Zack Whittaker reports: Fearing the spread of coronavirus, jails and prisons remain on lockdown. Visitors are unable to see their loved ones serving time, forcing friends and families to use prohibitively expensive video visitation services that often don’t work. But now the security and privacy of these systems are under scrutiny after one St Louis-based prison video visitation provider…
Category: Exposure
Dr Lal PathLabs, one of India’s largest blood test labs, exposed patient data
Zack Whittaker and Manish Singh report: Dr Lal PathLabs, one of the largest lab testing companies in India, left a huge cache of patient data on a public server for months, TechCrunch has learned. The lab testing giant, headquartered in New Delhi, serves some 70,000 patients a day, and quickly became a major player in testing…
0x00sec – Security Incident Notification – September 30th 2020
Dear 0x00sec Users, We are writing to you with important information regarding a recent security incident involving your personal information from https://0x00sec.org 12. We became aware of the incident September 7th, 2020, when a security researcher from Thug Crowd privately disclosed to us that our S3 bucket containing database backups was publicly accessible. The S3 bucket was…
Data breach: Dfat reveals email addresses of vulnerable Australians stranded overseas
Margaret Simons reports: The private email addresses of hundreds of vulnerable Australian travellers stranded overseas have been accidentally revealed by the Department of Foreign Affairs and Trade. The addresses were included in an email sent to multiple recipients before midday on Wednesday by the Covid-19 consular operations section of Dfat. Read more on The Guardian.
Security lapse exposes hundreds of addresses of Minnesotans infected with COVID-19
Jay Kolls reports: In April, Gov. Tim Walz signed an executive order allowing the Minnesota Department of Health and the Minnesota Department of Public Safety to share addresses of COVID-19 patients with first responders across Minnesota. The governor imposed strict guidelines for sharing those addresses to protect the identity of Minnesotans with COVID-19. MDH and…
Data breach at New York Sports Clubs owner exposed customer data
Zack Whittaker reports: Town Sports International, the parent company of New York Sports Clubs and Christi’s Fitness gyms, is mopping up after a security lapse exposed customer data. Security researcher Bob Diachenko received a tip from a contact, Sami Toivonen, about an unprotected server containing almost a terabyte of spreadsheets representing years of internal company…