Data breach alert: Info on millions of seniors leaked online

August 13, 2021

By Kim Komando

With things like your email address, login credentials and telephone numbers, cybercriminals can accomplish an astonishing amount of destruction. That’s why it’s critical to take steps to protect them before it’s too late.

But in recent months, the blame hasn’t been falling on users being reckless with their information. It has become more frequent for data servers to be misconfigured, which creates a lucrative entry point for criminals.

Earlier this year, CVS suffered a data breach due to one such server being set up incorrectly. It exposed over a billion pharmacy records. Another company has now fallen victim to the same type of issue, exposing the data of millions of senior citizens.

Here’s the backstory

Researchers from WizCase discovered a misconfigured data server belonging to the site SeniorAdvisor. It’s one of the biggest senior care and service advisory and review sites in the U.S. and Canada.

Storing over 180GB of data, the team found the Amazon S3 bucket unencrypted. You didn’t even need a username or password to access the storage location. Over 3 million senior citizens’ exposed data contains names, emails, phone numbers, dates contacted and more.

The information covers a period of 11 years, from 2002 to 2013. But the files have a timestamp of 2017. WizCase explained that the information isn’t of SeniorAdvisor users at the time but rather a collection of personal data of potential customers.

Why this matters to you

Any breach of personal information can put you in a dire situation. On average, cybercriminals steal $600 per scam from seniors in the 60 to 70-year age group.

Luckily, the breach has been fixed. But there are a few things you need to be on the lookout for.

Cybercriminals could use the data to target seniors with phishing scams, malware or a number of other attacks. Here are some preventative measures to take:

• Use 2FA – For any account that offers it, set up two-factor authentication. This adds an extra layer of protection so that no unauthorized people log into your account.
• Watch for phishing emails – Never click on links or open attachments in unsolicited emails. They could be malicious and infect your device with malware or steal your login credentials.
• Avoid replying to unknown senders – Don’t reply to emails that could be spam, even if you want to tell them to stop. It most certainly won’t correct the issue and will only lead to more spam.