It’s been a frustrating matter, but it may finally be resolved, thanks to the individual known as @fs0ciety on Twitter. In May 2019, DataBreaches.net was alerted to an online bloodbank in India that had a misconfigured Amazon s3 bucket. Despite repeated emails by this site and even a phone call from Banbreach infosec in India,…
Category: Exposure
Startup vulnerability leaves Queer Chart student data exposed
Paxton Scott reports: A security flaw allowed users of Queer Chart, a startup founded by Stanford students to link members of the campus queer community, to access all users’ names, profile pictures, email addresses, dates of birth, pronouns, schools and anonymous IDs, its founders have acknowledged. An anonymous ID is meant to allow a user…
Unprotected patient data in the Internet – a review 60 days later, or The Good, the Bad, and the Ugly
A report by Greenbone Networks in September about the leak of medical images online made waves — including spurring Senator Warner to ask HHS OCR what it was doing in response to the report. Today, Greenbone reached out to a number of sites to alert us all to an update to their report. From their…
150 infosec bods now know who they’re up against thanks to BT Security cc/bcc snafu
Gareth Corfield reports: BT Security managed to commit the most basic blunder of all after emailing around 150 infosec professionals who attended a jobs fair – using the “cc” field instead of “bcc”. The email, shown to The Register by a non-trivial number of aggrieved recipients, thanked them for attending the Westminster Cyber Expo and popping by…
Exclusive: More than 90,000 patient billing files from an alcohol and drug addiction treatment network exposed online
Update: On December 2, Sunshine Behavioral Health reported this incident to HHS as impacting 3500 patients. They also ticked the box for Business Associate. Update 2: On January 23, 2020, ID Experts submitted a copy of their notification to patients to the Vermont Attorney General’s Office. Another day, another leak. In this case, an error…
Judiciary leaks personnel data of company in cocaine investigation; workers terrified
Janene Pieters reports: Personnel data from a fruit wholesaler in Hedel, Gelderland accidentally ended up in the criminal file of a major cocaine investigation, the Public Prosecution Service in Oost-Nederland confirmed. In a statement, the Prosecutor said it regrets the state of affairs, stressing that there have never been indications that people were in immediate…