Cyber breaches abound in 2019

Cyber breaches abound in 2019
https://techcrunch.com/2018/12/26/cyber-breaches-abound-in-2019/

News of high-profile cyber breaches has been uncharacteristically subdued in recent quarters.

Is this a harbinger of a worse hacking landscape in 2019?

The answer is unequivocally yes. No question, cyber breaches have been a gigantic thorn in the global economy for years. But expect them to be even more rampant in this new year 2019 as chronically improving malware will be deployed more aggressively on more fronts. Also  data-driven businesses simultaneously move into the “target zone” of cyber attacks.

On the cybersecurity side, a growing number of experts believe that multi-factor authentication will become the standard for all online businesses.

Here are links to some articles that can hopefully help you to handle your cyber security better:

Cybersecurity 101: Why you need to use a password manager
https://techcrunch.com/2018/12/25/cybersecurity-101-guide-password-manager/

Cybersecurity 101: Five simple security guides for protecting your privacy
https://techcrunch.com/2018/12/26/cybersecurity-101-security-guides-protect-privacy/

622 Comments

  1. Tomi Engdahl says:

    scariest facial recognition company, can’t even keep its own data secure
    Clearview AI has recently attracted criticism from Congress for its cavalier use of facial recognition technology.
    https://www.vox.com/recode/2020/2/26/21154606/clearview-ai-data-breach

    Clearview AI, the controversial and secretive facial recognition company, just experienced its first major data breach — a scary prospect considering the sheer amount and scope of personal information in its database, as well as the fact that access to it is supposed to be restricted to law enforcement agencies.

    Reply
  2. Tomi Engdahl says:

    Rotherwood Healthcare AWS bucket security fail left elderly patients’
    DNR choices freely readable online
    https://www.theregister.co.uk/2020/02/26/rotherwood_healthcare_data_leak_10k_records_aws/
    Plus birth certificates, job interview data and more

    Reply
  3. Tomi Engdahl says:

    T-Mobile customers hit by another data breach exposing a bunch of sensitive information
    https://www.phonearena.com/news/t-mobile-customers-data-breach-personal-information-exposed_id122724

    While T-Mo has no evidence (yet) of any fraud or other misuse of the information contained in this latest data breach, you can never be too safe.

    Reply
  4. Tomi Engdahl says:

    Boots stops customers making purchases with loyalty cards after hackers attack accounts
    https://www.dailymail.co.uk/news/article-8076125/Boots-stops-customers-making-purchases-loyalty-cards-hackers-attack-accounts.html

    Hacker used stolen passwords to attempt to break into Advantage Card account
    This type of cyber attack can be successful is people reuse the same passwords
    High street chemist said none of its systems were compromised in the attack
    The attempted hack affected 140,000 of company’s 14.4million Advantage Card holders

    Reply
  5. Tomi Engdahl says:

    Cathay Pacific Fined: Hackers Had Raided Databases Over Four Years
    https://www.cbronline.com/news/cathay-pacific-fined-data-breach

    Unpatched servers, aging desktops, no passwords…

    The UK’s Information Commissioner’s Office (ICO) has slammed Cathay Pacific for its “basic security inadeqacies” and fined it £500,000 – the maximum under the 1998 Data Protection Act – after the airline leaked the personal data of millions of customers.

    The breaches took place over a four-year period and were not spotted until 2018, before GDPR came into force. As a result Hong Kong-based airline has avoided a multi-million fine of the kind tentatively imposed on BA and the Marriott hotel group in 2019.

    Reply
  6. Tomi Engdahl says:

    Alex Hern / The Guardian:
    UK’s Virgin Media says a marketing database with personal details of ~900K customers, including names and addresses, had been left unsecured since last April — At least one person from outside Virgin Media accessed non-financial details — Almost a million Virgin Media customers …

    Contacts of 1m Virgin Media customers left on unsecured database
    https://www.theguardian.com/media/2020/mar/05/contacts-of-1m-virgin-media-customers-left-on-unsecured-database

    At least one person from outside Virgin Media accessed non-financial details

    Reply
  7. Tomi Engdahl says:

    NordVPN quietly plugged vuln where an HTTP POST request without authentication would return detailed customer data
    Fiddle with some numbers and voila
    https://www.theregister.co.uk/2020/03/06/nordvpn_no_auth_needed_view_user_payments/

    A vulnerability in NordVPN’s payments platform allowed anyone to view users’ payment information and email addresses, a startling HackerOne entry has revealed.

