GDPR Services report 11 Private Data breaches
– Week 32, 2019 –
This is a curated list about last week’s latest news from by our GDPR Services. Be informed about the latest 11 Private Data breaches, identified and reported publicly during Week 32, 2019.
As these Private Data breaches have a severe negative impact on any business and highly serious legal consequences, consider a these GDPR Service packages: on-demand GDPR COMPLIANCE or a recurrent monthly service of GDPR COMPLIANCE ADD-ON together with your dedicated data protection OFFICER package.
- An open Elasticsearch database contained more than 1 million users of the adult website Luscious.
- The data contained usernames, email addresses, locations, activity logs, and genders. Users were located all over the world and once notified, the server was finally secured. The leak could be used to dox or compromise these users, given the nature of the content. Report: Data Breach in Adult Site Compromises Privacy of All Users
- The biometric access platform BioStar 2 suffered a massive data leak of fingerprints and facial data from at least 1.5M different people in numerous countries.
- This data included unencrypted usernames and passwords, including those of admin accounts. What is worse is that many passwords were “ridiculously simple” and that many large businesses use these biometrics for access controls. This data was publicly available for more than a week while researchers tried to contact Suprema, the owner of the data, unsuccessfully. The potential for fraud and abuse is high, because once this data is stolen people can’t change their faces or fingers. Data Breach in Biometric Security Platform Affecting Millions of Users
- The NYC fire department issued a warning that a stolen employee’s hard drive could have leaked data from more than 10,000 patients.
- Some of these patients who have taken ambulances from 2011-2018 could have compromised SSNs. The theft was discovered in March, and an internal investigation took months to track down the affected patients. FDNY warns of major data breach possibly affecting more than 10,000 patients
- Details on 4M email accounts were recently leaked from Disney’s revamp of its Club Penguin website.
- It happened through a PHP vulnerability and had help from data obtained from another leak last year. There is a lot of confusing and contradictory information about what happened. 4 million Club Penguin Rewritten accounts exposed in breach
Discover more trending and viral stories from our GDPR Service. The remaining Private Data breaches made news headlines. All these news related to GDPR Services happened just in the last week.
- Capital One Breach Shows a Bank Hacker Needs Just One Gap to Wreak Havoc
- Most dinosaur remains are incomplete, due to the fact they lived tens or hundreds of millions of years ago, and so a great deal of our knowledge of them is based on reconstructions from multiple partial remains. To name a new species, however, a holotype– a single physical example, the bones from exactly one dinosaur– is needed. Large financial companies have to thwart hundreds of thousands of cyberattacks every single day. Data thieves have to get lucky only once.
- The Capital One breach is more complicated than it looks
- On Monday night, Capital One and its customers got some very bad news. The company had been breached, spilling hundreds of thousands of social security numbers and account details into public view. The New York Attorney General is already investigating whether Capital One is negligent, but the broader story is familiar: a big company let a lot of sensitive data go missing, and customers bore most of the risk. It can be hard to tell legitimate research from criminal enterprise
- UniCredit Investigating Data Breach Possibly Related to Capital One
- Italian banking giant UniCredit is investigating the possibility of a data breach that the lender believes could be related to a similar hacking incident atCapital One Financial Corp. Organizations such as Italian bank UniCredit and Michigan State University were named in purported list of files posted by alleged hacker. FBI Examining Possible Data Breaches Related to Capital One
- TPS data breach: student’s personal information sent out to hundreds of families
- Seattle woman charged in Capital One breach may have data from other companies
- A Seattle woman who is charged with taking data on more than 100 million customers from Capital One is reportedly a former Amazon Web Services systems engineer who may have accessed data from more companies. Paige A. Thompson, 33, is charged with computer fraud and abuse in a criminal case filed Monday in federal court in Seattle.
- Gartner leaked customer data on an unsecured ElasticSearch repository.
- The data was quickly secured once they were notified by researchers, but they might have divulged API keys which could be used to access additional data. Gartner’s Legacy System Exposed Online
- Imperva suffered a major data breach recently affecting users of its Cloud Web Application Firewall (Incapsula).
- According to its CEO’s post, hackers made off with customer API keys and SSL certificates and user passwords. Users should change their passwords, implement SSO logins and generate new SSL certs ASAP. Cybersecurity Firm Imperva Discloses Breach