Scroll Top

The latest Private Data breaches from our GDPR Services – Week 37, 2019


The latest Private Data breaches from our GDPR Services

– Week 37, 2019 –

This is a curated list about last week’s latest news from by our GDPR Services. Be informed about the latest Private Data breaches, identified and reported publicly during Week 37, 2019.

As these Private Data breaches have a severe negative impact on any business and highly serious legal consequences, consider a these GDPR Service packages: on-demand GDPR COMPLIANCE or a recurrent monthly service of GDPR COMPLIANCE ADD-ON together with your dedicated data protection OFFICER package.


on-demand GDPR Services

A Partner You Can Depend on to Help Your Organisation Meet GDPR Compliance. Industry leaders. Award-winning experience. All you need to know, to keep your business safe.

  • NZ Transport Agency admits data breach after lax security
    • The New Zealand Transport Agency has admitted to a technology botch up leaving what was meant to be a highly secure data key wide open. “The Transport Agency can confirm the Google API was incorrectly left open as part of the Traffic Watcher pre-production set up,” NZTA said in statement. The key is a unique code used to access data from Google’s application programming interface (API), in this case through 2018 and in early 2019. It was used to build Traffic Watcher, an online tool for transport operations centres, maintenance contractors and the police. NZTA denies the bungle cost taxpayers but admits it did not keep track of such expenses

  • 320,000 patient files at risk from ransomware in a Utah attack

  • 198 Million Car-Buyer Records Exposed Online for All to See
    • Over 198 million records containing information on prospective car buyers, including loan and finance data, vehicle information and IP addresses for website visitors, has been found exposed on the internet for anyone to see. The non-password protected Elasticsearch database belonged to Dealer Leads, which is a company that gathers information on prospective buyers via a network of SEO-optimized, targeted websites. According to Jeremiah Fowler, senior security researcher at Security Discovery, the websites all provide car-buying research information and classified ads for visitors. They collect this info and send it on to franchise and independent car dealerships to be used as sales leads. The exposed database in total contained 413GB of data. An ElasticSearch DB belonging to Dealer Leads exposed a raft of information collected by “research” websites aimed at prospective car buyers.



Compliant and sustainable long-term GDPR operational behaviour. Have a rock-solid foundation for privacy procedures and GDPR mandate compliance.

Discover more trending and viral stories from our GDPR Service. The remaining Private Data breaches made news headlines: UNICEF, Garmin, Monster.com, CircleCI, Pearson. All these news related to GDPR Services happened just in Week 37, 2019.

  • Garmin SA Shopping Portal Breach Leads to Theft of Payment Data
    • Garmin Southern Africa (Garmin SA) disclosed today in a series of notifications sent to its customers that payment and sensitive personal information were stolen from orders placed on the shop.garmin.co.za shopping portal. Garmin SA was previously a Garmin distributor named Garmin Distribution Africa (GDA) before being acquired by Garmin, a global leader in satellite navigation, on September 2011. Payment info including CVV codes stolen

  • Monster.com says a third party exposed user data but didn’t tell anyone

  • Monster Defends Data Leak Response
    • Reports emerged late last week that résumés and other documents belonging to an undisclosed number of job-seekers were found unprotected on the internet by a security researcher: the latest in a long line of privacy snafus. However, although some were identified as having been posted to Monster, the jobs site clarified that the issue was actually the fault of one of its customers. “We alerted the customer and the customer immediately resolved the issue,” said the firm’s chief privacy officer, Michael Jones, in a statement sent to Infosecurity. “As a result of this incident, we have terminated the customer’s contract.” He went on to explain why Monster should not be held responsible for the incident. Sensitive personal data uploaded to a popular recruitment site has been found exposed on an unsecured web server after a third-party client failed to keep it secure.

  • CircleCI Customer Data Exposed Through Third-Party Vendor
    • CircleCI, a San Francisco-based company that specializes in continuous integration and delivery solutions, on Thursday informed customers that some of their information may have been exposed through a third-party analytics vendor. The DevOps firm said it became aware on August 31 that an attacker had gained access to some user data in its vendor account. An investigation is ongoing, but so far it appears that the incident impacts customers who accessed the CircleCI platform between June 30, 2019, and August 31, 2019. CircleCI Customer Data Exposed Through Third-Party Vendor

  • Pearson, a British-owned education publishing company, is at the center of a lawsuit filed by an Illinois woman and her daughter over the handling of a data breach involving student personal information.
    • An Illinois woman and her daughter filed a lawsuit Thursday against education publishing giant Pearson, accusing the British-owned company of negligently handling student data and causing a data breach that compromised the personal information of nearly one million students in 13 states, including tens of thousands in the Chicago area. The suit alleges the company concealed the breach from students and parents for more than four months. Pearson, headquartered in London but operating in all 50 states, is one of the largest publishers in the world, providing educational tools to schools. Lawsuit Alleges Publisher Breach Affected 1M Students



data protection OFFICER

Identify high-risk problems. Taking access and rights management into serious consideration is the foundation for a safely guarded online presence throughout your domain.

Do you have any questions related to GDPR Services in general? Leave your thoughts about these Private Data breaches in the comments below!

Related Posts