Tom Spring reports: The regional internet registrar that administers IP addresses for the Asia Pacific region accidentally leaked Whois database data, including hashed passwords, forcing it to reset all passwords for objects in its Whois database. According to Asia Pacific Network Information Center (APNIC), the organization that maintains domains for the region, it experienced a…
Category: Exposure
Cosmetics Brand Tarte Exposed Personal Information About Nearly 2 Million Customers
Kate Conger and Dell Cameron report: Tarte Cosmetics, a cruelty-free cosmetics brand carried by major retailers like Sephora and Ulta, exposed the personal information of nearly two million customers in two unsecured online databases. The databases were publicly accessible and included customer names, email addresses, mailing addresses, and the last four digits of credit card…
UK: University of East Anglia not punished over data breach
BBC reports: A university that mistakenly emailed sensitive personal information about students to hundreds of undergraduates will face no further action. Details of health problems, family bereavements and personal issues were sent by the University of East Anglia (UEA) in Norwich to 298 students. The Information Commissioner’s Office said no regulatory action was needed. Read…
Cloudy with a chance of PHI leaks
Maybe we should do this one as a “write your own headline” exercise. Earlier this week, Kromtech Security reported that they had uncovered yet another improperly secured AWS S3 bucket that was exposing protected health information. The company that was responsible for the collection of the home monitoring data, Patient Home Monitoring, was exposing what…
Accenture left a huge trove of highly sensitive data on exposed servers
Zack Whittaker reports: Technology and cloud giant Accenture has confirmed it inadvertently left a massive store of private data across four unsecured cloud servers, exposing highly sensitive passwords and secret decryption keys that could have inflicted considerable damage on the company and its customers. The servers, hosted on Amazon’s S3 storage service, contained hundreds of…
NJ: Toms River Police Respond To Possible Data Breach
Chris Lundy has an update to a breach previously noted on this site last month. After a malfunction, some documents on a police database were potentially able to be accessed by non-police, according to a statement released by Chief Mitch Little. The incident began on Aug. 2, when it was discovered that the Computer Assisted…