An email gaffe due to not using bcc: instead of cc: or TO: revealed almost 400 Ohio State University students’ disability status to other students. Read the story on The Lantern. Note that this is a FERPA issue, and there really is no requirement for breach notification to those impacted, but the unintended disclosure needs…
Category: Exposure
A massive ‘stalkerware’ leak puts the phone data of thousands at risk
Zack Whittaker reports: The private phone data of hundreds of thousands of people are at risk. Call records, text messages, photos, browsing history, precise geolocations and call recordings can all be pulled from a person’s phone because of a security issue in widely used consumer-grade spyware. But that’s about as much as we can tell you….
UK: Schools email marketing company told us to go away when we told them of exposed database creds, say infoseccers
Gareth Corfield reports: An email marketing company claiming to hold details on a million UK teachers and school admin personnel was potentially exposing those to the public internet thanks to a misconfigured error page on its website. Not only that, but the Schools Marketing Company (SMC) seemingly dismissed the findings of the infosec company which…
Informed of a data leak in July, Brazilian integrator platform continued to expose more than 1.75 billion files
Updated at 11:11 am: DataBreaches.net has been informed the data have been secured. Remember when the Brazilian government complained about Raid Forums for posting so many leaks and data dumps from Brazil? If this one ever shows up on Raid Forums, they will probably go nuts. Safety Detectives reports: The Safety Detectives cybersecurity team, led by Anurag Sen,…
Missouri Teachers’ Social Security numbers at risk on state agency’s website; state’s response is to shoot the messenger?
Josh Renaud reports: The Social Security numbers of school teachers, administrators and counselors across Missouri were vulnerable to public exposure due to flaws on a website maintained by the state’s Department of Elementary and Secondary Education. The Post-Dispatch discovered the vulnerability in a web application that allowed the public to search teacher certifications and credentials…
350 Qld border-pass applicants caught in police privacy breach
Matt Dennien reports: The Queensland Police Service has again been caught up in a privacy breach, this time involving the email addresses of more than 350 people – including AFP, Defence and Queensland Health staff –trying to return to Queensland. Read more on The Age. So after telling recipients to keep the invitation hush-hush, they…