Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: uk (2 articles)Clear

Fake 'UK Visa Portal' third-party (Active Leadgen LLC) exposed 100,000 passports and selfies on public AWS S3

TechCrunch has flagged a public AWS S3 bucket operated by a UAE-registered third-party site, UK Visa Portal (Active Leadgen LLC), that exposed at least 100,000 passport scans and selfies belonging to people who paid extra to apply for UK electronic travel authorizations. The site is not the official GOV.UK service; users could complete the same application directly on GOV.UK in minutes for free. The third party reportedly responded with legal threats instead of remediation. The dataset is now in the wild and creates substantial identity-document compromise risk - passport scans plus selfies enable KYC bypass against banks, exchanges, and government services.

Check
Brief staff that 'UK Visa Portal' and similar third-party visa-help sites are not GOV.UK and may leak documents. Anyone who uploaded a passport to ukvisaportal.com should treat it as compromised.
Affected
100,000+ individuals (and counting) who used Active Leadgen LLC's UK Visa Portal site. Passport scans plus selfies enable KYC bypass against banks, exchanges, and government services.
Fix
Affected individuals: report passport as potentially compromised; consider replacement. Banks/exchanges: tighten document-plus-liveness verification against AI-generated impersonations using leaked identity documents.

UK water company hit by Cl0p had hackers hidden in its network for nearly 2 years - ICO fines South Staffordshire Water 964K

The UK Information Commissioner fined South Staffordshire Water 963,900 pounds over a 2022 Cl0p ransomware breach that exposed 633,887 customer and employee records. The penalty notice reveals attackers were inside the network nearly two years before discovery - initial access happened September 2020 via a malicious email attachment, but they were not detected until July 2022 when IT performance issues triggered an investigation. The ICO found basic security failures: an unpatched ZeroLogon flaw on two domain controllers, no principle of least privilege, an outsourced SOC monitoring just 5 percent of the IT estate, and Windows Server 2003 boxes still running in production.

Check
Pull your most recent domain-controller vulnerability scan. If nothing exists in the last 90 days, that is itself a finding. Verify ZeroLogon (CVE-2020-1472) is patched on every DC.
Affected
Any organization where domain controllers run unpatched, where the outsourced SOC monitors less than the full IT estate, where legacy systems like Windows Server 2003 remain in production, or where vulnerability scanning has not been performed in over 90 days. Critical national infrastructure and regulated industries face especially harsh penalties for these gaps.
Fix
Patch ZeroLogon (CVE-2020-1472) on every domain controller now if not already done. Confirm your SOC contract requires monitoring coverage of 100 percent of in-scope assets, with endpoint telemetry and authentication logs integrated. Run quarterly internal and external vulnerability scans and retain the reports for regulator inspection. Retire any Windows Server 2003 boxes still in production - extended support ended July 2015.