It feels like it’s been a while since we’ve seen an FTC data security case (well, apart from Zoom’s issues). Today, FTC issued a press release about a settlement stemming from SkyMed International’s misconfigured elastic search instance that exposed more than 130,000 people’s information. The exposed data were discovered by Jeremiah Fowler and reported in…
Category: Exposure
Spotify notifies customers of breach, files under CCPA
Steve Zurier reports: Streaming service Spotify has notified an unspecified number of its customers of a data breach, responding by resetting passwords on the accounts that were attacked. […] In a breach notification letter dated Dec. 9 to its customers and filed with the California attorney general, Spotify said the company discovered the vulnerability on its system…
UK: One security incident affects more than half of East Devon Council, another affects home sales in Hackney
BBC reports: Members of a Devon district council suffered a significant data breach when more than half had passwords made available online to other councillors. Thirty-seven of 60 East Devon District Council members were affected by the breach at the start of November, a full council meeting has heard. Swift action was taken to rectify…
Data Protection Commission announces decision in Twitter inquiry
15th December 2020 The Data Protection Commission (DPC) has today announced a conclusion to a GDPR investigation it conducted into Twitter International Company. The DPC’s investigation commenced in January, 2019 following receipt of a breach notification from Twitter and the DPC has found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms…
Fax Express leaked database noted by New Jersey
Seen on NJCCIC, a summary of a breach noted by them on December 10: A hacked database belonging to Fax Express, an office equipment supply store based in Ocean County, NJ was exposed, revealing approximately 560,000 compromised usernames and dehashed passwords. The breached database is connected to the domain shredderstoo[.]com and is assessed to be owned…
Tech unicorn UiPath discloses data breach
Catalin Cimpanu reports: Tech unicorn UiPath, a startup that makes robotics automation software, is currently emailing users about a security incident that exposed their personal information online. “On December 1, 2020, UiPath became aware of an incident that resulted in unauthorized disclosure of a file containing limited personal information about users of UiPath Academy,” the…