Here’s today’s example of “No Need to Hack When It’s Leaking.” Zack Whittaker reports: Pharmaceutical giant AstraZeneca has blamed “user error” for leaving a list of credentials online for more than a year that exposed access to sensitive patient data. Mossab Hussein, chief security officer at cybersecurity startup SpiderSilk, told TechCrunch that a developer left the…
Category: Exposure
Healthcare provider to incarcerated people discloses breach by data security incident by claims processor
Mediko, Inc. has issued a press release concerning an unintended exposure of protected health information by their third-party claims processor, CorrectCare. According to their notice, on July 6, CorrectCare discovered that two file directories on their server had been misconfigured and were exposing files to the public. The investigation subsequently determined that the exposure occurred…
NC: UCPS student information made vulnerable due to insufficient security protections by vendor, superintendent says
WBTV Web Staff and Nick Ochsner report: Private information of students at schools districts and charter schools across the state were left vulnerable by a software misconfiguration by a third-party vendor, Union County Public Schools Superintendent Andrew Houlihan told parents in a letter this week. According to the letter, the misconfiguration came after iLeadr, a company used…
Amazon accidentally exposed an internal server packed with Prime Video viewing habits
Zack Whittaker reports: It feels like every other day another tech startup is caught red-faced spilling reams of data across the internet because of a lapse in security. But even for technology giants like Amazon, it’s easy to make mistakes. Security researcher Anurag Sen found a database packed with Amazon Prime viewing habits stored on an internal Amazon server that…
NC investigating claims Facebook received WakeMed, Duke Health patient data
Lauren Ohnesorge reports: A month after a federal lawsuit alleged Triangle hospitals disclosed patient phone numbers and other information to Facebook (Nasdaq: META) without permission, North Carolina officials confirm the state is also investigating. The accusations involve Facebook’s Pixel tracking tool, which plaintiff attorneys in multiple lawsuits filed across the country claim is being improperly used…
NZ: Prospective students caught up in University of Otago data breach
Sinead Gill reports: For six weeks, most University of Otago students, including prospective students, had their personal information unprotected. A University spokesperson told Stuff while the risk of harm was “incredibly low”, some information was potentially accessible over this period, and most students could expect to be contacted by a privacy officer.” On October 5, the University…