Paul Malik reports: Faith in the Test and Protect system could be undermined should data breaches like the one committed by NHS Orkney be repeated, Nicola Sturgeon has warned. Ms Sturgeon was responding to questions after it was discovered more than 50 coronavirus test results were sent “in error” to a local business. As well…
Category: Exposure
India’s popular BHIM payments platform reportedly leaks 7M users’ data (UPDATED with NPCI denial)
Ivan Mehta reports: A data leak from India’s BHIM payment app exposed personal data of 7 million Indians including addresses, scans of Aadhar IDs, and caste certificates. A report from cybersecurity company VPN Mentor suggests that this 409GB database was stored in a misconfigured AWS S3 bucket, making all data publicly accessible. The report noted that the…
Joomla team discloses data breach
Catalin Cimpanu reports: The team behind the Joomla open source content management system (CMS) announced a security breach last week. The incident took place after a member of the Joomla Resources Directory (JRD) team left a full backup of the JRD site (resources.joomla.org) on an Amazon Web Services S3 bucket owned by their own company….
Security flaw in Qatar’s COVID-19 contact-tracing app ‘put 1m people’s sensitive data at risk’
From Amnesty USA: Serious security vulnerabilities in Qatar’s mandatory contact tracing app, uncovered by Amnesty International, must act as a wake-up call for governments rolling-out COVID-19 apps to ensure privacy safeguards are central to the technology. An investigation by Amnesty’s Security Lab discovered the critical weakness in the configuration of Qatar’s EHTERAZ contact tracing app….
Bank of America reveals data breach in PPP application process
Caroline Hudson reports: Bank of America Corp. (NYSE: BAC) has revealed a possible data breach on business clients’ information for the Paycheck Protection Program. The breach occurred on April 22, as BofA uploaded PPP applications onto the U.S. Small Business Administration’s test platform, according to a filing with the California Attorney General’s Office. The limited-access…
Kentucky unemployment website experienced April data breach
Another state has reported a breach or leak involving a state portal for filing unemployment claims. Fox19 reports: Kentucky officials reported Thursday what Gov. Andy Beshear described as a “data breach” in the state’s unemployment insurance web portal. The so-called breach took place on April 23, according to a release from Kentucky’s Education and Workforce…