Remember the old meme about how many <whatever your profession was> does it take to change a lightbulb? This week felt like, “How many people does it take to get very sensitive data locked down?” But there was nothing funny about it. Spoiler alert: the answer for this week was: 2 researchers, 1 journalist, 1…
Category: Exposure
Vanta bug exposed customers’ data to other customers
Zack Whittaker reports: Compliance company Vanta has confirmed that a bug exposed the private data of some of its customers to other Vanta customers. The company told TechCrunch that the data exposure was a result of a product code change and not caused by an intrusion. Vanta, which helps corporate customers automate their security and…
Lower Merion School District says a data breach was caused by a computer glitch (1)
DataBreaches cannot read “Lower Merion School District” without recalling the “Webcamgate” scandal of 2010, when the district was discovered monitoring students remotely in their bedrooms on district-issued MacBooks. At the time, they initially denied any misuse of remote access that was part of a security feature. Now the district is back in local news in…
Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
Matt Burgess and Lily Hay Newman report: The possibility that data could be inadvertently exposed in a misconfigured or otherwise unsecured database is a longtime privacy nightmare that has been difficult to fully address. But the new discovery of a massive trove of 184 million records—including Apple, Facebook, and Google logins and credentials for accounts connected to multiple governments—underscores the risks…
Cocospy stalkerware apps go offline after data breach
Zack Whittaker reports: A trio of phone surveillance apps, which was caught spying on millions of people’s phones earlier this year, has gone offline. Cocospy, Spyic, and Spyzie were three near-identical but differently branded stalkerware apps that allowed the person planting one of the apps on a target’s phone access to their personal data — including their messages, photos,…
Personal information exposed by Australian Human Rights Commission data breach
David Hollingworth reports: The Australian Human Rights Commission (AHRC) has revealed that more than 600 submissions and nominations to the commission’s website were accidentally exposed online between April and May 2025. The AHRC became aware of the breach on 10 April, when it discovered that attachments uploaded to its complaint web form between 24 March…