Zeljka Zorz reports: Chinese e-commerce giant Gearbest has exposed information and orders of millions of its customers through an unsecured Elasticsearch server, security researcher Noam Rotem and his team have found. According to Rotem, the server was not protected with a password and anyone could access it and search the data. Also, despite assurances from…
Category: Exposure
Dozens of companies leaked sensitive data thanks to misconfigured Box accounts
Zack Whittaker reports: Security researchers have found dozens of companies inadvertently leaking sensitive corporate and customer data because staff are sharing public links to files in their Box enterprise storage accounts that can easily be discovered. The discoveries were made by Adversis, a cybersecurity firm, which found major tech companies and corporate giants had left…
Thousands of Arizonans hit in Medicaid agency’s data breach
Jessica Suerth reports: Thousands of Arizonans were affected by a data breach earlier this year that targeted the state’s Medicaid agency, it was announced Monday. The breach of the Arizona Health Care Cost Containment System affected more than 3,100 individuals when their IRS 1095-B forms were delivered to the wrong addresses. Read more on KTAR.
Hundreds of immigrant recruits risk ‘death sentence’ after Army bungles data, lawmaker says
Today’s reminder that some “human error” breaches can put lives at risk. Alex Horton reports: Army officials inadvertently disclosed sensitive information about hundreds of immigrant recruits from nations such as China and Russia, in a breach that could aid hostile governments in persecuting them or their families, a lawmaker and former U.S. officials said. A…
Licensed Producer under scrutiny for possible privacy breach of patient info
Emma Spears reports: Reports are surfacing that Canadian licensed producer RedeCan is facing a privacy breach after a mass email to patients revealed their personal information to other patients. Although officials from RedeCan have not commented publicly, an email from the LP to a patient impacted by the breach indicates the company has self-reported the…
MA: Release of employees’ partial Social Security numbers troubles Worcester teachers, School Committee members
Scott O’Connell reports: Teachers and School Committee members are looking for answers from the School Department in the wake of the district’s release of personal information for thousands of school employees to a testing company last year. According to Worcester Superintendent Maureen Binienda, the district’s IT department opted to use the last four digits of…