GDPR Services report 11 Private Data breaches
– Week 27, 2019 –
This is a curated list about last week’s latest news from by our GDPR Services. Be informed about the latest 11 Private Data breaches, identified and reported publicly during Week 27, 2019.
As these Private Data breaches have a severe negative impact on any business and highly serious legal consequences, consider a these GDPR Service packages: on-demand GDPR COMPLIANCE or a recurrent monthly service of GDPR COMPLIANCE ADD-ON together with your dedicated data protection OFFICER package.
on-demand GDPR Services
A Partner You Can Depend on to Help Your Organisation Meet GDPR Compliance. Industry leaders. Award-winning experience. All you need to know, to keep your business safe.
- A number of leaky AWS S3 storage buckets care of bad IT security at integrator Attunity (now owned by Qlik) was discovered by researchers recently.
- The firm works with half of the F100 and the leaks contain business-critical data such as emails, passwords and contacts. Two examples mentioned in this post are Ford project documents and a collection of Netflix authentication strings. Data Warehouse: How a Vendor for Half the Fortune 100 Exposed a Terabyte of Backups
- There has been another massive data leak from unsecured Elasticsearch storage.
- This one originates from Orvibo, makers of smart home products. There are more than 2 billion records online, and they include unsalted (but hashed) passwords and precise locations of their devices. There are about a million users’ details, including hotels, offices and residences. The implications are major because “Much of the data can be pieced together both to disrupt a person’s home while possibly leading to further hack,” according to the researchers who found the data. The company has tried to get the vendor to close the leak. Report: Orvibo Smart Home Devices Leak Billions of User Records and Smart home maker leaks customer data, device passwords
- The Chinese government has created the BXAQ Android spyware that is being installed on all visitors’ phones crossing at Irkeshtam in Kyrgyzstan.
- The app downloads emails, texts, contacts and phone configuration details. Visitors’ iPhones are also monitored with another routine.
Chinese border guards put secret surveillance app on tourists’ phones and China Is Forcing Tourists to Install Text-Stealing Malware at its Border and Analysis-Report Chinese Police App “BXAQ” 03.2019
- The app downloads emails, texts, contacts and phone configuration details. Visitors’ iPhones are also monitored with another routine.
HELPS YOU TO MEET GDPR REGULATIONS
Compliant and sustainable long-term GDPR operational behaviour. Have a rock-solid foundation for privacy procedures and GDPR mandate compliance.
Discover more trending and viral stories from our GDPR Service. The remaining Private Data breaches made news headlines. All these news related to GDPR Services happened just in the last week.
- The agency that manages Greece’s top-level internet domain has suffered another breach.
- It appears to be caused by state-sponsored actors dubbed Sea Turtle. This post describes the current attack, which used DNS hijacking techniques. Hackers breached Greece’s top-level domain registrar and Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques
- Chinese dating site Zhenai has had a breach that began in 2011.
- More than 5 million records were leaked, including email addresses and plain text passwords. A vast majority of users (77 percent) were already found in other breaches. User information disclosure follow-up: the best password change
- Facebook’s bid to quash data breach lawsuit dismissed by judge
- Facebook has failed in its attempt to prevent a lawsuit over a data breach impacting close to 30 million users from going to trial. Facebook’s bid to quash data breach lawsuit dismissed by judge
- Taiwan’s civil service system reports data breach
- Taiwan’s civil service system reported an information security breach incident on Monday (June 24), with the personal information of at least 240,000 civil servants being compromised. Taiwan’s civil service system reports data breach
- Laying blame on employee in Desjardins data breach is ignoring the big picture, security experts say
- Despite many blaming the employee who allegedly leaked almost 3 million individuals’ information in the recent data breach at The Desjardins Group, some experts warn that this is over-simplifying the problem and not laying enough blame on the company itself. Huge data theft by employee at Canadian credit union
- Data from LexisNexis and Pipl.com has been leaked online.
- More than 188 million records of theirs were found in a MongoDB database. They contain birth dates and employment information. The leak was discovered by researchers on a third-party website that had access to this information and eventually secured. Report: Detailed personal records of 188 million people found exposed on the web
- A Chinese provincial public security agency has leaked two ElasticSearch databases contained more than 90 million of its citizens online.
- The data includes private information such as birth dates and ID card numbers. It took a week for researchers to find the right contact to close the unintended access. Over 90 Million Records Leaked by Chinese Public Security Department
- There has been another fine for GDPR violations, this time levied at Marriott for its breach last November.
- A total of 7 million guest records of UK visitors, out of 339 million total records, have been leaked online since 2014. The Information Commissioner’s Office in the UK has set the fine at £99 million (or $124 million). Statement: Intention to fine Marriott International, Inc more than £99 million under GDPR for data breach
data protection OFFICER
Identify high-risk problems. Taking access and rights management into serious consideration is the foundation for a safely guarded online presence throughout your domain.