Henry Dyer reports: Private details relating to more than 50,000 letters sent out by banks and local authorities were indexed by Google after a London-based outsourcing firm left its system hopelessly exposed. Details about everything from insolvency to final reminders of unpaid council tax and mortgage holidays were left available for anyone to view since…
Category: Exposure
The Internet’s Biggest Webmaster Forum Had a Data Leak
Jeremiah Fowler writes: Another day and another big data leak. On July 1st the WebsitePlanet research team in cooperation with Security Researcher Jeremiah Fowler discovered a non-password protected database that contained records of the internet’s largest webmaster portal. Upon further research it appeared that Digital Point had leaked the data of 863,412 users. Digital Point claims to…
Prison phone service Telmate exposes messages, personal info of millions of inmates and their contacts
Paul Bischoff reports: Telmate, a service used by incarcerated inmates at US prisons to communicate with their friends and loved ones, has exposed a database containing tens of millions of call logs, private messages, and personal information about inmates and their contacts. The database was exposed on the web without a password or any other…
47 names of clergy abuse victims part of accidental email leak
Christopher White writes: A clergy abuse victim who participated in the Philadelphia Archdiocese’s independent compensation program for survivors is alleging that the confidentiality of nearly 50 other victims was compromised when the program administrator mistakenly sent the individual an email in 2019 with the names of participants from another diocese’s program. Since October 2016, Kenneth…
UK: Southern Water customers could view others’ personal data by tweaking URL parameters
Gareth Corfield reports: Southern Water – British supplier of the liquid of life – botched its internal Sharepoint implementation so badly that a customer was able to view other people’s account details. Reg reader Chris H discovered that the way Southern Water had set up Sharepoint to host customer information as a “your account” style section…
‘Human error’ results in privacy breach for Children’s Disability Services clients: Manitoba government
Charles Lefebvre reports: The Manitoba government says ‘human error’ resulted in personal information about Children’s Disability Services (CDS) clients being unintentionally shared this week. On Friday, the province said in a news release that the privacy breach occurred on Aug. 26, when staff from CDS “accidentally sent an email intended for the Manitoba Advocate for…