Gareth Corfield reports: A Cayman Islands-based investment fund has exposed its entire backups to the internet after failing to properly configure a secure Microsoft Azure blob. Details of the fund’s register of members and correspondence with its investors could be freely read by anyone with the URL to its Azure blob, the Microsoft equivalent of…
Category: Exposure
Thousands of US lab results and medical records spilled online after a security lapse
Zack Whittaker reports: NTreatment, a technology company that manages electronic health and patient records for doctors and psychiatrists, left thousands of sensitive health records exposed to the internet because one of its cloud servers wasn’t protected with a password. The cloud storage server was hosted on Microsoft Azure and contained 109,000 files, a large portion…
WhiteHat Jr faces security breach exposing personal data
InfoTechLead reports: WhiteHat Jr, BYJU’S-owned online coding platform, has fixed a cyber security issue after exposing personal data of over 2.8 lakh students and teachers due to multiple vulnerabilities. Last month, Mumbai-based WhiteHat Jr was found to have another security issue that was also leaking students’ personal data and transaction details. Read more on InfoTechLead.
Investigation launched after hundreds of confidential patient details from Lloyd Pharmacy were sent to a woman in the post
Jessica Sansome reports: A woman received a parcel from Lloyds Pharmacy containing hundreds of prescription records – exposing confidential patient information. She believes the box from Lloyds Pharmacy was meant to be delivered to NHS prescriptions services in Bolton, Greater Manchester. Read more on Manchester Evening News.
Personal data of 16 million Brazilian COVID-19 patients exposed online by Albert Einstein Hospital employee error
Today’s example of “no need to hack if it’s leaking,” Catalin Cimpanu reports: The personal and health information of more than 16 million Brazilian COVID-19 patients has been leaked online after a hospital employee uploaded a spreadsheet with usernames, passwords, and access keys to sensitive government systems on GitHub this month. Among the systems that had credentials…
Sophos notifies customers of data exposure after database misconfiguration
Catalin Cimpanu reports: UK-based cyber-security vendor Sophos is currently notifying customers via email about a security breach the company suffered earlier this week. “On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support,” the company said in an email…