Bill Toulas reports: British classifieds site Gumtree.com suffered a data leak after a security researcher revealed that he could access sensitive personally identifiable data of advertisers simply by pressing F12 on the keyboard. When pressing the F12 key in a web browser, the application will open the developer tools console, which allows you to view…
Category: Exposure
Transamerica sued by 401(k) participant over data breach
Emile Hallez reports: A breach of 401(k) participant data earlier this year prompted a class action lawsuit this month against Transamerica Retirement Solutions. In June, the company became aware of a change within one of its websites that let employer customers view compromising data about participants in other retirement plans, according to a notice posted by the…
NJ: Cancer Care Providers Will Adopt New Security Measures and Pay $425,000 to Settle Investigation into Two Data Breaches
CONSENT ORDER NEWARK – Acting Attorney General Andrew J. Bruck today announced that the Division of Consumer Affairs has reached a settlement with three New Jersey-based providers of cancer care that the State alleges failed to adequately safeguard patient data, exposing the personal and protected health information of 105,200 consumers, including 80,333 New Jersey residents. Under…
MA: Northeastern Cancels Vaccination Clinics After Third-Party Information Leak
Jay Willett reports: COVID-19 vaccination clinics scheduled on Northeastern University’s Boston campus have been cancelled following the discovery of registrants’ personal information being exposed by Pelmeds, a third-party vaccine provider. In a statement shared with WBZ NewsRadio, Northeastern said that the information was present on Pelmeds’ website. “As soon as the university became aware of…
LINE Pay leaks data from approximately 133,000 users to GitHub of all places
Sunaina reports: LINE Pay, a smartphone payment provider, announced yesterday that between September and November of this year, approximately 133,000 users’ payment details were inadvertently published on GitHub. A research group employee accidentally uploaded files detailing participants in a LINE Pay promotional programme staged between late December 2020 and April 2021 to the collaborative coding…
Tulane University crime data breach exposes health records, sexual assault victims’ names
Missy Wilkinson Reports: Health records and names of people who visited Tulane University Medical Center’s emergency department, including for attempted suicide. Graphic information about sexual assaults and the identities of the victims, witnesses and suspects. All this and other sensitive information protected under federal privacy laws was visible to anyone with a Tulane email address…