Scroll Top

The latest Private Data breaches from our GDPR Services – Week 36, 2019


The latest Private Data breaches from our GDPR Services

– Week 36, 2019 –

This is a curated list about last week’s latest news from by our GDPR Services. Be informed about the latest Private Data breaches, identified and reported publicly during Week 36, 2019.

As these Private Data breaches have a severe negative impact on any business and highly serious legal consequences, consider a these GDPR Service packages: on-demand GDPR COMPLIANCE or a recurrent monthly service of GDPR COMPLIANCE ADD-ON together with your dedicated data protection OFFICER package.


on-demand GDPR Services

A Partner You Can Depend on to Help Your Organisation Meet GDPR Compliance. Industry leaders. Award-winning experience. All you need to know, to keep your business safe.

  • Teletext Holidays left 200k customer call recordings exposed in S3 bucket
    • Teletext Holidays managed to leave more than 200,000 customer phone call recordings exposed on an unsecured AWS server, according to reports. A total of 532,000 files were exposed on AWS servers belonging to Truly Travel, the company that trades as Teletext Holidays, of which 212,000 were recordings of live news. Get your grandparents to book with someone else

  • Up to a dozen school districts in Central New York, including North Syracuse and Fayetteville-Manlius, have been affected by a Pearson data breach.
    • Pearson is a London-based firm that’s one of the largest publishers of print and digital textbooks. Their software monitors kids’ reading and writing scores all the way into high school. A spokesperson explained they’re informing all schools impacted by the breach and leaving it to those schools to inform their communities. The company claims only names, addresses and dates of birth were compromised. Data breach compromises students’ personal information in dozens of CNY school districts

  • BEC-relatedcyber-insurance claims accounted for nearly a quarter of all claims in the EMEA region, AIG said.
    • Business email compromise (BEC) has overtaken ransomware and data breaches as the main reason companies filed a cyber-insurance claim in the EMEA (Europe, the Middle East, and Asia) region last year, said insurance giant AIG. According to statistics published in July, AIG said that BEC-related insurance filings accounted for nearly a quarter (23%) of all cyber-insurance claims the company received in 2018. BEC overtakes ransomware and data breaches in cyber-insurance claims

  • Login details of more than 36 million Poshmark accounts are available for sale in the cybercrime underground.
    • Earlier in August, Poshmark, a social commerce marketplace where people in the United States can buy and sell new or used clothing, shoes, and accessories, disclosed a data breach that took place in May 2018. The company discovered unauthorized access to its servers, the intruders stole personal information of the users, including usernames, hashed passwords, first and last names, gender information, and city of residenc. One million cracked Poshmark accounts being sold online



Compliant and sustainable long-term GDPR operational behaviour. Have a rock-solid foundation for privacy procedures and GDPR mandate compliance.

Discover more trending and viral stories from our GDPR Service. The remaining Private Data breaches made news headlines: Cosmetics Giant Yves Rocher + XKCD + DK-Lok + latest from Facebook. All these news related to GDPR Services happened just in Week 36, 2019.

    • A French retail consultancy exposed data on millions of its clients’ customers as well as sensitive business information, after researchers discovered an unsecured Elasticsearch database. Aliznet, which specializes in digital transformation, names the likes of tech giants IBM, Oracle and Salesforce, retail leaders like Auchan, and big brands including Yves Rocher and Lacoste as its clients. However, researchers from vpnMentor were able to access a private Aliznet database containing data on 2.5 million Canadian Yves Rocher customers. This included names, phone numbers, email addresses, dates of birth and postcodes. They also discovered over six million customer orders in the database, including transaction amount, currency used, delivery date and store location. Data Leak Hits 2.5 Million Customers of Cosmetics Giant Yves Rocher

  • XKCD forum breach exposes details from over 560,000 user accounts
    • XKCD, the sarcastic webcomic revered by science and tech geeks, is now the butt of someone else’s joke. Hackers breached the forum of the 14-year old site, stealing over 560,000 usernames, emails, IP addresses and hashed passwords. Security researcher Troy Hunt, who owns the data breach website Have I Been Pwned, alerted the site’s administrators over the weekend. Hunt was originally tipped off about the breach by white hat hacker Adam Davies. Hackers breached the forum of the popular webcomic.

  • Phishing attack exposes patient info at Conway Regional Medical Center
    • Patients who may have been affected were notified last month. In a letter dated Aug. 23, the hospital system says the breach was discovered in June after “unusual activity” surrounding employee email accounts was detected. Patient names, addresses, Social Security numbers, health insurance information and “limited” medical information may have been accessed as part of the data breach, Conway Regional Health System said in a statement Wednesday. The hospital system said it had not found any incidents where the information was misused. It did not say how many patients were affected. An intruder gained access to patient and physician information at Conway Regional Medical Center after an email phishing attack

  • DK-Lok data breach exposes global enterprise client data, internal emails

  • Researchers Discover Vulnerable SCADA Product & Responsive SCADA Vendor
    • 2 critical vulnerabilities with one basically being a backdoor into highly privileged functionality to manage the software. The other was related to missing permission checks when accessing a servlet that allowed performing sensitive database queries to e.g. disclose usernames and passwords. Other vulnerabilities allowed remote attackers to lock out accounts or local attackers to disclose passwords or gain SYSTEM privileges. multiple vulnerabilities in the AK-EM 800 product from the major SCADA vendor Danfoss



data protection OFFICER

Identify high-risk problems. Taking access and rights management into serious consideration is the foundation for a safely guarded online presence throughout your domain.

Do you have any questions related to GDPR Services in general? Leave your thoughts about these Private Data breaches in the comments below!

Related Posts