Bloomberg has an interesting follow-up on a headline-grabbing report from this week: Millions of pieces of personal data, including fingerprints, may have been leaked from a cloud-based service that stores biometric data for companies and organizations worldwide, security researchers said. Computer scientists working with software firm VpnMentor said they discovered a vulnerability in South Korean…
Category: Exposure
Public Transport Victoria in breach of Privacy Act after re-identifiable data on over 15m myki cards released
Asha Barbaschow reports: Public Transport Victoria (PTV) has been found in breach of the Privacy and Data Protection Act 2014 (PDP Act) by the Office of the Victorian Information Commissioner (OVIC) for releasing data that exposed the travel history of 15,184,336 myki cards. The myki dataset contained a record of “touch on” and “touch off”…
Major breach found in biometrics system used by banks, UK police and defence firms
Josh Taylor reports: The fingerprints of over 1 million people, as well as facial recognition information, unencrypted usernames and passwords, and personal information of employees, was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence contractors and banks. Suprema is the security company responsible for…
British Airways E-Ticketing Flaw Exposes Passenger Flight, Personal Data
Lindsey O’Donnell reports: A vulnerability in British Airways’ e-ticketing system could enable a bad actor to view passengers’ personal data or change their booking information. A security bug discovered in British Airways’ e-ticketing system has the potential to expose passengers’ data, including their flight booking details and personal information. Read more on Threatpost.
Ugh. Amazon buckets with 1.8 million pharmacy-related files and 1.2 million telemarketing recordings about diabetic supplies found unsecured
Copies of fax cover letters from three pharmacies found exposed in an unsecured Amazon s3 bucket Faxes reveal patients’ names, addresses, dates of birth and their medications and doctors’ names Audio recordings in the second unsecured bucket reveals marketers claiming to represent firms that do not appear to exist as they try to get consumers…
SC: Data breach exposes information of more than 800 Charleston Co. employees
Nick Krueger reports: The Charleston County Sheriff’s Office has been notified after more than 800 Charleston County employees were part of a data breach because of an inadvertent email which was sent out by a county Human Resources employee. According to county spokesman Shawn Smetana, that email contained the names, dates of birth, social security…