The Moscow Times is reporting: Hundreds of thousands of Russians, including former government officials, have had their passport data posted online in the country’s latest massive data leak, the RBC news website cited new research as saying Wednesday. The breach of at least eight government websites, analyzed by privacy expert Ivan Begtin, exposed the passport…
Category: Exposure
1.5 Million Mobile Users’ Card & Information Exposed
Roy Urrico reports: Security researchers discovered an exposed Elasticsearch server containing up to 1.5 million Freedom Mobile users’ personal data, passwordless, and including unencrypted credit card and CVV numbers, expiration dates and verification numbers. The five million exposed customer data logs belonged to Freedom Mobile, Canada’s fourth wireless telecommunications provider. The files, stored in plaintext,…
Twitter discloses a bug impacting collection and sharing of location data on iOS devices
Twitter’s online Help section has the following notice: You trust us to be careful with your data, and because of that, we want to be open with you when we make a mistake. We have discovered that we were inadvertently collecting and sharing iOS location data with one of our trusted partners in certain circumstances….
Update: Oklahoma Dept of Securities notifying individuals affected by 2018 security incident
Here’s another case where there’s a long gap between discovery of an incident and notification to individuals. The Oklahoma Department of Securities had an incident that began Nov. 29, 2018. It was discovered December 11, 2018. On January 16, 2019, the agency issued a statement saying: The Oklahoma Department of Securities (ODS) has initiated a…
Personal and health insurance information of most of Panama’s citizenry found in unsecured database
Bob Diachenko reports that he found an unprotected and publicly available Elasticsearch cluster containing what appears to be 3,427,396 records of Panamanian citizens. According to Diachenko, each record in tables labeled “patient” contained the following info: full name date of birth national ID number (cedula) medical insurance number (poliza seguro medico) phone email address other…
Charnwood Borough Council data breach sees residents’ personal details published online
Dan Martin reports: A council has apologised after publishing residents’ personal details online by mistake. Officials at Charnwood Borough Council failed to remove from a document names, addresses, phone numbers and email addresses of people who responded to a survey on levels of council tax to be levied on empty homes before uploading it to…