Is there anyone who didn’t see this coming? Ax Sharma reports: Websites of multiple Indian government departments, including national health and welfare agencies, are leaking COVID-19 lab test results for thousands of patients online. These leaked lab reports which are being indexed by search engines expose patient data, and whether they tested positive for coronavirus. Read more on BleepingComputer.
Category: Exposure
Indiana attorney general says no charges recommended in fetal remains case
One of the most disturbing privacy and data security cases of the decade has come to an end of sorts. Rick Callahan of AP reports the update to a case first reported last year, but caution: this story may be triggering for some people. Indiana’s attorney general recommended no criminal charges or licensing actions Wednesday…
NC: Charlotte’s Wyndham Capital involved in class-action lawsuit over data breaches
Caroline Hudson reports: A Florida man has filed a class-action lawsuit regarding data breaches at Wyndham Capital Mortgage. Ethan Darnell filed the complaint on Dec. 10 in North Carolina’s Western District Court. In October, Charlotte-based Wyndham alerted clients and state attorneys general about an email data breach the month prior. A Wyndham employee sent an email…
Bill & Melinda Gates Foundation’s Charity GetSchooled Breaches 900k Children’s Details
WELP reports: The Financial Times was the first to break this story earlier today (29th December 2020. This breach occurred when GetSchooled (getschooled.com), a charity founded by the Bill & Melinda Gates Foundation in collaboration with Viacom left a database open and accessible to anyone with a browser and internet connection. According to TurgenSec: The breach impacts 930k individuals,…
Misconfigured AWS Bucket Exposes Hundreds of Social Influencers
Phil Muncaster reports: A misconfigured cloud storage bucket has exposed the personal details of hundreds of social media influencers, potentially putting them at risk of fraud and harassment, according to researchers. A team at vpnMentor discovered the AWS S3 bucket wide open with no encryption or password protection, back in early November. Action has apparently…
Vn: Leaky Server Exposes 12 Million Medical Records to Meow Attacker
Phil Muncaster reports: A healthcare technology company leaked 12 million records on patients including highly sensitive diagnoses, before the exposed cloud server was struck by the infamous “meow” attacker, researchers have revealed. A team at SafetyDetectives led by Anurag Sen discovered the leaky Elasticsearch server in late October after a routine IP address scan, although…