From the who-put-the-frying-pan-in-that-fire dept. Several weeks ago, DataBreaches.net received a complaint concerning a breach involving the Montgomery County Housing Opportunities Commission in Maryland. It seems that a vendor’s 1099 tax statement had been sent to the wrong recipient. It was not a particularly unusual breach, but the 1099 had been sent as an unencrypted attachment to an email, so I read…
Category: Exposure
FL: Discarded medical records found unsecured at public landfill
Trevor Pettiford reports that discarded medical records were found unsecured at a county landfill facility in St. Petersburg, Florida. The records, complete with names, addresses, and family histories, were discovered by a man dumping bulk trash at the Pinellas County Solid Waste facility at 3095 114th Avenue North in St. Petersburg. They apparently came from the…
@ChileanCrew Hacks, Leaks Details for 300,000 Chilean Citizens Looking for State Benefits
Catalin Cimpanu reports: A group of Chilean hacktivists that go by the name of Chilean Hackers have broken into the database of CONADI and stolen the personal details of 304,189 Chilean citizens looking for state benefits from the country’s government. Read more on Softpedia. I “get” that the hacktivists want Chile’s president to resign and they want…
Misconfigured MongoDB installation left Microsoft careers site vulnerable to attack
Chris Vickery writes: An exposed database was serving potentially arbitrary HTML through the mobile version of Microsoft’s careers page (m.careersatmicrosoft.com). Punchkick Interactive is a mobile web development company. Microsoft relies on Punchkick to handle the database that powers m.careersatmicrosoft.com. The bad news is that, for at least the past few weeks, this backend database has…
KY: Retired firemen address board after newsletter containing sensitive information circulates
Lana Bellamy reports: A group of firefighters are concerned about possible identity theft in light of the publication of sensitive personal information on Ashland Commissioner Kevin Gunderson’s electronic newsletter. Last month, Gunderson’s regular electronic newsletter “Kevin Mail” had documents attached containing the names, partial Social Security numbers and pension member identification numbers on invoices related…
GA: 911 dispatcher fired for sharing caller’s personal information on Facebook
Dan Kennedy reports: A Catoosa County 911 dispatcher was fired Friday morning for sharing on Facebook the private information of at least one person who called 911. Holly Dowis was terminated Friday following an internal investigation into her conduct while on the job. A Channel 3 investigation found Dowis sent a screenshot to Facebook friends…