Researchers from Cybernews stumbled upon two misconfigured Google Cloud Storage buckets that were publicly exposed, containing a total of over 1.1 million files. Among the sensitive data were hundreds of passports, government-issued IDs, and drivers’ licenses belonging to participants of the FIA World Endurance Championship (FIA WEC).
FIA WEC, introduced in 2012, is a prestigious motorsport championship featuring eight endurance races worldwide, including the iconic 24 hours at Le Mans. The leaked documents belonged to elite racers, some of whom have won various stages of the competition. However, their identities were not disclosed to protect their privacy.
The exposed storage buckets were associated with the fiawec.com website, managed by Le Mans Endurance management. While the exposed datasets were secured at the time of discovery, the incident raised concerns about the potential unauthorized access and misuse of sensitive personal data. The exposure of such data is a violation of the General Data Protection Regulation (GDPR), which mandates organizations to protect personal information and report data breaches. Cybernews reached out to both the company and the local data protection authority (CNIL in France) for official comments.
However, CNIL stated that it had not received any complaints or reports related to the data leak, and the company’s response was still pending. The discovery of the FIA WEC data leak highlights the importance of properly securing and managing cloud storage to prevent unauthorized access to sensitive information. It also underscores the need for organizations to comply with data protection regulations to safeguard individuals’ personal data.
While the exposed datasets have been secured, the incident serves as a reminder for businesses and entities to implement robust security measures to protect against potential data breaches and cyber threats that could compromise the privacy and security of their users and customers.