Zack Whittaker and Manish Singh report: Dr Lal PathLabs, one of the largest lab testing companies in India, left a huge cache of patient data on a public server for months, TechCrunch has learned. The lab testing giant, headquartered in New Delhi, serves some 70,000 patients a day, and quickly became a major player in testing…
Category: Exposure
0x00sec – Security Incident Notification – September 30th 2020
Dear 0x00sec Users, We are writing to you with important information regarding a recent security incident involving your personal information from https://0x00sec.org 12. We became aware of the incident September 7th, 2020, when a security researcher from Thug Crowd privately disclosed to us that our S3 bucket containing database backups was publicly accessible. The S3 bucket was…
Data breach: Dfat reveals email addresses of vulnerable Australians stranded overseas
Margaret Simons reports: The private email addresses of hundreds of vulnerable Australian travellers stranded overseas have been accidentally revealed by the Department of Foreign Affairs and Trade. The addresses were included in an email sent to multiple recipients before midday on Wednesday by the Covid-19 consular operations section of Dfat. Read more on The Guardian.
Security lapse exposes hundreds of addresses of Minnesotans infected with COVID-19
Jay Kolls reports: In April, Gov. Tim Walz signed an executive order allowing the Minnesota Department of Health and the Minnesota Department of Public Safety to share addresses of COVID-19 patients with first responders across Minnesota. The governor imposed strict guidelines for sharing those addresses to protect the identity of Minnesotans with COVID-19. MDH and…
Data breach at New York Sports Clubs owner exposed customer data
Zack Whittaker reports: Town Sports International, the parent company of New York Sports Clubs and Christi’s Fitness gyms, is mopping up after a security lapse exposed customer data. Security researcher Bob Diachenko received a tip from a contact, Sami Toivonen, about an unprotected server containing almost a terabyte of spreadsheets representing years of internal company…
Spokane health district apologizes for accidental disclosure of personal health info
Megan Carroll reports: The Spokane Regional Health District is apologizing on Monday after it accidentally disclosed personal health information to a partner agency. According to a press release, SRHD discovered the unauthorized disclosure to Northeast Washington Educational Service District 101 on Tuesday, Sept. 8. Recipients included school administrations and nursing staff. Read more on KREM.