Scroll Top

GDPR Services report 24 Private Data breaches – Week 28, 2019


GDPR Services report 24 Private Data breaches

– Week 28, 2019 –

This is a curated list about last week’s latest news from by our GDPR Services. Be informed about the latest 24 Private Data breaches, identified and reported publicly during Week 28, 2019.

As these Private Data breaches have a severe negative impact on any business and highly serious legal consequences, consider a these GDPR Service packages: on-demand GDPR COMPLIANCE or a recurrent monthly service of GDPR COMPLIANCE ADD-ON together with your dedicated data protection OFFICER package.


on-demand GDPR Services

A Partner You Can Depend on to Help Your Organisation Meet GDPR Compliance. Industry leaders. Award-winning experience. All you need to know, to keep your business safe.

  • MongoDB Database Exposed 188 Million Records: Researchers
    • Security researchers have found yet another unsecured database that left personal data exposed to the internet. In this latest case, a MongoDB database containing about 188 million records, mostly culled from websites and search engines, was exposed, researchers say. Data Apparently Originated in a GitHub Repository

  • K12.com, an online education platform, inadvertently exposed the personal information of nearly seven million students
    • The exposed database contained full names, email addresses, birthdates and gender identities, as well as the school that the students attend, authentication keys for accessing their accounts and other internal data. The information was available online for more than one week, and it’s unclear if the database was at any point accessed by malicious actors. Engadget reached out to K12.com for additional information regarding the data exposure and will update this story if we hear back. K12.com exposed 7 million student records for a week

  • Huawei continues to have issues.
    • First are reports of strong links between Huawei employees and Chinese intelligence agencies. Huawei says this is extremely common. So why did the company try to hide these credentials? Next are reports about three major vulnerabilities found in its web application products from Swascan. These include out of bounds exploits and command injections. The two companies worked together to fix the issues. Finally, the researchers at Finite State identified other bugs in various firmware images. “In virtually all categories we studied, we found Huawei devices to be less secure than comparable devices from other vendors,”. Huawei staff CVs reveal alleged links to Chinese intelligence agencies and Swascan uncovers Huawei ‘s vulnerabilities (pdf)

  • GDPR Services: British Airways has been hit with a massive £183 million (equivalent to $229 million) fine by the U.K. regulatory agency ICO.

  • The FBI and the Immigration and Customs Enforcement agencies have been using driver’s license photos to feed data to thousands of facial recognition searches.
    • This is without the drivers’ consent, according to this report. This means that these photos of many people are collected even though they haven’t been charged with a crime. Given that this is being done without any explicit legal approval, Congress is gearing up for legislation to regulate these activities. Both San Francisco and Somerville, Massachusetts, have banned police and other municipal agencies from using any facial recognition software. FBI, ICE find state driver’s license photos are a gold mine for facial-recognition searches

  • Hackers have compromised the credentials of the GitHub account of Canonical.
    • The company maintains one of the most popular Linux distributions, Ubuntu, and this account is used to post updates to portions of the OS and related apps. No source code was affected and the credentials were swiftly removed. Ubuntu-Maker Canonical’s GitHub Account Gets Hacked

  • Perhaps one of the more audacious vulnerabilities was found by a researcher on the Mac Zoom video conferencing client.

  • Researchers found a phony malware-infested Google Android app on 25 million phones, with half of them in India.

  • A new type of FinSpy mobile implants has been found and linked to the Gamma hacking Group.
    • This malware is an info stealer and its mobile versions have been around since 2012. The latest version can steal data from more smartphone apps on both iOS and Android devices, including recording voice calls. New FinSpy iOS and Android implants revealed ITW

  • The Buhtrap hacking group has stepped up its game and is now using a zero-day privilege escalation bug (CVE-2019-1132) for the first time.

  • Glamoriser hair straighteners have a Bluetooth connection.
    • The smartphone app that connects to the device can be compromised to literally burn down your house with the right code injection. Burning down the house with IoT



Compliant and sustainable long-term GDPR operational behaviour. Have a rock-solid foundation for privacy procedures and GDPR mandate compliance.

Discover trending and viral stories about Private Data breaches Worldwide. The remaining Security breaches made news headlines. All these happened just last week.

