Roy Urrico reports: Security researchers discovered an exposed Elasticsearch server containing up to 1.5 million Freedom Mobile users’ personal data, passwordless, and including unencrypted credit card and CVV numbers, expiration dates and verification numbers. The five million exposed customer data logs belonged to Freedom Mobile, Canada’s fourth wireless telecommunications provider. The files, stored in plaintext,…
Category: Exposure
Twitter discloses a bug impacting collection and sharing of location data on iOS devices
Twitter’s online Help section has the following notice: You trust us to be careful with your data, and because of that, we want to be open with you when we make a mistake. We have discovered that we were inadvertently collecting and sharing iOS location data with one of our trusted partners in certain circumstances….
Update: Oklahoma Dept of Securities notifying individuals affected by 2018 security incident
Here’s another case where there’s a long gap between discovery of an incident and notification to individuals. The Oklahoma Department of Securities had an incident that began Nov. 29, 2018. It was discovered December 11, 2018. On January 16, 2019, the agency issued a statement saying: The Oklahoma Department of Securities (ODS) has initiated a…
Personal and health insurance information of most of Panama’s citizenry found in unsecured database
Bob Diachenko reports that he found an unprotected and publicly available Elasticsearch cluster containing what appears to be 3,427,396 records of Panamanian citizens. According to Diachenko, each record in tables labeled “patient” contained the following info: full name date of birth national ID number (cedula) medical insurance number (poliza seguro medico) phone email address other…
Charnwood Borough Council data breach sees residents’ personal details published online
Dan Martin reports: A council has apologised after publishing residents’ personal details online by mistake. Officials at Charnwood Borough Council failed to remove from a document names, addresses, phone numbers and email addresses of people who responded to a survey on levels of council tax to be levied on empty homes before uploading it to…
Independent Health mistakenly emailed information on 7,600 members
Tracey Drury reports: Protected health information on more than 7,600 Independent Health members was accidentally emailed to a member in March, a breach that violates federal privacy laws. The Amherst-based health plan told members that an employee inadvertently emailed documents containing their information on March 19 to an unauthorized recipient who happened to be an…