GDPR Services report 15 Private Data breaches
– WEEK 22, 2019 –
This is a curated list about last week’s latest news from by our GDPR Services. Be informed about the latest 15 Private Data breaches, identified and reported publicly during WEEK 22, 2019.
As these Private Data breaches have a severe negative impact on any business and highly serious legal consequences, consider a these GDPR Service packages: on-demand GDPR COMPLIANCE or a recurrent monthly service of GDPR COMPLIANCE ADD-ON together with your dedicated data protection OFFICER package.
- Researchers discovered in early April an unprotected Elasticsearch node on the Investment Week website.
- Two weeks later, on 18 April 2019, they probed manually and found a database containing approximately 330,000 unprotected records of sensitive personal user information: Full names, Email addresses, Subscription information, City, Phone number, Company Country. The records contained unsalted, md5 hashed passwords. All passwords have been reset as a result. UK’s Investment Week data leak: 330k user records exposed and Potential data breach management
- The news aggregator Flipboard was breached and hackers stole user credentials from its servers.
- The event went undetected for nine months and was only found after a second intrusion was discovered. The issue here is because of how the site operates, these credentials include links to social media and other accounts of each user. The company said it had not seen unauthorized access to third-party accounts. All passwords and third-party tokens have been reset as a precaution, even though not every user was impacted. NOTICE OF SECURITY INCIDENT
- Hackers had breached the network of Perceptics. Given the kind of data collected by these systems, it is a major breach.
- The company is the major supplier of automated license plate reader technology for US Customs and operates at dozens of our border crossings. The company confirmed the breach but provided no specific details. Reporters at The Register broke the story and offered evidence that the stolen data appears to be legit. “The nature of the company’s business – border security data acquisition, commercial vehicle inspection, electronic toll collection and roadway monitoring – means that it’s likely to have a significant amount of sensitive information.” Maker of US border’s license-plate scanning tech ransacked by hacker, blueprints and files dumped online
- Equifax’ bond rating was downgraded last week by Moody’s service.
- It is THE 1ST TIME Moody’s has done so because of a security breach. Moody’s noted that Equifax still needed to make infrastructure improvements to address systemic security weaknesses since the 2017 breach and resulting lawsuits. Equifax Is Finally Getting Kicked in the Money Bags Due to Its Disastrous 2017 Hack and MOODY’S REVISES EQUIFAX OUTLOOK POST-BREACH
- Australian online photo editing company Canva has been hacked by GnosticPlayers.
- More than 139M users’ details have been leaked online and they appear to be legitimate credentials. This is the same group that now claims to have leaked a billion credentials since February. Canva quickly detected the breach and corrected the problem. Australian tech unicorn Canva suffers security breach and CYBERSECURITYHacker Who Previously Sold Stolen Data Online Claimed Responsibility Over Canva Breach
- Julian Assange faced new charges last week, including violations of the Espionage Act.
- He is one of the few civilians ever cited. Since 1945, this act has been used 11 times to prosecute government employees who shared classified information with journalists, with seven cases brought under Obama’s term, including Chelsea Manning and Edward Snowden. WikiLeaks’ Assange charged under the Espionage Act in a ‘major test case’ for press freedom and What You Should Know About the Espionage Act
- One of the largest real estate title companies has been using extremely poor security for years.
- One website operated by First American Financial Corp. had designed their database so that anyone who knew the URL for a valid document could view other documents easily. These documents contain SSNs, bank accounts, and other personal financial data. Hundreds of millions of files could have been accessed. The company acknowledged a “design defect” and removed the website to work on a fix. First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records