Suzanne Smalley reports: Whitepages is the latest data broker to be sued for allegedly flouting laws barring the publication of home addresses and other personal information belonging to judges, police officers, prosecutors and others in law enforcement. A retired West Virginia police officer filed a class action lawsuit against the company late last month for publishing his…
Category: Exposure
Online AI Mental Health and Addiction Treatment Provider Exposed Patient Data
For your “no need to hack when it’s leaking” files: Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password-protected database that contained thousands of records belonging to Confidant Health — an AI-powered platform offering mental health and addiction treatment. The database contained patient PII, psychosocial assessments including details about mental health or substance abuse,…
National Public Data Published Its Own Passwords
Brian Krebs reports: New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its…
Belfast Trust investigating patient details data breach at Mental Health unit
Connor Lynch reports: The Belfast Trust is currently investigating a data breach at a mental health unit after pictures were taken of patients’ details through the window of an office. The incident took place at the Rathlin Outpatients ward of the Knockbracken Health Centre when someone entered the grounds and took pictures through an open…
4.6 Million Voter and Election Documents Exposed Online by Technology Contractor
VpnMentor reports that researcher Jeremiah Fowler discovered 13 non-password-protected databases that contained 4.6 million documents, including voter records, ballots, multiple lists, and election-related records. Through his research, Fowler found that the data was owned by Platinum Technology Resource/Platinum Elections Services. Once I was reasonably sure who managed the database, I sent a responsible disclosure notice…
Turning the tables: two gangs’ opsec fails exposed data; good guys deleted it
Yesterday’s Risky Biz News reported that threat intel firm DarkAtlas says it gained access to one of the Rclone data exfil servers used by the Medusa ransomware group. How many times have researchers uncovered exposed data and warned that threat actors might be able to acquire, manipulate, or delete data? In today’s post, we read…