Zack Whittaker reports: The donation site used by truckers in Ottawa who are currently protesting against national vaccine mandates has fixed a security lapse that exposed passports and driver licenses of donors. […] TechCrunch was tipped off to the data lapse after a person working in the security space found an exposed Amazon-hosted S3 bucket…
Category: Exposure
Illinois Housing Development Authority addresses data breach
WCIA reports: The Illinois Housing Development Authority issued a statement today addressing a security breach of its rental payment web portal last week. The IHDA became aware of the breach on Feb. 1. when some tenant applicants were able to see documents submitted by other applicants. The IHDA immediately took the portal offline and blocked…
UK: Data breach as Corby vaccine trial participants’ details inadvertently shared in email gaffe
Sam Wildman reports: A Corby medical research team has apologised after those taking part in the town’s Covid vaccine trial inadvertently had their details shared. Lakeside Healthcare Research has been running a trial of a new Valneva vaccine since last year, with Corby being one of 27 UK study sites. Read more at Northamptonshire Telegraph
Security issue may have made some personal information vulnerable on WSDOT system
OLYMPIA – A vulnerability involving a Washington State Department of Transportation system may have exposed personal information stored in an internal database of about 2,200 people, and the agency is reaching out to help notify them of the incident. It is not known if anyone obtained the information for illegal use, and the vulnerability within…
Securitas misconfiguration exposed airport employee info
From SafetyDetectives: The SafetyDetectives cybersecurity team discovered a critical data leak affecting the prominent multinational security company, Securitas…. One of the company’s Amazon S3 buckets was left open, exposing over 1 million files. The data we observed related to airport employees from different sites across Colombia and Peru, and there could be entities from other nations with…
Messages and user data from secret sharing app Whisper exposed online (again): report
Bob Diachenko reports: Two databases containing user information and messages ostensibly from the secret sharing app Whisper were exposed on the web without a password or any other authentication required to access them, according to Comparitech researchers. One of the databases appears similar to a Whisper database leaked in March 2020, which contained user’s messages…