Chris Brook writes: Certificate authority Let’s Encrypt accidentally disclosed the email addresses of several thousand of its users this weekend. Josh Aas, Executive Director for the Internet Security Research Group (ISRG), the nonprofit group that helped launch the CA, apologized for the error on Saturday. In what Let’s Encrypt dubbed a preliminary report posted shortly after…
Category: Exposure
MA: Saugus employees’ personal information released during discovery phase of Rivers lawsuit against town
Jeannette Hinkle reports: When attorney Elayne Alanis requested documents relating to the employment of Saugus’ former Information Technology Network Administrator James Rivers, she wasn’t expecting 48,960 pages. More upsetting than the overwhelming volume of documents, Alanis said, was the inclusion of 1,200 town employees’ Social Security numbers, tax documents and personal banking information. Read more…
UK: ICO issues £150,000 monetary penalty to Dyfed-Powys Police over data protection breach
It’s one of those “small breaches, big potential harm situations.” The Dyfed-Powys Police force has been fined£150,000 after an email containing information that could be used to identify eight sex offenders was sent to a member of the public in error. The monetary penalty notice explains that the community member’s email address (an external email) was…
Washington marijuana applicants’ personal info subject to data breach
Ben Livingston reports: The Washington State Liquor and Cannabis Board is working to notify marijuana license applicants whose personal information was accidentally distributed by the agency in response to a public records request. The data may include social security numbers, driver’s license numbers, financial information, tax information and attorney-client privileged information. The LCB had redacted…
Info on international students and hosting families exposed in misconfigured database
It may be hard to resist naming a database after a favorite movie, but a database named “Coruscant” caught a researcher’s eye when the researcher was searching Shodan.io for exposed databases. And the rest, as they say, well… read on. The Cambridge Institute of International Education (CIIE) is a Boston-based educational consulting firm whose mission is to boost the…
Spanish police organization hacked; agents’ info allegedly dumped
HackKnowledge.in reports that a hacker who uses the Twitter handle @FkPoliceAnonOps claims to have hacked the Mutual Social Security Police (mupol.es) and dumped information on 5,400 agents. The leaked data contains full names, email addresses, national ID numbers, and hashed passwords. Although law enforcement is investigating, it does appear that there is any official confirmation as to the accuracy…