This is a major security breach. An online company that allows users to obtain a copy of their birth and death certificates from U.S. state governments has exposed a massive cache of applications — including their personal information.
More than 752,000 applications for copies of birth certificates were found on an Amazon Web Services (AWS) storage bucket. The bucket, owned by a Barcelona-based company Onlinevitalus, wasn’t protected with a password, allowing anyone who knew the easy-to-guess web address access to the data.
The data exposed was for APPLICATIONS for birth certificate copies, not for copies of the birth certificates themselves. Even so, each application contained a lot of personal information that is not supposed to be exposed, including: the applicant’s name, date-of-birth, current home address, email address, phone number and historical personal information, including past addresses, names of family members and the reason for the application — such as applying for a passport or researching family history.
You can read more in an article by Zack Whittaker in the TechCrunch web site at: https://techcrunch.com/2019/12/09/birth-certificate-applications-exposed/.