Bob Diachenko reports that he found an ElasticSearch instance that was exposing customers of Honda North America. On December 11th, 2019, I have identified an open and unprotected Elasticsearch cluster with 976 millions of records which appeared to be part of Honda North America infrastructure, exposed online to anyone with a web browser. Of note, Honda…
Nathan Wyatt, aka “Crafty Cockney” of thedarkoverlord, now on U.S. soil to stand trial in St. Louis
I’ve reported on Nathan Wyatt a number of times, including the extradition request by the U.S., his appeal, and his failure to win his appeal of the extradition order. So we knew this was coming, but let’s start with a recap of the charges he’s facing: One count of conspiracy against the U.S. (18 USC…
CMS Blue Button API Coding Error Potentially Exposes Health Data
Jessica Davis reports: December 18, 2019 – The Centers for Medicare and Medicaid Services has taken its Blue Button 2.0 API offline, as it investigates a coding error that potentially exposed the protected health information of about 10,000 beneficiaries. The BB2.0 platform is used by Medicare beneficiaries to authorize third-party applications to access their Medicare claims data. The system…
Yerington Paiute Tribe hacked in cyber attack
Amy Alonso reports: The Yerington Paiute Tribe has been hit by a Ransomware virus. The tribe was hit by the virus Dec. 10. Negotiations and underway and there is no target date for the release of the tribe’s system, according to Tribal Chairwoman Laurie Thom. All tribal programs, administration and clinic networks are locked out…
UK: Statement on Brechin High School data breach
We can confirm that personal details were inappropriately shared to a pupil-based audience at one of our secondary schools on Monday (16 Dec). This is unacceptable and should not have happened under any circumstances. We apologise for the obvious upset and concern this has caused, particularly to those young people whose details were shown. Enquiries…
Marietta utility customer data found on dark web after Click2Gov security breach
Ross Williams reports that about 8,800 Marietta, Georgia utility customers may have had their credit card info compromised by the kind of Click2Gov breach we’ve been hearing about since this summer. As in some other reports, their data — or data that is likely to come from this incident — has already been found on…