    By simply sending an HTTP POST request without any authentication at all to join.nordvpn.com one could read off users’ email addresses, payment method and URL, currency, amount paid and even which product they bought.

    Reply
  8. Tomi Engdahl says:

    Dutch government loses hard drives with data of 6.9 million registered
    donors
    https://www.zdnet.com/article/dutch-government-loses-hard-drives-with-data-of-6-9-million-registered-donors/
    The Dutch government said it lost two external hard disk storage
    devices that contained the personal data of more than 6.9 million
    organ donors.. The hard drives stored electronic copies of all donor
    forms filed with the Dutch Donor Register between February 1998 to
    June 2010, officials from the Dutch Minister of Health, Wellness, and
    Sport said earlier this week.

    Reply
  9. Tomi Engdahl says:

    Data of millions of eBay and Amazon shoppers exposed
    https://nakedsecurity.sophos.com/2020/03/12/data-of-millions-of-ebay-and-amazon-shoppers-exposed/
    Researchers have discovered another big database containing millions
    of European customer records left unsecured on Amazon Web Services
    (AWS) for anyone to find using a search engine.

    Reply
  10. Tomi Engdahl says:

    Princess Cruises, hobbled by the coronavirus, admits data breach
    https://tcrn.ch/3aYnG0N

    The notice posted on its website, believed to have been posted in early March, said the company detected unauthorized access to a number of its email accounts over a four-month period between April and July 2019, some of which contained personal information on its employees, crew and guests.

    Princess said names, addresses, Social Security numbers and government IDs — such as passport numbers and driver license numbers — may have been accessed, along with financial and health information.

    Reply
  11. Tomi Engdahl says:

    A German military laptop that had been decommissioned and sold on eBay carried — without encryption or even password protection — a user manual for a missile system Germany’s air force still uses.

    https://www.nytimes.com/2020/03/17/world/europe/germany-missile-laptop.html?smid=fb-nytimes&smtyp=cur

    Reply
  12. Tomi Engdahl says:

    Melbourne professor quits after health department pressures her over data breach
    Vanessa Teague reported on a dataset of Medicare and PBS payments that was supposed to be anonymous but wasn’t
    https://www.theguardian.com/australia-news/2020/mar/08/melbourne-professor-quits-after-health-department-pressures-her-over-data-breach

    Reply
  13. Tomi Engdahl says:

    Hackers breach FSB contractor and leak details about IoT hacking project
    https://www.zdnet.com/article/hackers-breach-fsb-contractor-and-leak-details-about-iot-hacking-project/

    Digital Revolution hacker group leaks details about “Fronton” an IoT botnet a contractor was allegedly building for the FSB, Russia’s intelligence agency.

    The group published this week 12 technical documents, diagrams, and code fragments for a project called “Fronton.”

    ZDNet has also seen the documents first hand, along with BBC Russia, who first broke the news earlier this week.

    FRONTON — THE FSB’S IOT BOTNET

    FRONTON TARGETED IOT CAMERAS AND NVRS
    Fronton specs say the botnet should specifically target internet security cameras and digital recorders (NVRs), which they deem ideal for carrying out DDoS attacks.

    “If they transmit video, they have a sufficiently large communication channel to effectively perform DDoS,” the documents read, as cited by BBC Russia.

    Reply
  14. Tomi Engdahl says:

    Beware—This Open Database On Google Cloud ‘Exposes 200 Million Americans’: Are You At Risk?
    https://www.forbes.com/sites/zakdoffman/2020/03/20/stunning-new-google-cloud-breach-hits-200-million-us-citizens-check-here-if-youre-now-at-risk/

    Another day, another breach. A staggering new report from CyberNews, published today (March 20), claims the discovery of an unsecured database “comprising 800 gigabytes of personal user information. This included “more than 200 million detailed user records—putting an astonishing number of people at risk.”

