Jeremiah Fowler writes: Another day and another big data leak. On July 1st the WebsitePlanet research team in cooperation with Security Researcher Jeremiah Fowler discovered a non-password protected database that contained records of the internet’s largest webmaster portal. Upon further research it appeared that Digital Point had leaked the data of 863,412 users. Digital Point claims to…
Category: Exposure
Prison phone service Telmate exposes messages, personal info of millions of inmates and their contacts
Paul Bischoff reports: Telmate, a service used by incarcerated inmates at US prisons to communicate with their friends and loved ones, has exposed a database containing tens of millions of call logs, private messages, and personal information about inmates and their contacts. The database was exposed on the web without a password or any other…
47 names of clergy abuse victims part of accidental email leak
Christopher White writes: A clergy abuse victim who participated in the Philadelphia Archdiocese’s independent compensation program for survivors is alleging that the confidentiality of nearly 50 other victims was compromised when the program administrator mistakenly sent the individual an email in 2019 with the names of participants from another diocese’s program. Since October 2016, Kenneth…
UK: Southern Water customers could view others’ personal data by tweaking URL parameters
Gareth Corfield reports: Southern Water – British supplier of the liquid of life – botched its internal Sharepoint implementation so badly that a customer was able to view other people’s account details. Reg reader Chris H discovered that the way Southern Water had set up Sharepoint to host customer information as a “your account” style section…
‘Human error’ results in privacy breach for Children’s Disability Services clients: Manitoba government
Charles Lefebvre reports: The Manitoba government says ‘human error’ resulted in personal information about Children’s Disability Services (CDS) clients being unintentionally shared this week. On Friday, the province said in a news release that the privacy breach occurred on Aug. 26, when staff from CDS “accidentally sent an email intended for the Manitoba Advocate for…
Over 54,000 scanned NSW driver’s licences found in open cloud storage
Juha Saarinen reports: Tens of thousands of scanned NSW driver’s licenses and completed tolling notice statutory declarations were left exposed on an open Amazon Web Services storage instance, but Transport for NSW doesn’t know how the sensitive personal data ended up in the cloud. The open AWS S3 bucket was found by Bob Diachenko of…