Mark Holden of Website Planet reports on a big Oops! involving Prestige Software in Spain and a misconfigured AWS bucket: Courtesy of our security team at Website Planet, we can reveal that a hotel reservation platform has been exposing highly sensitive data from millions of hotel guests worldwide, dating as far back as 2013 and including…
Category: Exposure
Trump lawsuit site to report rejected votes leaked voter data
No one could have ever foreseen this happening because nobody ever knew how difficult web site security could be….. Ax Sharma reports: The DontTouchTheGreenButton.com website just launched by the Trump campaign in relation to the recently filed Arizona “rejected votes” lawsuit was discovered to be leaking voter data. The data included the voter name, address, and a unique…
Ie: Data Protection Commission Fine on Tusla Child and Family Agency Confirmed in Court
From the Irish DPC this week: The Irish Data Protection Commission (DPC) today had the decision to impose an administrative fine on Tusla Child and Family Agency confirmed in the Dublin Circuit Court. The application to confirm the decision to impose an administrative fine of €75,000 was made pursuant to Section 143 of the Data…
Police open case into leak of 500 soldiers’ personal data
Unian reports: Ukrainian Ombudsperson’s Office says law enforcers have initiated criminal proceedings over the publication on the Internet of personal data of 500 soldiers who had taken part in the Joint Forces Operation in the Donbas warzone. “As a result of the response on the part of the Ukrainian Verkhovna Rada Commissioner for Human Rights, publication…
Cork hospital fined €65k after patients’ personal data found in public recycling facility
Cianan Brennan reports: The Data Protection Commission (DPC) has handed down a €65,000 fine to Cork University Maternity Hospital (CUMH) after the personal data of 78 of its patients was discovered disposed of in a public recycling facility elsewhere in the county. The complaint was first raised with the DPC in June 2019 after a…
Configuration snafu exposes passwords for two million marijuana growers
Catalin Cimpanu reports: GrowDiaries, an online community where marijuana growers can blog about their plants and interact with other farmers, has suffered a security breach in September this year. The breach occurred after the company left two Kibana apps exposed on the internet without administrative passwords. Read more on ZDNet. h/t, @Chum1ng0