Vistaprint. Everyone knows it and probably almost everyone knows somebody who has used the firm to design or print business cards, brochures, or other business-related stationery or marketing-related materials. Recently I was on Vistaprint’s site to create a new logo for ctrlbox.com. To my unpleasant surprise, I discovered that the preview of my logo displayed…
Category: Breach Incidents
Georgia Supreme Court resuscitates patient lawsuit against Athens Orthopedic Clinic
The Georgia Supreme Court has breathed new life into a lawsuit by patients of Athens Orthopedic Clinic (AOC) whose data were stolen by thedarkoverlord in 2016. In a decision issued this week, the judges unanimously reversed the Court of Appeals’ dismissal of the lawsuit, vacated other parts of their ruling, and remanded the case. At…
AL: DCH Health System patients file federal suit over ransomware attack
Howard Koplowitz reports: Four patients of the DCH Health System filed a federal class-action lawsuit Monday alleging that the three west Alabama Hospitals violated health information privacy laws and disrupted their medical care when the system was hit with a ransomware attack in October. The four patients accuse the health system of negligence, invasion of…
SonyLIV Fixes leaky Elasticsearch in record time
Once again, a service owned and control by a division of official Sony Entertainment has slipped up. This time, their error exposed a elasticsearch server leaking log entries that feed into a third-party tool. Sony is no stranger when it comes to reports of poor infosecurity and hacking incidents, but it is not often we…
China Citizen Watch (Finally) Secures 150TB of Leaking Data
China Citizen Watch, the official Chinese division of the Japanese watch giant Citizen, and Bulova Watch Company (a Citizen brand in the U.S.) have both been affected because China Citizen Watch or its hosting company left an unsecured RSYNC server online with more than 150TB of files. Cursory skimming of the files, necessitated by Citizen…
Honda North America responds quickly to notification of a leak
Bob Diachenko reports that he found an ElasticSearch instance that was exposing customers of Honda North America. On December 11th, 2019, I have identified an open and unprotected Elasticsearch cluster with 976 millions of records which appeared to be part of Honda North America infrastructure, exposed online to anyone with a web browser. Of note, Honda…