VpnMentor reports that researcher Jeremiah Fowler discovered 13 non-password-protected databases that contained 4.6 million documents, including voter records, ballots, multiple lists, and election-related records. Through his research, Fowler found that the data was owned by Platinum Technology Resource/Platinum Elections Services. Once I was reasonably sure who managed the database, I sent a responsible disclosure notice…
Category: Exposure
Turning the tables: two gangs’ opsec fails exposed data; good guys deleted it
Yesterday’s Risky Biz News reported that threat intel firm DarkAtlas says it gained access to one of the Rclone data exfil servers used by the Medusa ransomware group. How many times have researchers uncovered exposed data and warned that threat actors might be able to acquire, manipulate, or delete data? In today’s post, we read…
UAB study postcard discloses patient information
Haven’t seen a postcard health data breach in a while, but here we are. WBRC in Birmingham Alabama reports The UAB School of Nursing has informed 1,655 patients this week of an incident in which a study recruitment postcard sent to the patients inadvertently shared protected health information (PHI). According to a press release from…
In: KEM staffers make paper plates out of patient reports; notice issued
Read the following story seen on Business Standard and then tell me what word you would use to describe your reaction. The administration of King Edward Memorial (KEM) Hospital, a civic-run facility, has issued show-cause notices to six staff members following the circulation of a video showing paper plates made from folders of patients’ reports….
Sensitive Toledo Police Department documents found in trash
Here’s a reminder that not all breaches are cyber breaches. We still read about entities that just toss files with sensitive information in the trash. Alexis Means recently reported on a police department that is allegedly a repeat offender that way: the Toledo Police Department in Ohio. Toledo Police have launched an investigation into who…
Almost all citizens of city of Eindhoven have their personal data exposed
Graham Cluley reports: A data breach involving the Dutch city of Eindhoven left the personal information related to almost all of its citizens exposed. As Eindhovens Dagblad reports, two files containing the personal data of 221,511 inhabitants of Eindhoven were accessible to unauthorised parties for a period of time last year. Everyone who lives in the Netherlands…