Scroll Top

The latest Private Data breaches from our GDPR Services – Week 38, 2019


The latest Private Data breaches from our GDPR Services

– Week 38, 2019 –

This is a curated list about last week’s latest news from by our GDPR Services. Be informed about the latest Private Data breaches, identified and reported publicly during Week 38, 2019.

As these Private Data breaches have a severe negative impact on any business and highly serious legal consequences, consider a these GDPR Service packages: on-demand GDPR COMPLIANCE or a recurrent monthly service of GDPR COMPLIANCE ADD-ON together with your dedicated data protection OFFICER package.


on-demand GDPR Services

A Partner You Can Depend on to Help Your Organisation Meet GDPR Compliance. Industry leaders. Award-winning experience. All you need to know, to keep your business safe.

  • A Magecart card-skimming campaign this month sabotaged the mobile websites of two hotel chains
    • The third party in both instances was Roomleader, a Barcelona-based provider of digital marketing and web development services. One of the ways Roomleader helps hospitality companies build out their online booking functionality is through a library module called “viewedHotels,” which saves viewed hotel information in visitors’ browser cookies. Both of the affected hotel chains implemented this module, which the adversaries had infected with malicious JavaScript after first compromising Roomleader, according to Trend Micro, whose researchers discovered the attacks and disclosed them in a company blog post today. The lodging chains were not named, but one has 107 hotels in 14 countries and the other has 73 hotels in 14 countries. Hotel websites infected with skimmer via supply chain attack

  • Ecuador police arrest director of data analytics firm that leaked the personal records of most of Ecuador’s population.
    • Ecuadorian authorities have arrested the executive of a data analytics firm after his company left the personal records of most of Ecuador’s population exposed online on an internet server. According to our reporting, a local data analytics company named Novaestrat left an Elasticsearch server exposed online without a password, allowing anyone to access its data. The data stored on the server included personal information for 20.8 million Ecuadorians (including the details of 6.7 million children), 7.5 million financial and banking records, and 2.5 million car ownership records. Arrest made in Ecuador’s massive data breach



Compliant and sustainable long-term GDPR operational behaviour. Have a rock-solid foundation for privacy procedures and GDPR mandate compliance.

Discover more trending and viral stories from our GDPR Service. Private Data breaches made news headlines: a national security case, Malindo Air, Lion Air, Thinkful, Chegg and Chicago brokerage. All these news related to GDPR Services happened just in Week 38, 2019.

  • A top intelligence official with the Royal Canadian Mounted Police who had access to a wide array of highly sensitive information gathered by Canada and its allies has been charged with passing along or offering secrets.
    • The official, Cameron Ortis, the director general of the force’s National Intelligence Coordination Center, faces three charges under a rarely used national secrets law. Arrested on Friday, he also faces criminal charges of breach of trust and unauthorized use of a computer. “He would have had at least top-secret clearance and he would have had access to a great deal of sensitive information,” said Wesley Wark, a visiting research professor at the University of Ottawa who studies intelligence and national security. “This has the appearance of a long investigation and the longer these investigations go, the more likely it is that it involved allied partners.” Top Canadian Intelligence Official Charged With Leaking Secrets

  • Passport data of 30 million Malindo and Lion Air customers leaked
    • Two airlines have confirmed a leak of sensitive passenger data seven days after a cybercrime Twitter channel, named Under The Breach, detected it being shared and sold online. The channel found that two directories of backup files for Malindo Air, Thai Lion Air and Batik Air containing over 30 million records of passport details, addresses and phone numbers had been posted by a hacker on the Dark Web. All three are subsidiaries of Indonesia’s Lion Group. Malindo Air said it was investigating the breach and had notified Malaysian and international authorities.

  • Thinkful confirms data breach days after Chegg’s $80M acquisition
    • “We recently discovered that an unauthorized party may have gained access to certain Thinkful company credentials so, out of an abundance of caution, we are notifying all of our users,” said Erin Rosenblatt, the company’s vice-president of operations, in an email to users. “As soon as we discovered this unauthorized access, we promptly changed the credentials, took additional steps to enhance the security measures we have in place, and initiated a full investigation,” the executive said. At the time of writing, there has been no public acknowledgement of the breach beyond the email to users. Thinkful, an online education site for developers, has confirmed a data breach, just days after it confirmed it would be acquired.

  • Chicago brokerage to pay $1.5 million for cyber attack lapses: U.S. CFTC
    • (Reuters) – The U.S. Commodities Futures Trading Commission (CFTC) said on Friday that a Chicago-based futures brokerage will pay a total of $1.5 million for letting cyber criminals breach the firm’s email systems and withdraw $1 million from a customer’s account. Phillip Capital Inc (PCI) neither admitted nor denied the CFTC’s findings or conclusions, the CFTC said in a settlement with the firm. A Phillip Capital representative did not return a call requesting comment. PCI violated U.S. regulations by, among other things, failing to disclose the breach to customers, the CFTC said.



data protection OFFICER

Identify high-risk problems. Taking access and rights management into serious consideration is the foundation for a safely guarded online presence throughout your domain.

Do you have any questions related to GDPR Services in general? Leave your thoughts about these Private Data breaches in the comments below!

Related Posts