As part of my research collaboration with Protenus for their Breach Barometer reports, I spend time every week reaching out to entities to ask them for details about incidents if I cannot find any notice on their site or a state attorney general’s site. Most entities respond with the requested information or a copy of…
Category: Exposure
Home Depot Confirms Data Breach in Order Confirmation SNAFU
Tara Seals reports: Home Depot has exposed the private order confirmations of hundreds of Canadian consumers, containing names, physical addresses, email addresses, order details and partial credit-card information. After customers began reporting that they had received hundreds of emails from the home-improvement giant, each containing an order confirmation for a stranger, the company confirmed the…
Dozens of patient records dumped in St. Louis industrial area
Erin Richey reports that someone found boxes of patient records belonging to DaVita Florissant Dialysis on West Florissant Avenue. “Found names, Social Security numbers, addresses, lab reports, entire medical history of people and personal information,” he said. “ Read more on KSDK. According to the report, because Missouri does not regulate dialysis clinics, the state department…
True, the social networking app that promises to ‘protect your privacy,’ exposed private messages and user locations
Zack Whittaker reports: True bills itself as the social networking app that will “protect your privacy.” But a security lapse left one of its servers exposed — and spilling private user data to the internet for anyone to find. Read more on TechCrunch.
More than 100 irrigation systems left exposed online without a password
Catalin Cimpanu reports: More than 100 smart irrigation systems were left exposed online without a password last month, allowing anyone to access and tamper with water irrigation programs for crops, tree plantations, cities, and building complexes. The exposed irrigation systems were discovered by Security Joes, a small boutique security firm based in Israel. Read more on…
Mount Diablo Unified District responds to SchoolMessenger leak
On September 21, the Mount Diablo Unified District notified parents of a breach involving the SchoolMessenger app by Intrado. Their letter explains that on September 14, 2020, the district was informed that “when certain parents were using the SchoolMessenger mobile application, they were able to view a list of roughly thirty (30) unique names, emails,…