GDPR Services report 24 Private Data breaches – Week 28, 2019

GDPR Services report 24 Private Data breaches – Week 28, 2019

GDPR Services report 24 Private Data breaches

– Week 28, 2019 –

This is a curated list about last week’s latest news from by our GDPR Services. Be informed about the latest 24 Private Data breaches, identified and reported publicly during Week 28, 2019.

As these Private Data breaches have a severe negative impact on any business and highly serious legal consequences, consider a these GDPR Service packages: on-demand GDPR COMPLIANCE or a recurrent monthly service of GDPR COMPLIANCE ADD-ON together with your dedicated data protection OFFICER package.

 

on-demand GDPR Services

A Partner You Can Depend on to Help Your Organisation Meet GDPR Compliance. Industry leaders. Award-winning experience. All you need to know, to keep your business safe.


  • MongoDB Database Exposed 188 Million Records: Researchers
    • Security researchers have found yet another unsecured database that left personal data exposed to the internet. In this latest case, a MongoDB database containing about 188 million records, mostly culled from websites and search engines, was exposed, researchers say. Data Apparently Originated in a GitHub Repository

  • K12.com, an online education platform, inadvertently exposed the personal information of nearly seven million students
    • The exposed database contained full names, email addresses, birthdates and gender identities, as well as the school that the students attend, authentication keys for accessing their accounts and other internal data. The information was available online for more than one week, and it’s unclear if the database was at any point accessed by malicious actors. Engadget reached out to K12.com for additional information regarding the data exposure and will update this story if we hear back. K12.com exposed 7 million student records for a week

  • Huawei continues to have issues.
    • First are reports of strong links between Huawei employees and Chinese intelligence agencies. Huawei says this is extremely common. So why did the company try to hide these credentials? Next are reports about three major vulnerabilities found in its web application products from Swascan. These include out of bounds exploits and command injections. The two companies worked together to fix the issues. Finally, the researchers at Finite State identified other bugs in various firmware images. “In virtually all categories we studied, we found Huawei devices to be less secure than comparable devices from other vendors,”. Huawei staff CVs reveal alleged links to Chinese intelligence agencies and Swascan uncovers Huawei ‘s vulnerabilities (pdf)

  • GDPR Services: British Airways has been hit with a massive £183 million (equivalent to $229 million) fine by the U.K. regulatory agency ICO.

  • The FBI and the Immigration and Customs Enforcement agencies have been using driver’s license photos to feed data to thousands of facial recognition searches.
    • This is without the drivers’ consent, according to this report. This means that these photos of many people are collected even though they haven’t been charged with a crime. Given that this is being done without any explicit legal approval, Congress is gearing up for legislation to regulate these activities. Both San Francisco and Somerville, Massachusetts, have banned police and other municipal agencies from using any facial recognition software. FBI, ICE find state driver’s license photos are a gold mine for facial-recognition searches

  • Hackers have compromised the credentials of the GitHub account of Canonical.
    • The company maintains one of the most popular Linux distributions, Ubuntu, and this account is used to post updates to portions of the OS and related apps. No source code was affected and the credentials were swiftly removed. Ubuntu-Maker Canonical’s GitHub Account Gets Hacked

  • Perhaps one of the more audacious vulnerabilities was found by a researcher on the Mac Zoom video conferencing client.

  • Researchers found a phony malware-infested Google Android app on 25 million phones, with half of them in India.


  • A new type of FinSpy mobile implants has been found and linked to the Gamma hacking Group.
    • This malware is an info stealer and its mobile versions have been around since 2012. The latest version can steal data from more smartphone apps on both iOS and Android devices, including recording voice calls. New FinSpy iOS and Android implants revealed ITW

  • The Buhtrap hacking group has stepped up its game and is now using a zero-day privilege escalation bug (CVE-2019-1132) for the first time.

  • Glamoriser hair straighteners have a Bluetooth connection.
    • The smartphone app that connects to the device can be compromised to literally burn down your house with the right code injection. Burning down the house with IoT

 

HELPS YOU TO MEET GDPR REGULATIONS

Compliant and sustainable long-term GDPR operational behaviour. Have a rock-solid foundation for privacy procedures and GDPR mandate compliance.

Discover trending and viral stories about Private Data breaches Worldwide. The remaining Security breaches made news headlines. All these happened just last week.


 

data protection OFFICER

Identify high-risk problems. Taking access and rights management into serious consideration is the foundation for a safely guarded online presence throughout your domain.

Do you have any questions about our GDPR Service or related to GDPR Services in general? Leave your thoughts about these Private Data breaches in the comments below!
Summary
GDPR Services report 24 Private Data breaches – Week 28, 2019
Article Name
GDPR Services report 24 Private Data breaches – Week 28, 2019
Description
This is a curated list about last week’s latest news from by our GDPR Services. Be informed about the latest 24 Private Data breaches, identified and reported publicly during Week 28, 2019.
Author
Publisher
owl power EUROPE

Related Posts

Leave a comment

Do NOT follow this link or you will be banned from the site!