Eileen Yu reports: A folder containing personal data of 6,541 accountants in Singapore was “inadvertently” sent to multiple parties, in a security lapse that was uncovered only months after when a review was conducted. The incident exposed personal details such as names, national identification number, date of birth, and employment information. The incident occurred under…
T-Mobile discloses security breach impacting prepaid customers
Catalin Cimpanu reports: The US branch of telecommunications giant T-Mobile disclosed a security breach today that impacted a small number of customers of its prepaid service. The company said its cybersecurity team “discovered and shut down malicious, unauthorized access to some information related to your T-Mobile prepaid wireless account.” Exposed data included details such as…
French Hotel Giant Leaks 1TB+ of Client Data
Phil Muncaster reports: A leading European hotel booking platform has leaked over 1TB of data on customers, clients and partners thanks to an unsecured Elasticsearch database, exposing them to account takeover, identity theft and financial fraud. The database reportedly belongs to French B2B hotel booking firm Gekko Group, a subsidiary of Europe’s largest hotel group,…
Personal And Social Information Of 1.2 Billion People Discovered In Massive Data Leak, But Who’s Responsible??
Over on DataViper.io, Vinny Troia reports that he and Bob Diachenko found a massive data leak that appears to implicate two data enrichment firms: People Data Labs (PDL), and OxyData.io. But “implicate” is not the same thing as being able to actually attribute ownership of the elasticsearch server that was open at 35.199.58.125, and both…
Lithuanian national, extradited from Ukraine, charged with unauthorized computer intrusion, other crimes
A criminal complaint was unsealed today in federal court in Brooklyn charging Lithuanian national Vytautas Parfionovas with computer intrusion, securities fraud, money laundering, bank fraud and wire fraud, among other offenses. The charged crimes stem from a variety of criminal conduct between 2011 and 2018 in which Parfionovas gained access to U.S.-based computers, including email…
Yet another city reports a Click2Gov breach
Another city has reported a breach involving Click2Gov software by CentralSquare Technologies. WTVY reports Dothan, Alabama has joined more than four dozen other cities using Click2Gov that have experienced breaches involving payment card data of residents using online payment portals: “It has come to the City of Dothan’s attention that CentralSquare, the third-party processor of…