  • DNA Test Service Exposed Thousands of Client Records Online

  • US Customs and Border Protection reportedly suspends subcontractor over cyberattack
    • The US Customs and Border Protection has reportedly suspended a subcontractor following a “malicious cyberattack” in May that caused it to lose photos of travelers into and out of the country. Perceptics, which makes license plate scanners and other surveillance equipment for CBP, has been suspended from contracting with the federal government. A surveillance equipment provider may have been blacklisted by the federal government.

  • Gay dating app Jack’d fined $240k for exposing private photos
    • The parent company, Online Buddies, fixed the problem after one year they were informed by a cyber-security researcher Oliver Hough. The researcher informed the company about the flaw in February 2018, but the firm paid heed to the problem only in February 2019. A gay dating app Jack’d will have to pay $240,000 to its users after they exposed private intimate photos on the internet for at least a year.

  • GDPR Services: Mercyhealth recently announced it learned of a data breach involving the same third party vendor used by Beloit Health System, which reported a data breach earlier this year.
    • Mercyhealth and Beloit Health System used OS Inc. for claims processing and updating services. Both health systems say that on or about Dec. 21, 2018, OS Inc. learned of the suspicious activity and the company confirmed there was unauthorized access to employees’ email accounts from Oct. 15, 2018 through Dec. 21, 2018. MERCYHEALTH EXPERIENCES DATA BREACH

  • Largest private provider Eurofins hands over undisclosed fee to regain control of systems
    • Britain’s largest private forensics provider has paid a ransom to hackers after its IT systems were brought to a standstill by a cyber-attack, it has been reported. Eurofins, which is thought to carry out about half of all private forensic analysis, was targeted in a ransomware attack on 2 June, which the company described at the time as “highly sophisticated”. Three weeks later the company said its operations were “returning to normal”, but did not disclose whether or not a ransom had been paid. Hacked forensic firm pays ransom after malware attack

  • Security researchers have discovered another major digital skimming campaign, this time compromising over 960 e-commerce sites in just a day.
    • It described the discovery as “the largest automated campaign to date” – with 962 sites infected with the infamous Magecart code. That’s far higher than the previous number of 700 online stores and indicates a highly automated operation, as the attacks happened in a 24-hour period with victims located around the world. Magecart Blitz Stuns 962 E-commerce Sites in 24 Hours

  • Sensitive private and financial information of hundreds of Credit Card users were discovered to be stored in a database that lay unsecured.
    • The researchers running a simple scanning program discovered a database exposed on the Internet owned by Fieldwork Software. Shockingly, the data contained extensive financial details belonging to business clients. In addition to the Credit Card details, other highly sensitive information such as associated names, GPS tags, and even communication between the client and the service provider could be potentially accessed and exploited. The troubling aspect is that the scanning projects that exposed the leaky database is rather easy to deploy and is being increasingly used by professional hacking groups to exploit financial information or plant malware. Credit Card Details Including Personal Information, IP Addresses, And Other Communication Found Exposed Of Fieldwork Software

  • The U.K. data protection authority said it will serve hotel giant Marriott with a £99 million ($123 million) fine for a data breach that exposed up to 383 million guests.
    • Marriott revealed last year that its acquired Starwood properties had its central reservation database hacked, including five million unencrypted passport numbers and eight million credit card records. The breach dated back to 2014 but was not discovered until November 2018. Marriott later pulled the hacked reservation system from its operations. Marriott to face $123 million fine by UK authorities over data breach

  • A lawsuit claims FedEx violated federal securities laws after a cyber attack.
    • The suit, which impacts people who purchases FedEx stock in a 15-month period starting in September 2017, alleges that FedEx misguided investors about how fast it would be able to cover costs from the cyber attack that impacted one of its subsidiaries, TNT Express. Lawsuit claims FedEx misled investors after cyber attack



data protection OFFICER

Identify high-risk problems. Taking access and rights management into serious consideration is the foundation for a safely guarded online presence throughout your domain.

Do you have any questions about our GDPR Service or related to GDPR Services in general? Leave your thoughts about these Private Data breaches in the comments below!

Related Posts