After a few years of headlines blaring mega-numbers of records exposed by misconfigured RSYNC backups, we might hope that we would be seeing fewer errors by now. But it seems that RSYNC errors continue at a high rate, exposing massive amounts of data. This month, part of what I did was look at RSYNC errors…
Category: Exposure
On the notification warpath, Friday edition
In 2006, I started advocating that there needs to be a law or regulation that requires businesses to have a method to receive notifications of security alerts. A number of people I respect offered explanations as to why that wasn’t a great idea. But 13 years later, I’m more convinced than ever that we need…
Months after notifying patients of a leak, Medico issues press release
In July, DataBreaches.net reported on a leak it had discovered in June. On September 17, Medico of South Carolina reported a breach to HHS that reportedly impacted 6,489 patients. On December 11, they issued a press release that appears to be related to the same incident. Medico of South Carolina “(Medico”) is a medical billing company…
Police Procedural: How South Carolina Arrest Records Were Exposed
UpGuard reports: The UpGuard Research team can now disclose that a cloud storage bucket containing personally identifiable information (PII) for thousands of people in the South Carolina justice system has been secured. An employee of Spartan Technology, a South Carolina tech company, had uploaded a collection of backups to the AWS S3 storage service. The data collection…
Months-Long Privacy Breach Involving Meal Tray Tickets at Zuckerberg SF General Hospital: DPH
Bay City News reports: The San Francisco Department of Public Health announced Tuesday a privacy breach at Zuckerberg San Francisco General Hospital involving patients’ meal tray tickets that were improperly disposed into regular garbage bins. The tickets, which contained patients’ full names, birth month and day, bed/unit location at the hospital, diet information and menu…
Public Relations: How a Marketing & PR Platform Exposed Thousands of Users
The UpGuard research team reports: The UpGuard Research team can now disclose that a data collection originating from iPR Software (risk score: 683) containing details of 477,000 media contacts, business entity account information, over 35,000 user password hashes, assorted documents, and administrative system credentials has been secured. The Amazon S3 storage bucket contained a large collection…