A recent survey of 500 U.S. law firms by Proton reported that one in five law firms were targeted in a cyberattack in the past year, and 8% of law firms (39% of those who reported a cyberattack) reported losing data or suffering exposure. To make matters even worse, Proton found that 65% weren’t familiar with…
Category: Exposure
A state forensics lab was leaking its files. Getting it locked down involved a number of people.
Remember the old meme about how many <whatever your profession was> does it take to change a lightbulb? This week felt like, “How many people does it take to get very sensitive data locked down?” But there was nothing funny about it. Spoiler alert: the answer for this week was: 2 researchers, 1 journalist, 1…
Vanta bug exposed customers’ data to other customers
Zack Whittaker reports: Compliance company Vanta has confirmed that a bug exposed the private data of some of its customers to other Vanta customers. The company told TechCrunch that the data exposure was a result of a product code change and not caused by an intrusion. Vanta, which helps corporate customers automate their security and…
Lower Merion School District says a data breach was caused by a computer glitch (1)
DataBreaches cannot read “Lower Merion School District” without recalling the “Webcamgate” scandal of 2010, when the district was discovered monitoring students remotely in their bedrooms on district-issued MacBooks. At the time, they initially denied any misuse of remote access that was part of a security feature. Now the district is back in local news in…
Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
Matt Burgess and Lily Hay Newman report: The possibility that data could be inadvertently exposed in a misconfigured or otherwise unsecured database is a longtime privacy nightmare that has been difficult to fully address. But the new discovery of a massive trove of 184 million records—including Apple, Facebook, and Google logins and credentials for accounts connected to multiple governments—underscores the risks…
Cocospy stalkerware apps go offline after data breach
Zack Whittaker reports: A trio of phone surveillance apps, which was caught spying on millions of people’s phones earlier this year, has gone offline. Cocospy, Spyic, and Spyzie were three near-identical but differently branded stalkerware apps that allowed the person planting one of the apps on a target’s phone access to their personal data — including their messages, photos,…