Alyson Klein reports: A K12 Inc. company database that included information for 19,000 students was available for anyone with an internet connection to see for at least a week, according to a report from Comparitech, which describes itself as a pro-consumer organization that offers security services. It’s not clear that anyone with ill intentions accessed…
Category: Exposure
DNA-testing service exposed thousands of customer records online
Nico Grant reports: DNA-testing service Vitagene Inc. left thousands of client health reports exposed online for years, the kind of incident that privacy advocates have warned about as gene testing has become increasingly popular. More than 3,000 user files remained accessible to the public on Amazon Web Services cloud-computer servers until July 1, when Vitagene…
Unsecured databases leak 90 million records of people and businesses in China
Dev Kundaliya reports: Two databases lying unprotected on the internet leaked records of more than 90 million people and businesses in China last week, a security researcher has claimed. The databases belonged to the Jiangsu Provincial Public Security Department in China and contained more than 26GB of data. In total, they contained 58,364,777 citizen records…
UK: Security Medway Council reforms eforms to stop blurting out residents’ details
Jude Karabus reports: Medway council in Kent has corked a hole in its website that spat out residents’ names, mailing addresses, phone numbers and email addresses after a Reg reader got in touch to complain. The breach appeared courtesy of some of Medway Council’s electronic forms. The council’s eforms were conceived during a collaboration of…
SG: Spize fined S$20,000 after more than 100 customers’ personal data leaked
Food and beverage outlet operator Spize has been fined S$20,000 after the personal data of about 150 customers was disclosed on its online ordering portal in 2017. In the grounds of decision dated Thursday (Jul 4), which was published on the Personal Data Protection Commission (PDPC) website, the PDPC received a complaint on Aug 12,…
Telangana website leaking sensitive data of pensioners; official says it won’t be fixed until July 31
Soumyarendra Barik reports something that is somewhat… “mind-boggling:” Sensitive information, including bank account numbers, PAN numbers, PPO (pension payment order) IDs, tax-deductions and pension amounts of retired state government employees is being leaked on the Directorate of Treasuries and Accounts (DoTA) website, according to a New Indian Express report. Director of Treasuries and Accounts KSRC…