Kate Conger and Dell Cameron report: Tarte Cosmetics, a cruelty-free cosmetics brand carried by major retailers like Sephora and Ulta, exposed the personal information of nearly two million customers in two unsecured online databases. The databases were publicly accessible and included customer names, email addresses, mailing addresses, and the last four digits of credit card…
Category: Exposure
UK: University of East Anglia not punished over data breach
BBC reports: A university that mistakenly emailed sensitive personal information about students to hundreds of undergraduates will face no further action. Details of health problems, family bereavements and personal issues were sent by the University of East Anglia (UEA) in Norwich to 298 students. The Information Commissioner’s Office said no regulatory action was needed. Read…
Cloudy with a chance of PHI leaks
Maybe we should do this one as a “write your own headline” exercise. Earlier this week, Kromtech Security reported that they had uncovered yet another improperly secured AWS S3 bucket that was exposing protected health information. The company that was responsible for the collection of the home monitoring data, Patient Home Monitoring, was exposing what…
Accenture left a huge trove of highly sensitive data on exposed servers
Zack Whittaker reports: Technology and cloud giant Accenture has confirmed it inadvertently left a massive store of private data across four unsecured cloud servers, exposing highly sensitive passwords and secret decryption keys that could have inflicted considerable damage on the company and its customers. The servers, hosted on Amazon’s S3 storage service, contained hundreds of…
NJ: Toms River Police Respond To Possible Data Breach
Chris Lundy has an update to a breach previously noted on this site last month. After a malfunction, some documents on a police database were potentially able to be accessed by non-police, according to a statement released by Chief Mitch Little. The incident began on Aug. 2, when it was discovered that the Computer Assisted…
City of Calgary embroiled in privacy breach class-action lawsuit
Lyle Adriano reports: The city of Calgary is facing a $92.9 million lawsuit for allegedly breaching the privacy rights of its employees. The suit, filed Tuesday, alleged a privacy breach in June 2016. The document claims that a city staffer sent an email to an employee of another Alberta municipality which contained the personal information…