Dear 0x00sec Users, We are writing to you with important information regarding a recent security incident involving your personal information from https://0x00sec.org 12. We became aware of the incident September 7th, 2020, when a security researcher from Thug Crowd privately disclosed to us that our S3 bucket containing database backups was publicly accessible. The S3 bucket was…
Category: Exposure
Data breach: Dfat reveals email addresses of vulnerable Australians stranded overseas
Margaret Simons reports: The private email addresses of hundreds of vulnerable Australian travellers stranded overseas have been accidentally revealed by the Department of Foreign Affairs and Trade. The addresses were included in an email sent to multiple recipients before midday on Wednesday by the Covid-19 consular operations section of Dfat. Read more on The Guardian.
Security lapse exposes hundreds of addresses of Minnesotans infected with COVID-19
Jay Kolls reports: In April, Gov. Tim Walz signed an executive order allowing the Minnesota Department of Health and the Minnesota Department of Public Safety to share addresses of COVID-19 patients with first responders across Minnesota. The governor imposed strict guidelines for sharing those addresses to protect the identity of Minnesotans with COVID-19. MDH and…
Data breach at New York Sports Clubs owner exposed customer data
Zack Whittaker reports: Town Sports International, the parent company of New York Sports Clubs and Christi’s Fitness gyms, is mopping up after a security lapse exposed customer data. Security researcher Bob Diachenko received a tip from a contact, Sami Toivonen, about an unprotected server containing almost a terabyte of spreadsheets representing years of internal company…
Spokane health district apologizes for accidental disclosure of personal health info
Megan Carroll reports: The Spokane Regional Health District is apologizing on Monday after it accidentally disclosed personal health information to a partner agency. According to a press release, SRHD discovered the unauthorized disclosure to Northeast Washington Educational Service District 101 on Tuesday, Sept. 8. Recipients included school administrations and nursing staff. Read more on KREM.
AU: University of Tasmania IT bungle leads to mass student data breach
Mark Saunokonoko reports: Nearly 20,000 University of Tasmania (UTAS) students have had their personal information exposed to the entire campus after a major IT bungle. The data contained “personally identifiable information” of students at the university. UTAS told 9News in a statement there was “no evidence” malicious activity had caused the data breach. Read more on 9News.