Alicia Hope: A leading UK software company exposed personal information belonging to over 190 law firms through an unsecured online database. TurgenSec security firm discovered the breach but could not immediately identify the owner of the online database and therefore contacted the National Cyber Security Centre (NCSC). Following the Responsible Disclosure Policy, the firm contacted…
Category: Exposure
RU: Payment portals leak the passport numbers of the tens of thousands of Muscovites ticketed for quarantine violations
Sourced from Kommersant, Meduza reports: Over the past two months, Moscow has issued tens of thousands of fines to local residents for violating the city’s coronavirus self-isolation restrictions. Thanks to weak cryptographic security, the personal data of those ticketed is now available online. The blog Nora Ezhika first drew attention to the data leak on May 12,…
Edison Mail rolls back update after iOS users reported they could see strangers’ emails
Kim Lyons reports: Edison Mail has rolled back a software update that apparently let some users of its iOS app see emails from strangers’ accounts. Several Edison users contacted The Verge to report seeing the glitch after they applied the update, which was meant to allow users to sync data across devices. Reader Matthew Grzybowski said after…
Data breach in new Illinois online unemployment system exposes private information
Jamie Munks reports: A glitch in a newly launched state system for processing unemployment claims for gig workers publicly exposed personal information, a spokeswoman for Democratic Gov. J.B. Pritzker said Sunday. The Illinois Department of Employment Security “is aware there was a glitch” in a new system for processing unemployment claims for independent contractors and…
Latest Nova Scotia privacy breach reveals names, medical conditions, sexual abuse details
Yvonne Colbert reports: The Nova Scotia government is saying very little about another privacy breach, this one involving an unknown number of Workers’ Compensation Board appeal decisions that include the names of workers and some intimate personal information about them. The government removed the documents after being informed by CBC that the decisions were unredacted and…
AU: Federal court launches snap investigation of its asylum seeker data breach
Ben Butler reports: The federal court has launched a snap investigation of how it potentially broke the law an estimated 400 times by revealing the names of asylum seekers on a public website. John McMillan, a senior lawyer, former commonwealth ombudsman, privacy commissioner and inspector general of intelligence, is conducting a review into how the…