Alistair reports: Moray MP Douglas Ross is seeking an update from the Scottish Ambulance Service (SAS) after again being contacted by the whistleblower who first revealed the data information breach. The SAS launched a probe when the matter was first highlighted by the Press and Journal in October, revealing that highly personal information about employees had been…
Category: Exposure
Security breach on Emirati website leads to leaked info of Israelis
Tobias Siegal reports: An Emirati website has leaked the personal information of thousands of Israelis who used it for planning their trip to Dubai, the N12 news site reported Thursday. The Dubai-based website Sharaf Travels was used by many Israelis who took the exciting opportunity to vacation in Dubai, as new Middle East destinations traditionally closed to…
Company that Provides Travel Emergency Services Settles FTC Allegations it Failed to Secure Sensitive Consumer Data
It feels like it’s been a while since we’ve seen an FTC data security case (well, apart from Zoom’s issues). Today, FTC issued a press release about a settlement stemming from SkyMed International’s misconfigured elastic search instance that exposed more than 130,000 people’s information. The exposed data were discovered by Jeremiah Fowler and reported in…
Spotify notifies customers of breach, files under CCPA
Steve Zurier reports: Streaming service Spotify has notified an unspecified number of its customers of a data breach, responding by resetting passwords on the accounts that were attacked. […] In a breach notification letter dated Dec. 9 to its customers and filed with the California attorney general, Spotify said the company discovered the vulnerability on its system…
UK: One security incident affects more than half of East Devon Council, another affects home sales in Hackney
BBC reports: Members of a Devon district council suffered a significant data breach when more than half had passwords made available online to other councillors. Thirty-seven of 60 East Devon District Council members were affected by the breach at the start of November, a full council meeting has heard. Swift action was taken to rectify…
Data Protection Commission announces decision in Twitter inquiry
15th December 2020 The Data Protection Commission (DPC) has today announced a conclusion to a GDPR investigation it conducted into Twitter International Company. The DPC’s investigation commenced in January, 2019 following receipt of a breach notification from Twitter and the DPC has found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms…