Kevin Landrigan reports: Manchester school administrators confirmed Friday that a data breach occurred when individual student scores on tests were inadvertently sent to all families of Hallsville Elementary School students. The individual score sheets were attached to an email sent out on the results of the latest iReady data on reading and math tests which…
Category: Exposure
Changing numeric ID in url allowed students to view other Stanford students’ admission files, sensitive personal data
Julia Ingram and Hannah Knowles report: Before this week, Stanford students could view the Common Applications and high school transcripts of other students if they first requested to view their own admission documents under the Family Educational Rights and Privacy Act (FERPA). Accessible documents contained sensitive personal information including, for some students, Social Security numbers….
Chinese company leaves Muslim-tracking facial recognition database exposed online
Catalin Cimpanu reports: One of the facial recognition databases that the Chinese government is using to track the Uyghur Muslim population in the Xinjiang region has been left open on the internet for months, a Dutch security researcher told ZDNet. The database belongs to a Chinese company named SenseNets, which according to its website provides…
Mumsnet reports itself to regulator over data breach
Alex Hern reports: Mumsnet has reported itself to the information commissioner after a data breach resulted in users accidentally logging into the accounts of strangers. A botched upgrade to the software the forum runs on meant that for three days, if two users tried to log in at the same time, there was the possibility…
Is your airline’s e-ticketing system putting your data at risk?
Liarna LaPorta of Wandera reports: Wandera’s threat research team has discovered a vulnerability affecting a number of airline e-ticketing systems that can expose passengers’ personally identifiable information (PII). This vulnerability can expose passenger data by using links that are easily intercepted by hackers. The intercepted and unencrypted links enable unauthorized third parties to view, and…
Indecent disclosure: Gay dating app left “private” images, data exposed to Web
Sean Gallagher reports on yet another exposed Amazon bucket: Jack’d, a “gay dating and chat” application with more than 1 million downloads from the Google Play store, has been leaving images posted by users and marked as “private” in chat sessions open to browsing on the Internet, potentially exposing the privacy of thousands of users….