One of the most disturbing privacy and data security cases of the decade has come to an end of sorts. Rick Callahan of AP reports the update to a case first reported last year, but caution: this story may be triggering for some people. Indiana’s attorney general recommended no criminal charges or licensing actions Wednesday…
Category: Exposure
NC: Charlotte’s Wyndham Capital involved in class-action lawsuit over data breaches
Caroline Hudson reports: A Florida man has filed a class-action lawsuit regarding data breaches at Wyndham Capital Mortgage. Ethan Darnell filed the complaint on Dec. 10 in North Carolina’s Western District Court. In October, Charlotte-based Wyndham alerted clients and state attorneys general about an email data breach the month prior. A Wyndham employee sent an email…
Bill & Melinda Gates Foundation’s Charity GetSchooled Breaches 900k Children’s Details
WELP reports: The Financial Times was the first to break this story earlier today (29th December 2020. This breach occurred when GetSchooled (getschooled.com), a charity founded by the Bill & Melinda Gates Foundation in collaboration with Viacom left a database open and accessible to anyone with a browser and internet connection. According to TurgenSec: The breach impacts 930k individuals,…
Misconfigured AWS Bucket Exposes Hundreds of Social Influencers
Phil Muncaster reports: A misconfigured cloud storage bucket has exposed the personal details of hundreds of social media influencers, potentially putting them at risk of fraud and harassment, according to researchers. A team at vpnMentor discovered the AWS S3 bucket wide open with no encryption or password protection, back in early November. Action has apparently…
Vn: Leaky Server Exposes 12 Million Medical Records to Meow Attacker
Phil Muncaster reports: A healthcare technology company leaked 12 million records on patients including highly sensitive diagnoses, before the exposed cloud server was struck by the infamous “meow” attacker, researchers have revealed. A team at SafetyDetectives led by Anurag Sen discovered the leaky Elasticsearch server in late October after a routine IP address scan, although…
UK: Pensions firm NOW tells some customers a ‘service partner’ leaked their data all over ‘public software forum’
Matthew Hughes reports: Workplace pension provider NOW: Pensions has emailed a number of UK customers to warn about a data leakage caused by contractor error. The email, seen by this publication, claims a service provider “unintentionally” posted user data to an unnamed “public software forum”. These records include biographical data (names, email addresses, and dates…