Steve Zurier reports: Streaming service Spotify has notified an unspecified number of its customers of a data breach, responding by resetting passwords on the accounts that were attacked. […] In a breach notification letter dated Dec. 9 to its customers and filed with the California attorney general, Spotify said the company discovered the vulnerability on its system…
Category: Exposure
UK: One security incident affects more than half of East Devon Council, another affects home sales in Hackney
BBC reports: Members of a Devon district council suffered a significant data breach when more than half had passwords made available online to other councillors. Thirty-seven of 60 East Devon District Council members were affected by the breach at the start of November, a full council meeting has heard. Swift action was taken to rectify…
Data Protection Commission announces decision in Twitter inquiry
15th December 2020 The Data Protection Commission (DPC) has today announced a conclusion to a GDPR investigation it conducted into Twitter International Company. The DPC’s investigation commenced in January, 2019 following receipt of a breach notification from Twitter and the DPC has found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms…
Fax Express leaked database noted by New Jersey
Seen on NJCCIC, a summary of a breach noted by them on December 10: A hacked database belonging to Fax Express, an office equipment supply store based in Ocean County, NJ was exposed, revealing approximately 560,000 compromised usernames and dehashed passwords. The breached database is connected to the domain shredderstoo[.]com and is assessed to be owned…
Tech unicorn UiPath discloses data breach
Catalin Cimpanu reports: Tech unicorn UiPath, a startup that makes robotics automation software, is currently emailing users about a security incident that exposed their personal information online. “On December 1, 2020, UiPath became aware of an incident that resulted in unauthorized disclosure of a file containing limited personal information about users of UiPath Academy,” the…
Norwegian DPA imposes administrative fine to Østfold HF Hospital
From EDPB on November 25: The Norwegian Data Protection Authority has decided on an administrative fee of NOK 750,000 to Østfold HF Hospital. The background is that in the period 2013-2019, the hospital stored report extracts from patient records outside the safe zone. The case started with a notice of personal data breach from the…