Caroline Hudson reports: A Florida man has filed a class-action lawsuit regarding data breaches at Wyndham Capital Mortgage. Ethan Darnell filed the complaint on Dec. 10 in North Carolina’s Western District Court. In October, Charlotte-based Wyndham alerted clients and state attorneys general about an email data breach the month prior. A Wyndham employee sent an email…
Category: Exposure
Bill & Melinda Gates Foundation’s Charity GetSchooled Breaches 900k Children’s Details
WELP reports: The Financial Times was the first to break this story earlier today (29th December 2020. This breach occurred when GetSchooled (getschooled.com), a charity founded by the Bill & Melinda Gates Foundation in collaboration with Viacom left a database open and accessible to anyone with a browser and internet connection. According to TurgenSec: The breach impacts 930k individuals,…
Misconfigured AWS Bucket Exposes Hundreds of Social Influencers
Phil Muncaster reports: A misconfigured cloud storage bucket has exposed the personal details of hundreds of social media influencers, potentially putting them at risk of fraud and harassment, according to researchers. A team at vpnMentor discovered the AWS S3 bucket wide open with no encryption or password protection, back in early November. Action has apparently…
Vn: Leaky Server Exposes 12 Million Medical Records to Meow Attacker
Phil Muncaster reports: A healthcare technology company leaked 12 million records on patients including highly sensitive diagnoses, before the exposed cloud server was struck by the infamous “meow” attacker, researchers have revealed. A team at SafetyDetectives led by Anurag Sen discovered the leaky Elasticsearch server in late October after a routine IP address scan, although…
UK: Pensions firm NOW tells some customers a ‘service partner’ leaked their data all over ‘public software forum’
Matthew Hughes reports: Workplace pension provider NOW: Pensions has emailed a number of UK customers to warn about a data leakage caused by contractor error. The email, seen by this publication, claims a service provider “unintentionally” posted user data to an unnamed “public software forum”. These records include biographical data (names, email addresses, and dates…
TennCare announces privacy breach impacting 3,300 members
WKRN reports: TennCare, Gainwell Technologies LLC, and Axis Direct, Inc. announced a privacy breach impacting certain TennCare members in a joint statement on Monday. According to the statement, around 3,300 Medicaid members in the state of Tennessee have been notified of a privacy issue that may have impacted their health information. Gainwell, which runs the…