Todd Ulrich reports: Some Allegiant Air customers claim the airline violated their privacy and shared their sensitive information. Customers who have used service and emotional support animals found out their personal email addresses were sent to hundreds of passengers. Action 9 consumer investigator Todd Ulrich reports a class action lawsuit is demanding the airline protect…
Category: Business Sector
Sky Brasil exposes data of 32 million subscribers
Catalin Cimpanu reports: As security experts predicted since last year, ElasticSearch servers –a technology for powering search functions– are becoming the next big source of massive data leaks. The latest company to be added to the list of breach incidents caused by an exposed ElasticSearch server is Sky Brasil, one of the biggest subscription television…
ElasticSearch server exposed the personal data of over 57 million US citizens
Catalin Cimpanu reports: An ElasticSearch server that was left open on the Internet without a password has leaked the personal information of nearly 57 million Americans for almost two weeks, ZDNet has learned. The leaky server was spotted by Bob Diachenko, Director of Cyber Risk Research for cyber-security firm Hacken, during a regular security audit…
Urban Massage exposed a huge customer database, including sensitive comments on its creepy clients
Zack Whittaker reports: Urban Massage, a popular massage startup that bills itself as providing “wellness that comes to you,” has leaked its entire customer database. The London, U.K.-based startup — now known as just Urban— left its Google-hosted ElasticSearch database online without a password, allowing anyone to read hundreds of thousands of customer and staff…
UK’s ICO fines Uber £385,000 over data protection failings
The monetary penalties levied against ride-sharing giant Uber for covering up a 2016 breach continue to mount. From the ICO’s office: The Information Commissioner’s Office (ICO) has fined ride sharing company Uber £385,000 for failing to protect customers’ personal information during a cyber attack. A series of avoidable data security flaws allowed the personal details…
Data Protection Authority of Baden-Württemberg Issues First German Fine Under the GDPR
Here’s a more detailed analysis of the GDPR fine of 20,000€ levied against a German flirting site, knuddels.de. Dr. Henrik Hanssen and Dr. Stefan Schuppert write: In the first fine issued by a German data protection authority under the European General Data Protection Regulation (“GDPR”), on 21 November 2018 the authority of the German state…