Scroll Top

GDPR Services report 11 Private Data breaches – Week 32, 2019


GDPR Services report 11 Private Data breaches

– Week 32, 2019 –

This is a curated list about last week’s latest news from by our GDPR Services. Be informed about the latest 11 Private Data breaches, identified and reported publicly during Week 32, 2019.

As these Private Data breaches have a severe negative impact on any business and highly serious legal consequences, consider a these GDPR Service packages: on-demand GDPR COMPLIANCE or a recurrent monthly service of GDPR COMPLIANCE ADD-ON together with your dedicated data protection OFFICER package.


on-demand GDPR Services

A Partner You Can Depend on to Help Your Organisation Meet GDPR Compliance. Industry leaders. Award-winning experience. All you need to know, to keep your business safe.

  • An open Elasticsearch database contained more than 1 million users of the adult website Luscious.
    • The data contained usernames, email addresses, locations, activity logs, and genders. Users were located all over the world and once notified, the server was finally secured. The leak could be used to dox or compromise these users, given the nature of the content. Report: Data Breach in Adult Site Compromises Privacy of All Users

  • The biometric access platform BioStar 2 suffered a massive data leak of fingerprints and facial data from at least 1.5M different people in numerous countries.
    • This data included unencrypted usernames and passwords, including those of admin accounts. What is worse is that many passwords were “ridiculously simple” and that many large businesses use these biometrics for access controls. This data was publicly available for more than a week while researchers tried to contact Suprema, the owner of the data, unsuccessfully. The potential for fraud and abuse is high, because once this data is stolen people can’t change their faces or fingers. Data Breach in Biometric Security Platform Affecting Millions of Users

  • The NYC fire department issued a warning that a stolen employee’s hard drive could have leaked data from more than 10,000 patients.

  • Details on 4M email accounts were recently leaked from Disney’s revamp of its Club Penguin website.



Compliant and sustainable long-term GDPR operational behaviour. Have a rock-solid foundation for privacy procedures and GDPR mandate compliance.

Discover more trending and viral stories from our GDPR Service. The remaining Private Data breaches made news headlines. All these news related to GDPR Services happened just in the last week.

  • The Capital One breach is more complicated than it looks
    • On Monday night, Capital One and its customers got some very bad news. The company had been breached, spilling hundreds of thousands of social security numbers and account details into public view. The New York Attorney General is already investigating whether Capital One is negligent, but the broader story is familiar: a big company let a lot of sensitive data go missing, and customers bore most of the risk. It can be hard to tell legitimate research from criminal enterprise

  • UniCredit Investigating Data Breach Possibly Related to Capital One
    • Italian banking giant UniCredit is investigating the possibility of a data breach that the lender believes could be related to a similar hacking incident atCapital One Financial Corp. Organizations such as Italian bank UniCredit and Michigan State University were named in purported list of files posted by alleged hacker. FBI Examining Possible Data Breaches Related to Capital One

  • TPS data breach: student’s personal information sent out to hundreds of families
    • Toledo Public Schools is alerting parents in the Hawkins Elementary learning community about a data breach. The personal information of one student and his parents and emergency contact were sent to 300 families. Leaders say the error occurred at the print shop.

  • Gartner leaked customer data on an unsecured ElasticSearch repository.

  • Imperva suffered a major data breach recently affecting users of its Cloud Web Application Firewall (Incapsula).
    • According to its CEO’s post, hackers made off with customer API keys and SSL certificates and user passwords. Users should change their passwords, implement SSO logins and generate new SSL certs ASAP. Cybersecurity Firm Imperva Discloses Breach



data protection OFFICER

Identify high-risk problems. Taking access and rights management into serious consideration is the foundation for a safely guarded online presence throughout your domain.

Do you have any questions about our GDPR Service or related to GDPR Services in general? Leave your thoughts about these Private Data breaches in the comments below!

Related Posts