Jamie Martines reports: Hundreds of Social Security numbers could be contained in unredacted documents housed on the Allegheny County Civil Courts public website. The Tribune-Review located federal tax lien documents filed each year from 1997 to 2010 that display unredacted tax identification numbers. Read more on Governing. This is sooooo 1990’s…. still.
Category: Exposure
UK: Students got £140,000 from University of East Anglia for private data leak
Bethany Wales reports: The leak in June 2017 saw an email containing confidential details about students’ extenuating circumstances sent to hundreds of their peers. The circumstances, detailed in a spreadsheet, included suicidal thoughts, sexual assault, and serious family illnesses and bereavements. Now, a Freedom of Information request has revealed the university’s insurers paid out a…
LabCorp website bug exposed thousands of medical documents
Zack Whittaker reports: A security flaw in LabCorp’s website exposed thousands of medical documents, like test results containing sensitive health data. …. This latest security lapse was caused by a vulnerability on a part of LabCorp’s website, understood to host the company’s internal customer relationship management system. Although the system appeared to be protected with a…
H&M’s data leak in Germany “in legal examination”
Angela Gonzalez-Rodriguez reports: New York – Fashion retailer H&M (HMb.ST) said on Saturday that data security breaches found at its German unit were unacceptable and it was cooperating with the local data protection supervisory authority in its investigation into the matter. […] In October last year, the ‘Frankfurter Allgemeine Zeitung‘ reported that personal data of…
Identity and Access Misstep: How an Amazon Engineer Exposed Credentials and More
The UpGuard team reports: UpGuard can now disclose that a repository hosted on GitHub with data from an Amazon Web Services engineer containing personal identity documents and system credentials including passwords, AWS key pairs, and private keys has been secured from public access. The data was committed to a public repository on the morning of…
Microsoft discloses security breach of customer support database
Catalin Cimpanu reports on another leak discovery by Bob Diachenko: Microsoft disclosed today a security breach that took place last month in December 2019. In a blog post today, the OS maker said that an internal customer support database that was storing anonymized user analytics was accidentally exposed online without proper protections between December 5…