    According to the research team, the database was unsecured and unidentified. As the team continued to search for clues as to its errant owner, “on March 3, 2020, the entirety of the data present on the database was wiped by an unidentified party.”

    The personal identifiable information in the database included names, email addresses, phone numbers and dates of birth. Even more alarmingly, though, the dataset also included credit ratings, mortgage and tax details, even investments, charity donations and personal interests.

    Reply
  15. Tomi Engdahl says:

    Cyber Security firm exposes 5 billion+ login credentials
    https://www.hackread.com/cyber-security-firm-exposes-5-billion-login-credentials/

    The unprotected database was hosted on an Elasticsearch server.
    If you thought “Collections #2-5” was the world’s largest data dump with 2.2 billion accounts think again. On 16th March an Elasticsearch database reportedly owned by the UK-based cyber security firm Keepnet Labs containing over five billion records was exposed online.

    This data mainly comprised of records from several breaches over the past seven years (2012 to 2019) was discovered online with public access by security researcher Bob Diachenko. The researcher was able to identify the owner of the Elasticsearch database by examining the reverse DNS records and SSL certificate.

    records from some very prominent data leaks reported so far, such as, Twitter, Tumblr, Adobe, Vk, LinkedIn, and Last.fm. However, it is worth noting that none of the current records of the company or its customers were exposed, and only data from previously reported breaches were stored in the database.

    Diachenko notified the company about the open-access database and it was taken offline with an hour

    Reply
  16. Tomi Engdahl says:

    Another day another breach..

    Marriott discloses new data breach impacting 5.2 million guests
    https://www.cnet.com/news/marriott-discloses-new-data-breach-impacting-5-point-2-million-guests/

    Marriott International said Tuesday that names, mailing addresses, loyalty account numbers and other personal information of an estimated 5.2 million guests may’ve been exposed in a data breach. This is the second major security incident to hit the hotel group in less than two years. 

    Reply
  17. Tomi Engdahl says:

    Because bragging about being “most secure” only brings embarrassment.

    “World’s most secure online backup” provider exposes 135M records
    https://www.hackread.com/worlds-most-secure-online-backup-provider-exposes-records/

    Now, a Cloud backup provider has leaked a treasure trove of customer data while claiming to be “The World’s Most Secure Online Backup” service provider. – Oh, the irony.

    Going by the name of SOS Online Backup

    Reply
  18. Tomi Engdahl says:

    Millions of Digital Wallets Exposed by Key Ring
    https://www.securityweek.com/millions-digital-wallets-exposed-key-ring

    By Ionut Arghire on April 06, 2020
    Tweet

    The popular digital wallet application Key Ring recently exposed information belonging to millions of its users, vpnMentor reports.

    Key Ring is an application that creates a digital wallet on the user’s phone and allows them to upload scans and photos of membership and loyalty cards, but many also use it to store copies of IDs, driver’s licenses, credit cards, and the like.

    The company was founded in 2009 and claims to have 14 million users that stored 60 million cards last year. The company no longer serves users in the European Union, as it is not compliant with GDPR.

    vpnMentor discovered that a misconfigured Amazon Web Services (AWS) S3 bucket from the company exposed the user uploads. Four other unsecured S3 buckets belonging to Key Ring were also found, each exposing more sensitive data.

    “These unsecured S3 buckets were a goldmine for cybercriminals, making millions of people across North America vulnerable to various forms of attack and fraud,” vpnMentor notes.

    Reply
  19. Tomi Engdahl says:

    Mozilla Patches Two Firefox Vulnerabilities Exploited in Attacks
    https://www.securityweek.com/mozilla-patches-two-firefox-vulnerabilities-exploited-attacks

    Mozilla has released updates for its Firefox web browser to patch two critical use-after-free

    vulnerabilities that have been exploited in attacks.

    One of the flaws, tracked as CVE-2020-6819, has been described as a use-after-free caused by a race

    condition that is triggered in certain conditions when running the nsDocShell destructor. Researchers at

    Tenable have analyzed the patch and they believe the issue exists “due to the mContentViewer not being

    released properly.”

