Data Leak Exposes Client Information from Van Mossel and Other Companies Training AI Models with Rawdamental Services

On February 1st, a data leak was uncovered by our research team, revealing that an obscure data analytics company, Rawdamental, had exposed personal data of users from multiple Dutch companies. Among the affected companies was Van Mossel, the largest auto dealer in Benelux, along with other businesses such as software companies, a marketplace for motorcycle parts, a marketing agency, a fireworks retailer, an interior retailer, Christmas gift services, and a motorsport fan club.

The leak was caused by a misconfiguration on Rawdamental’s systems, specifically a missing authentication on their Kibana dashboard, which made the data publicly accessible since December 2021. The leaked data included users’ IP addresses, accessed URLs, visited page titles, user agents, and in some cases, user names and projects they were working on.

Rawdamental’s business model revolves around gathering data to create unique profiles of website visitors, which are then used to train AI models for predicting user behavior. However, the leak exposed the dangers of using such datasets for AI training, as it may lead to the disclosure of sensitive information without user consent.

After the article was published, Rawdamental responded by claiming to have initiated an investigation into the incident and implementing security measures. They stated that the leaked data was only used for data collection purposes and not for AI training. The company expressed regret over the incident and promised to work with the affected parties to address any consequences.

The incident serves as a reminder of the risks associated with using AI tools in workplaces and the importance of properly securing and anonymizing user data to prevent such leaks in the future.