ABC recently carried a story which is becoming all too common. Amazon S3 data left open to the public with sensitive customer information exposed, in this instance, front and back scans of NSW drivers licences and tolling notices. You don't need too much imagination to see how harmful this information could be in the wrong hands, and you can be pretty confident that is now in those hands.
It seems as though the leak is down to a private business (one would assume a toll road operator?) who is likely now liable to see some pretty serious damages claims. I'm no lawyer, but surely the potential costs of the identity theft and fraud against these 10s of thousands of impacted people is not something any business would want to deal with. While they may have insurance coverage, this seems equivalent to insuring your valuables, storing them in a paddock next to the road and then trying to submit a claim. Would you want to be that business?
Amazon and other cloud services are a fantastically useful resource which can allow your IT infrastructure to scale out as required in ways that would be prohibitively expensive if you owned the actual hardware, but they share the same issues as any complex and powerful tool in that any misconfiguration can be catastrophic
It seems pretty obvious that many businesses are using this infrastructure without adequate security auditing, and will have to start being held accountable. Don't be that business. Even seemingly minor customer information that you hold could be the final small piece that a malicious actor requires to complete their profile of one of your customers and financially ruin them. Security needs to be a larger line item moving forward for business big and small.
I'll add any good ideas anyone is willing to propose here in future, this is just a quick off the top of the head response to an article I happened to read this morning.