Ax Sharma reports: RaidForums is an underground place where private databases obtained from data breaches, vulnerability exploits, and credit card information sets are illegally traded by threat actors, or sometimes leaked for free. On RaidForums, the “Staff General” section is typically restricted to internal staff members only, but in an ironic twist of fate, this private section was accidentally left open for viewing by…
Category: Exposure
Afghanistan: Investigation launched into interpreter data breach
Today’s reminder that even the leak of an email address can put someone’s life at risk. Phil Kemp, Lucy Manning, and Ed Campbell report: Defence Secretary Ben Wallace has ordered an investigation into a data breach involving the email addresses of dozens of Afghan interpreters who worked for British forces. More than 250 people seeking…
EventBuilder misconfiguration exposed event registrants’ information
If you ever used EventBuilder to register as an attendee at an event, then you may be among those whose personal information has been exposed in a leak estimated to have affected more than 100,000 people. The leak was spotted by Bob Diachenko and responsibly disclosed by Diachenko and Clario Tech according to a new report…
MN: Mankato Clinic notifies patients of health data breach
Mitch Keegan reports: The Mankato Clinic has notified more than 500 patients of a breach of unsecured protected health information. In a news release, Mankato Clinic says on August 3rd an electronic spreadsheet containing patient information for 535 patients was mistakenly e-mailed to a colleague of a Mankato Clinic employee to an external e-mail account. The e-mail…
TX: Lubbock County confirms private information accessible under new computer system, says situation not a data breach
Samantha Jarpe reports: Lubbock County released a statement Tuesday about previously private court information being made available to the public via a new records system. An earlier release by the Lubbock County Defense Lawyers Association characterized the incident as a data breach. The association said it became aware of the situation September 10. According to…
Walgreens’ Covid-19 test registration system exposed — and still exposes? — patient data
Sara Morrison reports: If you got a Covid-19 test at Walgreens, your personal data — including your name, date of birth, gender identity, phone number, address, and email — was left on the open web for potentially anyone to see and for the multiple ad trackers on Walgreens’ site to collect. In some cases, even…