Katapult Database

The Katapult Database leak in 2020 was a significant data breach that occurred in the United States. On October 22, 2020, a dataset containing approximately 2,232,841 records was leaked online. The breached data belonged to Katapult, a fintech company that provides consumers with installment payment plans and credit products.

The leaked dataset included sensitive information such as names, email addresses, phone numbers, addresses, dates of birth, Social Security numbers, drivers license numbers, and financial records. The data breach was said to have been caused by a misconfigured Amazon Web Services (AWS) S3 bucket, which left the sensitive information exposed to the public internet.

The investigation into the breach revealed that the misconfigured bucket had been left unsecured for an unknown period of time, allowing unauthorized parties to access and download the sensitive data. As a result, thousands of individuals personal and financial information was compromised, leaving them vulnerable to identity theft, financial fraud, and other cybercrimes.