Leon writes: In March 2019, I found an unsecured Elasticsearch database which contains more than 4 billion records. The database was sensitive as it contains a lot of PII details as well as Geo-Coordinates of the vehicles meaning the location of the transportation vehicle is tracked and seems to be of an unknown company which…
IL: Dist. 26 Discovers Data Breach (Pearson)
Journal Staff reports: River Trails School Dist. 26 officials said they became aware Wednesday (July 31) of a data breach that occurred last November affecting student information dating back to 1997. According to Dist. 26 Supt. Nancy Wagner, the district received a letter from Pearson, a British-owned education publishing and assessment service for schools and…
Morris Jeff School becomes latest Louisiana school to suffer cybersecurity breach
Della Hasselle reports: Morris Jeff Community School in New Orleans has become the latest Louisiana public school — and apparently the first in the metro area — to experience a cybersecurity breach, continuing a crisis that has prompted an emergency declaration from Gov. John Bel Edwards and forced officials to try to minimize damage ahead…
Significant spike in compromised payment cards noted in South Korea
What is going on in South Korea? Analysts at GeminiAdvisory.io are reporting a major spike in payment cards. In a report released today, they write, in part: Gemini Advisory observed 42,000 compromised South Korean-issued CP records posted for sale in the dark web in May 2019, which is generally in line with monthly additions from…
A misconfigured AWS bucket exposed personal and counseling logs of almost 300,000 Indian employees
On July 17, this site reported on a leak by a vendor, Medico, Inc., that exposed 300,000 patients’ insurance billing-related records. Today, we report on another leak – this one by another vendor – that also exposed about 300,000 records. As part of their benefits offerings, companies often offer services to their employees to help…
School division announces third-party data breach
Melissa Topey reports: Shenandoah County Public School administrators recently announced a vendor they once used had a data breach that compromised some student and administrator data. The school division used software called AIMSweb 1.0, a product of Pearson Assessments, in its elementary and middle schools for about five years until the 2016-2017 school year, said…