Zack Whittaker reports: A California-based medical startup that provides COVID-19 testing across Los Angeles has pulled down a website it used to allow customers to access their test results after a customer found a vulnerability that allowed access to other people’s personal information. Total Testing Solutions has 10 COVID-19 testing sites across Los Angeles, and processes…
Category: Exposure
Secret terrorist watchlist with 2 million records exposed online
Ax Sharma reports: A secret terrorist watchlist with 1.9 million records, including classified “no-fly” records was exposed on the internet. The list was left accessible on an Elasticsearch cluster that had no password on it. Read more on BleepingComputer. The government wouldn’t respond to inquiries by BleepingComputer as to whether this was the government’s Terrorist Screening Center list, and whether…
JP Morgan Chase Bank Admitted Leaking Sensitive Data of its Customers
Ax Sharma reports: Chase Bank has admitted to the presence of a technical bug on its online banking website and app that allowed accidental leakage of customer banking information to other customers. […] The issue is believed to have lasted between May 24th and July 14th this year, and impacted both online banking and Chase Mobile app customers who…
Current and former North Carolina state employees notified of unintended exposure of file on intranet
From the no-need-to-hack-when-it’s-leaking dept., state edition, the North Carolina Department of Information Technology and Office of State Human Resources are notifying 84,860 current or former state agency employees that a file with their name and SSN was uploaded by mistake to a state intranet site accessed by more than 65,000 authenticated users: We are writing…
Brooklyn Tech students uncovered a NYC schools data breach.
Pooja Salhotra reports: Teachers’ social security numbers, student academic records, and families’ home addresses are among the dozens of pieces of information a group of tech savvy high school students stumbled across on Google Drive this year. The documents — many of which contained confidential information — were leaked because of a quirk in the…
Reindeer Leak Personal Data of 3,00,000 Users In A Breach
When the data are old and the company is defunct, it’s a headache making notification and getting a leaky Amazon AWS S3 bucket secured. eHackingNews reports: WizCase’s cybersecurity group discovered a prominent breach impacting Reindeer, an American marketing company that previously worked with Tiffany & Co., Patròn Tequila, and other companies. Led by Ata Hakçil,…