Chris Fox reports: The Charing Cross Gender Identity Clinic sent patients an email about an art competition, with hundreds of others CC-ed in. The clinic later tried to recall the message but the error had already been noticed. The Tavistock and Portman NHS Foundation Trust, which is responsible for the clinic, is investigating. Read more…
Month: September 2019
Security breach on Pepperfry exposes details of users; now plugged
Pranav Hegde reports: A major security flaw was detected on online furniture store Pepperfry’s website, which could have allowed users to sign in to another registered user’s account. Pepperfry has claimed that the bug was fixed within an hour of being detected. Security researcher Ehraz Ahmed found the bug on Pepperfry’s website, which could have…
MN: Metro Mobility notifies 15,000 customers of data breach that may have exposed personal information
Chris Serres reports: A data breach at Metro Mobility, the Twin Cities transit service for people with disabilities, may have exposed the personal information of up to 15,000 individuals who use it. Metro Mobility has notified customers that an employee’s e-mail account was hacked by an unauthorized person, compromising personal ride information between June 13…
Hong Kong Stock Exchange (HKEX) website hacked
The South China Morning Post reported: (Sept 6): The open-access website of the HKEX was hacked yesterday, the second such cyberattack since August 2011. An unrelated software bug in the vendor-supplied trading platform, which forced the exchange to suspend derivatives trading yesterday, has been isolated and fixed. Read more on TheEDGE Markets.
Thousands of servers infected with new Lilocked (Lilu) ransomware
Catalin Cimpanu reports: Thousands of web servers have been infected and had their files encrypted by a new strain of ransomware named Lilocked (or Lilu). Infections have been happening since mid-July, and have intensified in the past two weeks, ZDNet has learned. Read more on ZDNet.
Monster.com says a third party exposed user data but didn’t tell anyone
Zack Whittaker reports: An exposed web server storing résumés of job seekers — including from recruitment site Monster — has been found online. The server contained résumés and CVs for job applicants spanning 2014 and 2017, many of which included private information like phone numbers and home addresses, but also email addresses and a person’s…