This item by Dr. Michael Garrett that appeared in the Clearwater Tribune appears to concern Joint School District #171 in Idaho. At approximately 7:35 a.m. on March 19, a supervisor brought to my attention that an employee had discovered personal employee information on the district website. The information was verified in a payroll report which inadvertently…
Category: Exposure
He tried to tell you you’re leaking data. Even after you stupidly blocked him.
Today’s episode of Incident Response Fail involves a cybersecurity professional/bug bounty hunter, Mohamed Suwaiz, and a driver training company in Texas, Smith System, that seemed to stubbornly resist his efforts to alert them to a data leak. Although Suwaiz (@Msuwaiz on Twitter) describes himself as being motivated by bug bounties, when there’s no bounty to…
Florida Virtual School database now uploaded to HaveIBeenPwned
From Troy Hunt, an aid to parents who want to check if their email address or their child’s email address was in a leaked database: New breach: The Florida Virtual School had 368k student records with 543k email addresses exposed including names, grades and dates of birth. It’s flagged as “sensitive” due to the prevalence…
The Dutch Data Protection Authority accidentally leaked its employees’ data
MIX reports: Oh, sweet irony: the Dutch Data Protection Authority – where registered companies are required to report breaches in data – has accidentally leaked the names of some of its employees in over 800 public documents, local outlet NU.nl reports. The discovery comes from Dutch cybersecurity firm NFIR. Pauline Gras from the Dutch Data…
Walmart jewelry partner exposed 1.3 million customer details
Bob Diachenko writes: On February 6th, 2018 researchers at Kromtech security came across another publicly accessible Amazon s3 bucket. This one contained a MSSQL database backup, which was found to hold the personal information, including names, addresses, zip codes, phone numbers, e-mail addresses, ip addresses, and, most shockingly, plain text passwords, for shopping accounts of over…
Luxembourg Chamber of Deputies refers data leak to Prosecutor’s Office
Barbara Tasch reports: Luxembourg’s Chamber of Deputies has confirmed it referred a data leak on its website to the Prosecutor’s Office. The Chamber’s decision was based on Article 23 of the Code of Criminal Procedure, which states that any civil servant must report a suspected crime. Last week, Luxembourg’s public radio station 100,7 claimed there was a…