Bethany Wales reports: The leak in June 2017 saw an email containing confidential details about students’ extenuating circumstances sent to hundreds of their peers. The circumstances, detailed in a spreadsheet, included suicidal thoughts, sexual assault, and serious family illnesses and bereavements. Now, a Freedom of Information request has revealed the university’s insurers paid out a…
Category: Exposure
LabCorp website bug exposed thousands of medical documents
Zack Whittaker reports: A security flaw in LabCorp’s website exposed thousands of medical documents, like test results containing sensitive health data. …. This latest security lapse was caused by a vulnerability on a part of LabCorp’s website, understood to host the company’s internal customer relationship management system. Although the system appeared to be protected with a…
H&M’s data leak in Germany “in legal examination”
Angela Gonzalez-Rodriguez reports: New York – Fashion retailer H&M (HMb.ST) said on Saturday that data security breaches found at its German unit were unacceptable and it was cooperating with the local data protection supervisory authority in its investigation into the matter. […] In October last year, the ‘Frankfurter Allgemeine Zeitung‘ reported that personal data of…
Identity and Access Misstep: How an Amazon Engineer Exposed Credentials and More
The UpGuard team reports: UpGuard can now disclose that a repository hosted on GitHub with data from an Amazon Web Services engineer containing personal identity documents and system credentials including passwords, AWS key pairs, and private keys has been secured from public access. The data was committed to a public repository on the morning of…
Microsoft discloses security breach of customer support database
Catalin Cimpanu reports on another leak discovery by Bob Diachenko: Microsoft disclosed today a security breach that took place last month in December 2019. In a blog post today, the OS maker said that an internal customer support database that was storing anonymized user analytics was accidentally exposed online without proper protections between December 5…
Security researchers — and journalists — need legislative protection in India for disclosing vulnerabilities
If there is anything positive at all about the legal bullshit 1to1Help,net has perpetrated to cover up their data leak and to deflect blame, it is the support I have received from the Internet Freedom Foundation in India. But before diving into that more, a quick update on 1to1Help’s shameful litigation: After reading the court…