Bob Diachenko writes: On May 23rd, another Elasticsearch misconfiguration incident has led to the exposure of the personal details and Aadhar number for millions of families registered under Mukhya Mantri Parivar Samridhi Yojana (MMPSY), which is one of the largest social security programme in India rolled out in the state of Haryana. According to Bob, the server…
Category: Exposure
TH: National Broadcasting and Telecommunications Commission warns Advanced Wireless Network on data breach
The Bangkok Post reports: The telecom regulator has handed an official warning letter to a subsidiary of Advanced Info Service (AIS), urging it to strictly ensure cybersecurity and data protection after the firm accidentally exposed its database of 8 billion internet records online without a password during a scheduled test earlier this month. The move…
NZ: ASB Securities hit with $80,000 fine for 14-year privacy breach
The New Zealand Herald reports: ASB Securities has been fined $80,000 for a privacy breach which left hundreds of online accounts able to be viewed and traded by users without permission. The New Zealand Markets Disciplinary Tribunal censured the online share trading platform after 576 of its trading accounts were made vulnerable to unauthorised use…
Class-action lawsuit filed against state contractor over Ohio Department of Job and Family Services data leak
No surprise here…. ABC6 in Ohio reports: A class-action lawsuit has been filed in the Cuyahoga County Court of Common Pleas, alleging Deloitte—the contractor the Ohio Department of Job and Family Services (ODJFS) hired to create and manage the new Pandemic Unemployment Assistance system—acted “negligently and recklessly,” leading to last week’s data leak. Read more on…
Identities of Northern Ireland abuse survivors exposed in email gaffe
The breach described in the post is already one of the worst breaches of 2020 in my opinion. It’s 2020 and yet we are still seeing privacy breaches involving very sensitive data due to an email gaffe. From media coverage, it is likely that a newsletter that was sent out put recipients’ email addresses in…
A massive database of 8 billion Thai internet records leaks
Zack Whittaker reports: Thailand’s largest cell network AIS has pulled a database offline that was spilling billions of real-time internet records on millions of Thai internet users. Security researcher Justin Paine said in a blog post that he found the database, containing DNS queries and Netflow data, on the internet without a password. With access to this…