Gareth Corfield reports: A business app developer’s unsecured Microsoft Azure blob left more than half a million confidential and sensitive documents belonging to its customers freely exposed to the public internet, The Register can reveal. Information contained in the blob included occupational health assessments, insurance claim documents from US firms underwritten by Lloyds of London, and…
Category: Exposure
IN: Telangana Government Site Flaw Exposed Sensitive Data of All Its Employees, Pensioners; Fixed Only After Three Months
Jagmeet Singh reports: Telangana state government took over three months to protect sensitive details of its employees and pensioners from its website. The Indian Computer Emergency Response Team (CERT-In) confirmed the vulnerability and replied on email in September to say that the authorities had been intimated about the issue, and Telangana IT Secretary Jayesh Ranjan…
UK: Assurances sought Moray ambulance staff hit by data breach are receiving support
Alistair reports: Moray MP Douglas Ross is seeking an update from the Scottish Ambulance Service (SAS) after again being contacted by the whistleblower who first revealed the data information breach. The SAS launched a probe when the matter was first highlighted by the Press and Journal in October, revealing that highly personal information about employees had been…
Security breach on Emirati website leads to leaked info of Israelis
Tobias Siegal reports: An Emirati website has leaked the personal information of thousands of Israelis who used it for planning their trip to Dubai, the N12 news site reported Thursday. The Dubai-based website Sharaf Travels was used by many Israelis who took the exciting opportunity to vacation in Dubai, as new Middle East destinations traditionally closed to…
Company that Provides Travel Emergency Services Settles FTC Allegations it Failed to Secure Sensitive Consumer Data
It feels like it’s been a while since we’ve seen an FTC data security case (well, apart from Zoom’s issues). Today, FTC issued a press release about a settlement stemming from SkyMed International’s misconfigured elastic search instance that exposed more than 130,000 people’s information. The exposed data were discovered by Jeremiah Fowler and reported in…
Spotify notifies customers of breach, files under CCPA
Steve Zurier reports: Streaming service Spotify has notified an unspecified number of its customers of a data breach, responding by resetting passwords on the accounts that were attacked. […] In a breach notification letter dated Dec. 9 to its customers and filed with the California attorney general, Spotify said the company discovered the vulnerability on its system…