Zack Whittaker reports: Halfway through my Monday afternoon workout last week, I got a message from a security researcher with a screenshot of my Peloton account data. My Peloton profile is set to private and my friend’s list is deliberately zero, so nobody can view my profile, age, city, or workout history. But a bug allowed…
Category: Exposure
Ph: 345,000 sensitive legal documents from the PH government have been exposed online
Vittoria Elliott reports: For at least two months, some 345,000 sensitive court documents from the Office of the Solicitor General of the Philippines related to ongoing legal cases were made publicly available online and could have been accessed by anyone who knew where to look, according to the UK security company TurgenSec, which identified the data…
GitHub Leaks: Lessons Learned
Marianne Kolbasuk McGee reports: Recent incidents involving inadvertent exposure of patient data on GitHub, a software development and version control platform designed for collaboration, point to the need to ensure that data loss prevention tools are implemented, available security controls are leveraged and employees are made aware of the risks involved in using internet-facing platforms….
Contact tracing data breach exposes health information of 72,000 Pennsylvanians
Rachel Yonkunas reports: Multiple investigations are underway after a contact tracing data breach exposed personal health information of 72,000 Pennsylvanians. The unsecured information was collected by employees of Insight Global—the company paid around $30 million in taxpayer money to perform contact tracing in the state. “You could see people’s phone numbers, how many kids they…
UK: HMRC outlines late-filing penalty notices data breach
ICAEW [ Institute of Chartered Accountants in England and Wales] members in practice have been among thousands of agents who have received late-filing penalty notices which are not for their clients. HMRC has investigated and provided an update on what went wrong. […] The total number of individual penalty notices sent to the wrong agent…
Dutch government pauses coronavirus app over data leak fears
AP reports: The Dutch government has temporarily disabled its coronavirus warning app amid data privacy concerns for people who have the app installed on phones using the Android operating system. Health Minister Hugo de Jonge announced late Wednesday that the CoronaMelder app will stop sending warnings for 48 hours while the government checks if users’ data is…