UpGuard reports: The UpGuard Research team can now disclose that a cloud storage bucket containing personally identifiable information (PII) for thousands of people in the South Carolina justice system has been secured. An employee of Spartan Technology, a South Carolina tech company, had uploaded a collection of backups to the AWS S3 storage service. The data collection…
Category: Exposure
Months-Long Privacy Breach Involving Meal Tray Tickets at Zuckerberg SF General Hospital: DPH
Bay City News reports: The San Francisco Department of Public Health announced Tuesday a privacy breach at Zuckerberg San Francisco General Hospital involving patients’ meal tray tickets that were improperly disposed into regular garbage bins. The tickets, which contained patients’ full names, birth month and day, bed/unit location at the hospital, diet information and menu…
Public Relations: How a Marketing & PR Platform Exposed Thousands of Users
The UpGuard research team reports: The UpGuard Research team can now disclose that a data collection originating from iPR Software (risk score: 683) containing details of 477,000 media contacts, business entity account information, over 35,000 user password hashes, assorted documents, and administrative system credentials has been secured. The Amazon S3 storage bucket contained a large collection…
How can we screw up incident response? Let me count the ways — Monday UK Edition
This week, DataBreaches.net was reminded yet again of the risks of trying to alert an entity to a breach. This time, it was not me who was threatened or any of the whitehat researchers I know. This week, it was a citizen who found patient records on the street in his town and undertook to…
Katy ISD staff info, including Social Security numbers, released
KTRK reports: Katy ISD said the birth dates and Social Security numbers of its employees were “inadvertently” released. […] According to officials, the information was sent out in response to a routine request for an employee list. Read more on ABC13. This is not the first breach involving employees’ personal information, although in a bigger…
Bug bounty firm HackerOne suffers ‘sloppy cut-and-paste’ breach
Eva Short reports: … in an ironic turn of fortunes for the firm, HackerOne has now paid out a $20,000 bounty for the identification of a bug on its own platform. The hacker in question, user ‘haxta4ok00’, had been communicating with one of HackerOne’s security analysts last month. Throughout the course of the conversation, the…