UK Tax Service Exposed Thousands Through Careless Bulk SMS Operation
Last updated September 17, 2021
Over twelve thousand people have had their sensitive data exposed online after Nohow International has failed to properly secure its database. The discovery of the unprotected Azure blob was the work of researchers from the CyberNews team, who informed Nohow, a UK-based staffing and recruitment agency, on December 8, 2020.
Receiving no response a week after, they reported the leaking blob to Microsoft, and the tech company finally secured it in early January 2021. The 12,464 files in the database contain extremely sensitive information in the form of images, PDF documents, and even email messages.
The types of files found there include the following:
The potential for exploitation for someone holding the above documents goes wide and deep, as we’re basically talking about full identities. Most notably, high-level criminals would use these to forge fake documents, perform identity theft, and also engage in banking fraud. To make matters even worse, many of the exposed individuals are blue-collar workers who immigrated to the UK to seek a better life and who are already in a somewhat vulnerable position.
According to CyberNews, most of the data comes from Lithuanian, Polish, African, and Caribbean citizens. Nohow accepts these applicants’ files, performs “prequalification checks,” and then connects these people with its clients, who are UK-based construction companies looking for a cheap workforce. Because these people are in need and simultaneously hoping, they don’t think twice before they provide Nohow with all their details, and the firm has just betrayed this trust.
If you are one of these people, you will have to report any signs of identity theft to the authorities immediately. Also, keep an eye on your bank accounts and statements and notify your bank and creditors if you see anything weird or inexplicable.
Finally, replace your national ID and passport and ask the authorities to invalidate the current ones as soon as possible. Remember, if things get out of control and someone abuses your personal details for their purposes, finding a way out of the trouble you’ll get yourself in will be quite hard.