Zack Whittaker reports: Compliance company Vanta has confirmed that a bug exposed the private data of some of its customers to other Vanta customers. The company told TechCrunch that the data exposure was a result of a product code change and not caused by an intrusion. Vanta, which helps corporate customers automate their security and…
Category: Exposure
Lower Merion School District says a data breach was caused by a computer glitch (1)
DataBreaches cannot read “Lower Merion School District” without recalling the “Webcamgate” scandal of 2010, when the district was discovered monitoring students remotely in their bedrooms on district-issued MacBooks. At the time, they initially denied any misuse of remote access that was part of a security feature. Now the district is back in local news in…
Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
Matt Burgess and Lily Hay Newman report: The possibility that data could be inadvertently exposed in a misconfigured or otherwise unsecured database is a longtime privacy nightmare that has been difficult to fully address. But the new discovery of a massive trove of 184 million records—including Apple, Facebook, and Google logins and credentials for accounts connected to multiple governments—underscores the risks…
Cocospy stalkerware apps go offline after data breach
Zack Whittaker reports: A trio of phone surveillance apps, which was caught spying on millions of people’s phones earlier this year, has gone offline. Cocospy, Spyic, and Spyzie were three near-identical but differently branded stalkerware apps that allowed the person planting one of the apps on a target’s phone access to their personal data — including their messages, photos,…
Personal information exposed by Australian Human Rights Commission data breach
David Hollingworth reports: The Australian Human Rights Commission (AHRC) has revealed that more than 600 submissions and nominations to the commission’s website were accidentally exposed online between April and May 2025. The AHRC became aware of the breach on 10 April, when it discovered that attachments uploaded to its complaint web form between 24 March…
Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
An internal information security breach has been identified in the Social Services, Health Care and Rescue Services Division of the City of Helsinki. The breach concerns client data from certain Family Law Services, which between 2012 and 2019 was stored on the Division’s internal network without adequate access restrictions. No external parties have had access…