Oops, I had missed this one last week. Sergiu Gatlan reported: An unprotected Elasticsearch cluster found via a Shodan search exposed 37,900 records of Kool King Shop customers, a French online shop specifically tailored to be used by kids who bought Burger King menus. As Security Discovery researcher Bob Diachenko discovered after further investigation, the…
Australians’ Medicare details illegally sold on darknet – two years after breach exposed
Paul Karp reports: Australians’ Medicare details are still being illegally offered for sale on the darknet, almost two years after Guardian Australia revealed the serious privacy breach. Screenshots of the Empire Market, provided to Guardian Australia, show the vendor Medicare Machine has rebranded as Medicare Madness, offering Medicare details for $US21. Read more on Guardian…
Update: West Hartford officials warn parents of test registration platform data breach
Doug Levin kindly alerted me that the Hartford Courant has a story on the Total Registration data security incident. … The school officials said that Total Registration, used by the district to register students for certain exams, informed them that certain information provided by students including name, grade level, gender, date of birth, address, email…
Seven months after learning of a breach, UCSD still has not notified HIV research participants whose privacy was breached
Brad Racino and Jill Castellano report on what sounds like either willful or negligent handling of highly sensitive information of research participants bu a non-profit participating in some university-funded research. In either event, the university was notified of a breach in October and STILL hasn’t notified the research participants with HIV whose data was available…
UK hacking powers can be challenged in court, judge rules
Charlie Osborne reports: A five-year court battle in the United Kingdom has come to an end with the UK Supreme Court ruling that the UK’s spy agencies and their hacking activities can be made subject to court challenges. On Wednesday, the court ruled that the GCHQ’s Investigatory Powers Tribunal (IPT) is subject to judicial review…
Massive Data Breach Exposes Russian Officials’ Passports – Reports
The Moscow Times is reporting: Hundreds of thousands of Russians, including former government officials, have had their passport data posted online in the country’s latest massive data leak, the RBC news website cited new research as saying Wednesday. The breach of at least eight government websites, analyzed by privacy expert Ivan Begtin, exposed the passport…