James de Villiers reports: Nando’s South Africa has denied that it shut down its Firestarters survey platform after a customer raised concerns that his personal contact details were on display for others to see. In a screenshot of a WhatsApp conversation posted on Monday evening, Twitter user Jarn Athern (@JonWithTheFace) detailed how he was contacted…
Category: Exposure
UK: Estate agency fined £80,000 after accidentally exposing personal info online for two years
The Information Commissioner’s Office issued the following press release involving a monetary penalty related to an unintended exposure incident and a misconfiguration. Imagine if every such leak here resulted in the FTC or a state attorney general fining the entity….. The Information Commissioner’s Office (ICO) has fined a London estate agency £80,000 for leaving 18,610…
Independent Age data breach merits no regulator action
Stephen White reports: Confidential data of employees at older people’s charity, Independent Age, have been accidentally exposed to a former worker. The blunder occurred as the company responded to the ex-staff member’s submission of a DSAR (data subject access request). Independent Age says that the security breach compromised personal data, including bank information, sort codes, account…
Personal Data (Incl. SMS & Calls) of Mobile Loan App Users in China Left OPEN for ALL to See
Jim Wilson of Safety Detectives reports on some of their team’s recent findings: Safety Detectives’ research team has recently discovered a sizeable data leak (over 899gb and growing by the day) of a China-based server, which has now been closed. We are unable to confirm the company behind the leak, but according to the data,…
HIPAA nightmare: An IT vendor’s error left more than 300,000 files with protected health information exposed
Medico, Inc.’s IT vendor’s error left at least two Amazon buckets unsecured More than 300,000 files contained protected health information related to patient billing, complete with insurance information and treatment codes Leaks were independently discovered by at least three researchers using different search methods It’s been a rough few months in terms of business associates…
Aavgo security lapse exposed hotel bookings
Zack Whittaker reports: A security lapse at a hotel management startup has exposed hotel bookings and guests’ personal information. The security lapse was resolved Monday after TechCrunch reached out to Aavgo, a hospitality tech company based in San Francisco, which secured a server it had left online without a password. The server was open for…