GDPR Services report 15 Private Data breaches
– WEEK 22, 2019 –
This is a curated list about last week's latest news from by our GDPR Services. Be informed about the latest 15 Private Data breaches, identified and reported publicly during WEEK 22, 2019.
As these Private Data breaches have a severe negative impact on any business and highly serious legal consequences, consider a these GDPR Service packages: on-demand GDPR COMPLIANCE or a recurrent monthly service of GDPR COMPLIANCE ADD-ON together with your dedicated data protection OFFICER package.
on-demand GDPR Services
A Partner You Can Depend on to Help Your Organisation Meet GDPR Compliance. Industry leaders. Award-winning experience. All you need to know, to keep your business safe.
- Researchers discovered in early April an unprotected Elasticsearch node on the Investment Week website.
- Two weeks later, on 18 April 2019, they probed manually and found a database containing approximately 330,000 unprotected records of sensitive personal user information: Full names, Email addresses, Subscription information, City, Phone number, Company Country. The records contained unsalted, md5 hashed passwords. All passwords have been reset as a result. UK’s Investment Week data leak: 330k user records exposed and Potential data breach management
- The news aggregator Flipboard was breached and hackers stole user credentials from its servers.
- The event went undetected for nine months and was only found after a second intrusion was discovered. The issue here is because of how the site operates, these credentials include links to social media and other accounts of each user. The company said it had not seen unauthorized access to third-party accounts. All passwords and third-party tokens have been reset as a precaution, even though not every user was impacted. NOTICE OF SECURITY INCIDENT
- Hackers had breached the network of Perceptics. Given the kind of data collected by these systems, it is a major breach.
- The company is the major supplier of automated license plate reader technology for US Customs and operates at dozens of our border crossings. The company confirmed the breach but provided no specific details. Reporters at The Register broke the story and offered evidence that the stolen data appears to be legit. “The nature of the company's business – border security data acquisition, commercial vehicle inspection, electronic toll collection and roadway monitoring – means that it's likely to have a significant amount of sensitive information.” Maker of US border's license-plate scanning tech ransacked by hacker, blueprints and files dumped online
- Equifax’ bond rating was downgraded last week by Moody’s service.
- It is THE 1ST TIME Moody's has done so because of a security breach. Moody’s noted that Equifax still needed to make infrastructure improvements to address systemic security weaknesses since the 2017 breach and resulting lawsuits. Equifax Is Finally Getting Kicked in the Money Bags Due to Its Disastrous 2017 Hack and MOODY’S REVISES EQUIFAX OUTLOOK POST-BREACH
- Australian online photo editing company Canva has been hacked by GnosticPlayers.
- More than 139M users’ details have been leaked online and they appear to be legitimate credentials. This is the same group that now claims to have leaked a billion credentials since February. Canva quickly detected the breach and corrected the problem. Australian tech unicorn Canva suffers security breach and CYBERSECURITYHacker Who Previously Sold Stolen Data Online Claimed Responsibility Over Canva Breach
- Julian Assange faced new charges last week, including violations of the Espionage Act.
- He is one of the few civilians ever cited. Since 1945, this act has been used 11 times to prosecute government employees who shared classified information with journalists, with seven cases brought under Obama’s term, including Chelsea Manning and Edward Snowden. WikiLeaks’ Assange charged under the Espionage Act in a ‘major test case’ for press freedom and What You Should Know About the Espionage Act
- One of the largest real estate title companies has been using extremely poor security for years.
- One website operated by First American Financial Corp. had designed their database so that anyone who knew the URL for a valid document could view other documents easily. These documents contain SSNs, bank accounts, and other personal financial data. Hundreds of millions of files could have been accessed. The company acknowledged a “design defect” and removed the website to work on a fix. First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records
HELPS YOU TO MEET GDPR REGULATIONS
Compliant and sustainable long-term GDPR operational behaviour. Have a rock-solid foundation for privacy procedures and GDPR mandate compliance.
Discover more trending and viral stories from our GDPR Service. The remaining Private Data breaches made news headlines. All these news related to GDPR Services happened just in the last week.
- Massive data breach exposes ages, addresses, income on 80 million U.S. families
- It is scary enough that a team of Israeli security researchers discovered a massive unprotected database with the full names, ages, income brackets and marital status on more than 80 million U.S. households. Massive data breach exposes ages, addresses, income on 80 million U.S. families
- Docker Hub Suffers a Data Breach, Asks Users to Reset Password
- Docker Hub, one of the largest cloud-based library of Docker container images, has suffered a data breach after an unknown attacker gained access to the company's single Hub database. Docker Hub Suffers a Data Breach, Asks Users to Reset Password
- Parenting club Bounty fined £400,000 for selling users' data
- The parenting club Bounty has been fined £400,000 – one of the largest penalties possible – for sharing its data with marketing agencies without users’ permission. Company illegally shared 34.4m records with 39 companies, information commissioner finds
- Mailing Error for Inmediata, While Reporting Health Data Breach
- Patients impacted by Inmediata Health Group’s web exposure breach are reportedly receiving multiple breach notification letters, some addressed to other patients. 1.5M Patients Impacted by Inmediata Breach, Mailing Issue
- Quest Diagnostics suffered a major data breach that began last August.
- Almost 12M customers could be at risk, thanks to a leak in one of their third-party billing providers, the American Medical Collection Agency. Banking data and SSNs could be part of the breach but not lab test results. Quest had another breach three years ago. Quest Diagnostics says 11.9 million patients affected by data breach
- A large collection of Instagram users’ data has been leaked online.
- It was caused by an unsecured AWS storage bucket and appears to contain public data from influencer accounts created by the Indian marketing company Chtrbox. The actual number of unique accounts is still in dispute, but could be from tens of thousands to a million or more users. Millions of Instagram influencers had their contact data scraped and exposed
- A reporter was able to account for more than 5000 different tracking apps operating sub rosa on his iPhone.
- If you ever wondered why your battery life drops when you are sleeping, now you know. Yelp is one of the worst trackers and you might want to delete it. While you’re sleeping, your iPhone stays busy — snooping on you
- The drive-thru restaurant chain Checkers/Rally suffered a data breach.
- Malware was placed on the payment processing system at more than 100 stores, which is about 15 percent of the total in the combined chain. The company posted the locations and time frames, and said possible payment card data could have been compromised. Some stores were breached in 2016. NOTICE OF DATA BREACH
data protection OFFICER
Identify high-risk problems. Taking access and rights management into serious consideration is the foundation for a safely guarded online presence throughout your domain.