Diagnose / detail

ACME Corp

critical

Public S3 bucket exposes PII

A billing export bucket is world-readable and holds customer PII — a GDPR-reportable exposure.

GDPR →SOC 2 →NIST CSF → Open — public ACL detected by AWS Security Hub

Root cause

A billing export bucket was provisioned with a public-read ACL during a migration and never re-locked. It contains customer PII.

Business impact

Public PII exposure is a GDPR-reportable event and an immediate SOC 2 confidentiality failure. The clock on breach notification starts the moment it is discovered.

Mapped controls

NIST PR.DS-01

Fails while this gap is open

SOC 2 CC6.6

Fails while this gap is open

GDPR Art 32

Fails while this gap is open