In a significant security breach, security researcher Jeremiah Fowler discovered an unprotected database containing over 25,000 records, including highly sensitive documents. The exposed database belonged to Kings of Translation, a New York-based translation service provider.
Fowler’s research revealed that the leaked data included passports, driver licenses, business documents, denied visa petitions, birth and marriage records, as well as US federal and state tax filings, posing severe security risks for customers worldwide.
The breach highlighted the misconception that offline paper documents are immune to online data risks, as compromising such documents is indeed possible. Kings of Translation, a reputed translation service provider facilitating over 120 languages, was found to store a wide range of sensitive documents from customers. The exposed data exposed individuals to potential identity theft, tax fraud, and other cybercrimes, considering the personal details involved, including birth and marriage certificates, divorce records, and death certificates.
Fowler identified the owner of the breached database through invoices and references connected to Kings of Translation. This discovery marked the first instance of encountering data from a translation service and its customers for Fowler, with the database containing an unprecedented collection of versatile documents.
The leak encompassed not only personal documents but also legal documents like court records, contracts, and certificates requiring translation to comply with legal requirements or for visa and immigration purposes.
While Fowler promptly notified the company about the breach and access to the database was restricted, it remains unclear how long the database had been publicly exposed before the necessary action was taken. The potential risks stemming from the leak are significant, as cybercriminals could exploit the exposed information for tax fraud, identity theft, or unauthorized financial activities.
As of now, Kings of Translation has not responded to the researcher’s report, leaving affected individuals concerned about the security of their personal data.