents," the researchers, led by the company's director, Chris Vickery, wrote.

One day after the report, Alteryx confirmed the breach but said the data did not contain "names, credit card numbers, Social Security numbers, bank account information or passwords. It also did not say whether any unauthorized access occurred but

"When we discovered this issue, we removed the file from AWS and also added a layer of additional security to the AWS bucket where the file was stored," Dean Stoecker, CEO and chairman of Alteryx, said in a statement. "We will maintain a similar level of enhanced security for any dataset that we offer to our customers going forward."

Upguard wrote: "The data exposed in this bucket would be invaluable for unscrupulous marketers, spammers and identity thieves."

"I do not understand how anyone could possibly claim there is no risk posed here," Vickery told Forbes. "Addresses, phone numbers, banking, ethnicity, etc. is all present. There is a great deal of harm that could be done with this information."

Alteryx, which incorporates Experian and other data, such as public information from the U.S. Census Bureau, to its own marketing product, "Alteryx Designer w/ Data," for about $39,000 per license.

"This dataset is commercially available from Experian and provides some location information, contact information and other estimated information that is used for marketing purposes," Stoecker wrote.

Alteryx, headquartered in Irvine, Calif., wrote on its website: "For over 10 years, Alteryx has been the sole provider of software and analytic content used by the U.S. Census Bureau. Including more than 3,000 population characteristics, such as racial and ethnic information as well as family, household, and housing unit details, the Alteryx Strategic Analytics core platform enables you to customize how you track and integrate the changing dynamics of the American household to make better strategic decisions."

Although the census data is anonymous, Vickery told Forbes: "If you cross-reference it with a voter registration database, or if you have records from an advertiser on the Web, like a big web advertiser, you piece these things together and you've got a very accurate view of who someone is: what they like doing, where they work, where they live, how many kids they have."

Experian told Forbes "this is an Alteryx issue, and does not involve any Experian systems." This is unlike the massive data breach that involved direct exposure to data with rival Equifax discovered on July 29.

Related UPI Stories
Trending Stories