The company inadvertently exposed sensitive personal data of participants in antiperspirant brand Dove’s ‘real people’ campaign by leaving a company server hosted online on an unsecured Amazon Web Services S3 bucket. This meant that it could be freely accessed by anyone with an internet connection. This data was reportedly avaliable since at least 2018.
names, addresses, email addresses, telephone numbers, dates of birth and bank details were exposed for all of the men participating, as were passport scans and flight details for around half, and national insurance numbers
People affected / impacted:
Information on legal proceedings and how to go about gaining financial compensation including class action lawsuits you can join and breaches you are impacted by are available to registered users.