A major data breach involving an AI startup has exposed sensitive personal information online, putting thousands at risk of identity theft and fraud. Experts from CyberNews uncovered an unsecured Google Cloud storage bucket belonging to WotNot, an AI chatbot provider, which contained a staggering 346,381 files.
The exposed documents included passports, CVs, medical records, and other sensitive details such as full names, contact information, and addresses. The storage bucket was openly accessible without the need for authorisation and remained exposed for over two months after initial warnings were sent.
What happened at WotNot?
WotNot is a startup specialising in AI-powered chatbots, offering businesses around-the-clock virtual customer support. With over 3,000 clients in industries such as insurance, finance, healthcare, and banking, the company provides services to high-profile customers, including the University of California, Chenening, and Amneal Pharmaceuticals.
Despite its advanced offerings, WotNot’s oversight highlights a significant risk in relying on third-party vendors for essential systems. Businesses often use external services to save resources and enhance efficiency, but such partnerships can introduce vulnerabilities. This breach underscores the need for stricter cybersecurity measures, especially when handling sensitive customer data.
AI services, which often require users to input personal information into automated systems, are particularly susceptible to data leaks. In WotNot’s case, the breach leaves its clients and users vulnerable to identity theft, phishing scams, and other forms of fraud.
The dangers of data leaks
Cybersecurity experts warn that this breach represents a substantial risk to affected individuals and businesses. CyberNews states, “The exposed personal documents provide threat actors a complete toolkit for identity theft, medical or job-related fraud, and various other scams.”
Individually, leaked data can be exploited for targeted phishing attacks or used to commit financial fraud, such as taking out loans under stolen identities. For organisations, these leaks can damage reputation, incur legal penalties, and lose customer trust.
Recent incidents, like this breach and the Blue Yonder ransomware attack, serve as reminders of the importance of robust cybersecurity. Businesses must regularly vet and monitor third-party vendors, particularly when managing interconnected systems like AI services. As reliance on digital platforms grows, so does the need for rigorous data protection practices.
Moving forward
This incident highlights the pressing need for stricter data protection standards within the tech industry. For WotNot, the focus must shift to addressing the vulnerabilities that allowed such a breach to occur. For other businesses, the takeaway is clear: cybersecurity should be a priority, not an afterthought.
This breach is a stark reminder that even modestly sized companies can pose significant security threats if proper safeguards are not in place. Whether it’s an AI chatbot or another digital tool, businesses must ensure the safety of their customers’ data to maintain trust and credibility.