Today’s episode of Incident Response Fail involves a cybersecurity professional/bug bounty hunter, Mohamed Suwaiz, and a driver training company in Texas, Smith System, that seemed to stubbornly resist his efforts to alert them to a data leak. Although Suwaiz (@Msuwaiz on Twitter) describes himself as being motivated by bug bounties, when there’s no bounty to…
Category: Exposure
Florida Virtual School database now uploaded to HaveIBeenPwned
From Troy Hunt, an aid to parents who want to check if their email address or their child’s email address was in a leaked database: New breach: The Florida Virtual School had 368k student records with 543k email addresses exposed including names, grades and dates of birth. It’s flagged as “sensitive” due to the prevalence…
The Dutch Data Protection Authority accidentally leaked its employees’ data
MIX reports: Oh, sweet irony: the Dutch Data Protection Authority – where registered companies are required to report breaches in data – has accidentally leaked the names of some of its employees in over 800 public documents, local outlet NU.nl reports. The discovery comes from Dutch cybersecurity firm NFIR. Pauline Gras from the Dutch Data…
Walmart jewelry partner exposed 1.3 million customer details
Bob Diachenko writes: On February 6th, 2018 researchers at Kromtech security came across another publicly accessible Amazon s3 bucket. This one contained a MSSQL database backup, which was found to hold the personal information, including names, addresses, zip codes, phone numbers, e-mail addresses, ip addresses, and, most shockingly, plain text passwords, for shopping accounts of over…
Luxembourg Chamber of Deputies refers data leak to Prosecutor’s Office
Barbara Tasch reports: Luxembourg’s Chamber of Deputies has confirmed it referred a data leak on its website to the Prosecutor’s Office. The Chamber’s decision was based on Article 23 of the Code of Criminal Procedure, which states that any civil servant must report a suspected crime. Last week, Luxembourg’s public radio station 100,7 claimed there was a…
Owner says North Battleford store receiving private medical records via fax
If you harbored any hope that we might be done with breaches due to misdirected faxes, I hate to disillusion you, but Meaghan Craig and Thomas Piller report yet another example in Canada: The Saskatchewan Health Authority is looking into instances where confidential medical records were allegedly faxed to a computer store in North Battleford….