The Georgia Supreme Court has breathed new life into a lawsuit by patients of Athens Orthopedic Clinic (AOC) whose data were stolen by thedarkoverlord in 2016. In a decision issued this week, the judges unanimously reversed the Court of Appeals’ dismissal of the lawsuit, vacated other parts of their ruling, and remanded the case. At…
Category: Breach Incidents
AL: DCH Health System patients file federal suit over ransomware attack
Howard Koplowitz reports: Four patients of the DCH Health System filed a federal class-action lawsuit Monday alleging that the three west Alabama Hospitals violated health information privacy laws and disrupted their medical care when the system was hit with a ransomware attack in October. The four patients accuse the health system of negligence, invasion of…
SonyLIV Fixes leaky Elasticsearch in record time
Once again, a service owned and control by a division of official Sony Entertainment has slipped up. This time, their error exposed a elasticsearch server leaking log entries that feed into a third-party tool. Sony is no stranger when it comes to reports of poor infosecurity and hacking incidents, but it is not often we…
China Citizen Watch (Finally) Secures 150TB of Leaking Data
China Citizen Watch, the official Chinese division of the Japanese watch giant Citizen, and Bulova Watch Company (a Citizen brand in the U.S.) have both been affected because China Citizen Watch or its hosting company left an unsecured RSYNC server online with more than 150TB of files. Cursory skimming of the files, necessitated by Citizen…
Honda North America responds quickly to notification of a leak
Bob Diachenko reports that he found an ElasticSearch instance that was exposing customers of Honda North America. On December 11th, 2019, I have identified an open and unprotected Elasticsearch cluster with 976 millions of records which appeared to be part of Honda North America infrastructure, exposed online to anyone with a web browser. Of note, Honda…
Consulting Firm Accidentally Doxxed Thousands of Employees at America’s Top Defense Contractor
Lachlan Markay reports: A prominent Washington, D.C.-area consulting firm inadvertently published the names, phone numbers, home addresses, and email addresses of thousands of employees of America’s top aerospace and defense contractor. Publicly available files maintained by the digital consultancy IMGE included extensive personal information on more than 6,000 Boeing employees, from senior executives to program…