The latest Private Data breaches from our GDPR Services
– Week 36, 2019 –
This is a curated list about last week’s latest news from by our GDPR Services. Be informed about the latest Private Data breaches, identified and reported publicly during Week 36, 2019.
As these Private Data breaches have a severe negative impact on any business and highly serious legal consequences, consider a these GDPR Service packages: on-demand GDPR COMPLIANCE or a recurrent monthly service of GDPR COMPLIANCE ADD-ON together with your dedicated data protection OFFICER package.
- Teletext Holidays left 200k customer call recordings exposed in S3 bucket
- Teletext Holidays managed to leave more than 200,000 customer phone call recordings exposed on an unsecured AWS server, according to reports. A total of 532,000 files were exposed on AWS servers belonging to Truly Travel, the company that trades as Teletext Holidays, of which 212,000 were recordings of live news. Get your grandparents to book with someone else
- 122,000 Providence Health Plan customers may be affected by data breach
- The personal information of as many as 122,000 customers of Providence Health Plan’s dental program in Oregon may have been compromised in a security breach at the program’s administrator, Virginia-based Dominion National. Customers of Providence Health Plan’s dental program may have been involved in a data breach at the administrator of the program, Dominion National.
- Foxit Software reveals data breach that exposed users’ email addresses, passwords and more
- The company — famed for PDF applications such as Foxit Reader and PhantomPDF — does not say when the incident took place, nor how many users are affected, but it explains that “My Account” section of user accounts was exposed. This includes data such as email addresses, passwords, users’ names, phone numbers, company names and IP addresses, but not payment information. Foxit Software has revealed that it “recently” suffered a security breach in which private user data was exposed to unnamed third parties.
- Up to a dozen school districts in Central New York, including North Syracuse and Fayetteville-Manlius, have been affected by a Pearson data breach.
- Pearson is a London-based firm that’s one of the largest publishers of print and digital textbooks. Their software monitors kids’ reading and writing scores all the way into high school. A spokesperson explained they’re informing all schools impacted by the breach and leaving it to those schools to inform their communities. The company claims only names, addresses and dates of birth were compromised. Data breach compromises students’ personal information in dozens of CNY school districts
- BEC-relatedcyber-insurance claims accounted for nearly a quarter of all claims in the EMEA region, AIG said.
- Business email compromise (BEC) has overtaken ransomware and data breaches as the main reason companies filed a cyber-insurance claim in the EMEA (Europe, the Middle East, and Asia) region last year, said insurance giant AIG. According to statistics published in July, AIG said that BEC-related insurance filings accounted for nearly a quarter (23%) of all cyber-insurance claims the company received in 2018. BEC overtakes ransomware and data breaches in cyber-insurance claims
- Login details of more than 36 million Poshmark accounts are available for sale in the cybercrime underground.
- Earlier in August, Poshmark, a social commerce marketplace where people in the United States can buy and sell new or used clothing, shoes, and accessories, disclosed a data breach that took place in May 2018. The company discovered unauthorized access to its servers, the intruders stole personal information of the users, including usernames, hashed passwords, first and last names, gender information, and city of residenc. One million cracked Poshmark accounts being sold online
Discover more trending and viral stories from our GDPR Service. The remaining Private Data breaches made news headlines: Cosmetics Giant Yves Rocher + XKCD + DK-Lok + latest from Facebook. All these news related to GDPR Services happened just in Week 36, 2019.
- DATA LEAK HITS 2.5 MILLION CUSTOMERS OF COSMETICS GIANT YVES ROCHER
- A French retail consultancy exposed data on millions of its clients’ customers as well as sensitive business information, after researchers discovered an unsecured Elasticsearch database. Aliznet, which specializes in digital transformation, names the likes of tech giants IBM, Oracle and Salesforce, retail leaders like Auchan, and big brands including Yves Rocher and Lacoste as its clients. However, researchers from vpnMentor were able to access a private Aliznet database containing data on 2.5 million Canadian Yves Rocher customers. This included names, phone numbers, email addresses, dates of birth and postcodes. They also discovered over six million customer orders in the database, including transaction amount, currency used, delivery date and store location. Data Leak Hits 2.5 Million Customers of Cosmetics Giant Yves Rocher
- XKCD forum breach exposes details from over 560,000 user accounts
- XKCD, the sarcastic webcomic revered by science and tech geeks, is now the butt of someone else’s joke. Hackers breached the forum of the 14-year old site, stealing over 560,000 usernames, emails, IP addresses and hashed passwords. Security researcher Troy Hunt, who owns the data breach website Have I Been Pwned, alerted the site’s administrators over the weekend. Hunt was originally tipped off about the breach by white hat hacker Adam Davies. Hackers breached the forum of the popular webcomic.
- Phishing attack exposes patient info at Conway Regional Medical Center
- Patients who may have been affected were notified last month. In a letter dated Aug. 23, the hospital system says the breach was discovered in June after “unusual activity” surrounding employee email accounts was detected. Patient names, addresses, Social Security numbers, health insurance information and “limited” medical information may have been accessed as part of the data breach, Conway Regional Health System said in a statement Wednesday. The hospital system said it had not found any incidents where the information was misused. It did not say how many patients were affected. An intruder gained access to patient and physician information at Conway Regional Medical Center after an email phishing attack
- DK-Lok data breach exposes global enterprise client data, internal emails
- Perhaps, one day, the continual stream of data leaks and cybersecurity breaches stemming from open databases will make organizations sit up, take notice, check their IT infrastructure, and resolve any security problems they find. Today is not that day it seems for DK-Lok, the latest entry in a long list of companies which have left their private emails and communications available for the world to see. Requests to plug the leaking database were trashed – information ironically revealed through the exposed system.
- Researchers Discover Vulnerable SCADA Product & Responsive SCADA Vendor
- 2 critical vulnerabilities with one basically being a backdoor into highly privileged functionality to manage the software. The other was related to missing permission checks when accessing a servlet that allowed performing sensitive database queries to e.g. disclose usernames and passwords. Other vulnerabilities allowed remote attackers to lock out accounts or local attackers to disclose passwords or gain SYSTEM privileges. multiple vulnerabilities in the AK-EM 800 product from the major SCADA vendor Danfoss
- Huge Facebook leak exposes 400 MILLION users’ phone numbers in latest privacy lapse
- Phone numbers linked to more than 400 million Facebook accounts have been posted online in the latest security disaster for the firm. According to TechCrunch, 133 million US accounts, more than 50 million in Vietnam, and 18 million in Britain were among 419 million records left in an open online server that was not secured with a password. This includes, according to the person who unearthed the database, profiles and phone numbers of some celebrities. Details from more than 400 million Facebook accounts were listed online + An exposed server stored 419 million records on users across several databases + Included 133 million US accounts and 18 million people in Britain