%20(3)-1.png?quality=high&width=1900&height=1250&name=CSS%20-%20Blog%20(Featured%20Images)%20(3)-1.png)
%20(1).png?width=2000&height=1125&name=CSS%20-%20Blog%20(Featured%20Images)%20(1).png)
%20(1920%20x%201080%20px)%20(12).png?width=820&height=547&name=Copy%20of%20Blue%20White%20Gradient%20Modern%20Professional%20Business%20General%20LinkedIn%20Banner%20(750%20x%20750%20px)%20(1920%20x%201080%20px)%20(12).png)
In the balance of 2025, Casmer Labs, Cloud Storage Security’s internal threat laboratory, has observed a number of high-profile incidents wherein either by human error, lack of monitoring/observability, or other factors, publicly accessible object storage resources have resulted in catastrophic data breaches.
The Breakdown
First reported by CyberNews on September 25, 2025, an Amazon S3 bucket owned by DOT compliance organization AJT Compliance, LLC has leaked tens of thousands of sensitive records, putting 10% of Texas-based truckers at risk of identity theft.
This leaked dataset has been reported to contain:
- Social security cards and numbers (18000+)
- Driver’s licenses (23000+)
- Drug tests
- Employment contracts
- Background check consent forms
- Vehicle insurance cards
- Employee consent forms
- Vehicle inspection results
The leaked data reportedly dates as far back as 2022, with new objects actively being uploaded during the investigation. The leak was discovered on July 31, 2025, first disclosed on August 1, 2025, and was closed on September 3, 2025.
This information was stored in a publicly accessible Amazon S3 bucket, meaning that anyone using even a publicly available tool like GreyHat Warfare could view this information. Unlike the vast majority of similar incidents that have occurred so far in 2025 (see Navy Federal Credit Union breach, disclosed early September), this resulted in highly sensitive information being leaked via photo and plain text. Whereas many other breaches could be used to supplement ongoing social engineering efforts by using less sensitive information, those affected by this breach are at an imminent risk of identity theft.
If you or anyone you know have been affected by the AJT Compliance, Inc. breach, take the following steps immediately:
- Visit IdentityTheft.gov to make a report.
- Place a temporary fraud alert on your credit account, using one of the following major credit bureaus:
- Get a copy of your credit report. To request a copy for free, visit https://annualcreditreport.com/.
- File a report with your local police department.
- File a complaint with the Internet Crime Complaint Center department of the FBI at https://www.ic3.gov/.
- Notify the IRS (Form 14039) to ensure that any tax filings with your social security numbers are being monitored.
To prevent a similar incident from affecting your organization, take the following steps:
- Restrict Public Access & Secure Cloud Storage
- Configure strict access controls to ensure only authorized users or services can access sensitive data
- Regularly review and update permissions to minimize exposure
- Monitor & Audit Access Logs
- Continuously track access logs to detect unauthorized activity
- Conduct retrospective log analysis to identify any suspicious access patterns
- Encrypt Data at Rest & In Transit
- Enable server-side encryption to protect stored data
- Use AWS Key Management Service (KMS) or equivalent tools to securely manage encryption keys
- Automate Security Measures
- Deploy automated security checks to detect misconfigurations and vulnerabilities
- Use cloud security tools that provide real-time alerts and automated remediation
- Conduct Regular Security Audits
- Perform frequent security assessments to identify and address weak points
- Implement penetration testing to simulate potential attacks and strengthen defenses
- Train Employees on Cybersecurity Best Practices
- Educate teams on data security, phishing risks, and access control policies
- Establish clear protocols for handling and securing sensitive information
To automatically surface misconfigurations such as publicly accessible Amazon S3 buckets, DataDefender by Cloud Storage Security offers 90+ security checks over 11 AWS services.
About DataDefender and Cloud Storage Security
DataDefender by Cloud Storage Security offers customers complete protection over the entirety of their cloud storage environment. Make sure your organization:
- Knows where its sensitive data resides
- Configures their storage resources in a secure manner
- Prevents the ingestion and distribution of malware, including ransomware
- Identifies and stops internal and external attacks against storage, and the data within
DataDefender is available now. Sign up today and ensure that your organization’s data is protected according to its sensitivity.
Share:
.png?width=387&height=258&name=CSS%20Webinar%20Thumbnails%20(35).png)
%20(1920%20x%201080%20px)%20(8).png?width=387&height=258&name=Copy%20of%20Blue%20White%20Gradient%20Modern%20Professional%20Business%20General%20LinkedIn%20Banner%20(750%20x%20750%20px)%20(1920%20x%201080%20px)%20(8).png)
