Randy Ellis reports: A class-action lawsuit has been filed against the Oklahoma Department of Securities over a massive December 2018 data breach that allegedly caused the names, Social Security numbers and other personal information of more than 300,000 people to be published to the internet. The department caused the data breach by negligently misconfiguring a…
Category: Exposure
Anonymous secret sharing app Whisper left sensitive profile data exposed for years
Nick Statt reports: Whisper, an anonymous secret-sharing mobile app that rose to prominence more than half a decade ago, has been inadvertently exposing sensitive information about its users for years through a public online database, according to a new report from The Washington Post. The app, while far from as popular as it was in the few years…
Brazil: Millions of Records Leaked, Including Biometric Data
Jim Wilson reports: The security research team at Safety Detectives has discovered a significant data leak in addition to other security flaws (such as lack of password protection) relating to fingerprint data on an Antheus log server in Brazil. Our team, led by Anurag Sen, discovered almost 2.3 million data points in total and estimates that…
University of Hertfordshire avoids data breach action by UK watchdog
Charlie Osborne reports: The University of Hertfordshire has avoided an investigation by the ICO into its data-sharing practices after exposing student information. The security incident took place in November 2019, in which a bulk email promoting an art lecture also included an attachment containing the names and email addresses of approximately 2,000 students. Read more…
US property and demographic database of 200 million records leaked on the web
Paul Bischoff reports: An exposed online database consisting of some 200 million records included a wide range of sensitive personal and demographic data about residents and their properties. Homeowners were identified as well as info about their credit ratings, net worth, and income, among other details. At this time we have not been able to…
Israeli Marketing Company Straffic Exposes 140 GB Contacts Database
Jeremy Kirk reports: An Israeli marketing company left authentication credentials for an Elasticsearch database online, exposing more than 140 GB worth of contact details for individuals in the U.S. and Europe. The exposed data includes names, email addresses, phone numbers, physical addresses and genders, but not all records have those fields completed, according to a…