The latest Private Data breaches from our GDPR Services
– Week 38, 2019 –
This is a curated list about last week’s latest news from by our GDPR Services. Be informed about the latest Private Data breaches, identified and reported publicly during Week 38, 2019.
As these Private Data breaches have a severe negative impact on any business and highly serious legal consequences, consider a these GDPR Service packages: on-demand GDPR COMPLIANCE or a recurrent monthly service of GDPR COMPLIANCE ADD-ON together with your dedicated data protection OFFICER package.
- A Magecart card-skimming campaign this month sabotaged the mobile websites of two hotel chains
- Ecuador police arrest director of data analytics firm that leaked the personal records of most of Ecuador’s population.
- Ecuadorian authorities have arrested the executive of a data analytics firm after his company left the personal records of most of Ecuador’s population exposed online on an internet server. According to our reporting, a local data analytics company named Novaestrat left an Elasticsearch server exposed online without a password, allowing anyone to access its data. The data stored on the server included personal information for 20.8 million Ecuadorians (including the details of 6.7 million children), 7.5 million financial and banking records, and 2.5 million car ownership records. Arrest made in Ecuador’s massive data breach
Discover more trending and viral stories from our GDPR Service. Private Data breaches made news headlines: a national security case, Malindo Air, Lion Air, Thinkful, Chegg and Chicago brokerage. All these news related to GDPR Services happened just in Week 38, 2019.
- A top intelligence official with the Royal Canadian Mounted Police who had access to a wide array of highly sensitive information gathered by Canada and its allies has been charged with passing along or offering secrets.
- The official, Cameron Ortis, the director general of the force’s National Intelligence Coordination Center, faces three charges under a rarely used national secrets law. Arrested on Friday, he also faces criminal charges of breach of trust and unauthorized use of a computer. “He would have had at least top-secret clearance and he would have had access to a great deal of sensitive information,” said Wesley Wark, a visiting research professor at the University of Ottawa who studies intelligence and national security. “This has the appearance of a long investigation and the longer these investigations go, the more likely it is that it involved allied partners.” Top Canadian Intelligence Official Charged With Leaking Secrets
- Passport data of 30 million Malindo and Lion Air customers leaked
- Two airlines have confirmed a leak of sensitive passenger data seven days after a cybercrime Twitter channel, named Under The Breach, detected it being shared and sold online. The channel found that two directories of backup files for Malindo Air, Thai Lion Air and Batik Air containing over 30 million records of passport details, addresses and phone numbers had been posted by a hacker on the Dark Web. All three are subsidiaries of Indonesia’s Lion Group. Malindo Air said it was investigating the breach and had notified Malaysian and international authorities.
- Thinkful confirms data breach days after Chegg’s $80M acquisition
- “We recently discovered that an unauthorized party may have gained access to certain Thinkful company credentials so, out of an abundance of caution, we are notifying all of our users,” said Erin Rosenblatt, the company’s vice-president of operations, in an email to users. “As soon as we discovered this unauthorized access, we promptly changed the credentials, took additional steps to enhance the security measures we have in place, and initiated a full investigation,” the executive said. At the time of writing, there has been no public acknowledgement of the breach beyond the email to users. Thinkful, an online education site for developers, has confirmed a data breach, just days after it confirmed it would be acquired.
- Chicago brokerage to pay $1.5 million for cyber attack lapses: U.S. CFTC
- (Reuters) – The U.S. Commodities Futures Trading Commission (CFTC) said on Friday that a Chicago-based futures brokerage will pay a total of $1.5 million for letting cyber criminals breach the firm’s email systems and withdraw $1 million from a customer’s account. Phillip Capital Inc (PCI) neither admitted nor denied the CFTC’s findings or conclusions, the CFTC said in a settlement with the firm. A Phillip Capital representative did not return a call requesting comment. PCI violated U.S. regulations by, among other things, failing to disclose the breach to customers, the CFTC said.