    The second vulnerability, identified as CVE-2020-6820, has been described as a use-after-free caused by a
    race condition triggered by the handling of a ReadableStream.

    Reply
  20. Tomi Engdahl says:

    Email provider got hacked, data of 600,000 users now sold on the dark web
    Italian email provider Email.it confirms security breach.
    https://www.zdnet.com/article/email-provider-got-hacked-data-of-600000-users-now-sold-on-the-dark-web/

    Reply
  21. Tomi Engdahl says:

    Maze ransomware group hacks oil giant; leaks data online
    https://www.hackread.com/maze-ransomware-group-hacks-oil-giant-leaks-data/
    On April 1st, 2020, Berkine became a victim of cyber-attack by the
    notorious Maze ransomware group that is known for its unique
    blackmailing practices.. Berkine is a joint venture of Algerias
    state-owned oil firm Sonatrach and Anadarko Algeria Company, a
    subsidiary of a US-based firm previously known as Anadarko Petroleum
    Corp. and currently Oxy Occidental.

    Reply
  22. Tomi Engdahl says:

    BlackBerry uncovers hacker tools that it says opened data servers for a decade
    https://www.ctvnews.ca/mobile/sci-tech/blackberry-uncovers-hacker-tools-that-it-says-opened-data-servers-for-a-decade-1.4887770

    BlackBerry Ltd. says its researchers have uncovered how China-backed hackers have been able to extract data from many of the world’s servers for a decade — largely without being noticed by cyber security.

    It says the tactics give the hackers the ability to extract information from huge amounts of valuable data from computers using the Linux operating system, which is used on most of the world’s web servers and cloud servers.

    https://www.blackberry.com/us/en/forms/enterprise/mobile-malware-report

    Reply
  23. Tomi Engdahl says:

    Doctors saving lives amid #Coronvirus pandemic are now having their privacy at risk because of cyber criminals.

    Exclusive: Personal data of 1.41m US doctors sold on hacker forum
    https://www.hackread.com/personal-data-us-doctors-sold-hacker-forum/

    Cybercriminals are taking advantage of the Covid19 pandemic. From selling fake Coronvirus vaccines and testing kits to setting up malware-infected fake live maps of the infection, crooks can go to any level to make cheap and quick bucks on hacker forums.

    In the latest, a cybercriminal is selling personal and contact details of 1.41 million doctors based in the United States.

    Reply
  24. Tomi Engdahl says:

    Compromised Zoom Credentials Swapped in Underground Forums
    https://threatpost.com/compromised-zoom-credentials-underground-forums/154616/
    Thousands of compromised Zoom credentials were discovered in
    underground forums as cybercriminals look to tap into the burgeoning
    remote workforce.

    Reply
  25. Tomi Engdahl says:

    San Francisco Intl Airport discloses data breach after hack
    https://www.bleepingcomputer.com/news/security/san-francisco-intl-airport-discloses-data-breach-after-hack/
    San Francisco International Airport (SFO) disclosed a data breach
    after two of its websites, SFOConnect.com and SFOConstruction.com,
    were hacked during March 2020.

    Reply
  26. Tomi Engdahl says:

    Over 500,000 Zoom accounts sold on hacker forums, the dark web
    https://www.bleepingcomputer.com/news/security/over-500-000-zoom-accounts-sold-on-hacker-forums-the-dark-web/
    Over 500 hundred thousand Zoom accounts are being sold on the dark web
    and hacker forums for less than a penny each, and in some cases, given
    away for free.

    Reply
  27. Tomi Engdahl says:

    SCUF Gaming Exposes Data on 1.1 Million Customers
    https://www.securityweek.com/scuf-gaming-exposes-data-11-million-customers

    Video game peripherals maker SCUF Gaming recently exposed to the web a database containing information on more than 1.1 million users.

    The database appears to have been exposed to the Internet for 48 hours before being secured on April 3, but that was enough for a third-party to discover and access it, and also place a note there, claiming that the information was stolen.

    “Your Database is downloaded and backed up on our secured servers. To recover your lost data, Send 0.3 BTC to our BitCoin Address and Contact us by eMail,” the note read, according to Comparitech, the security firm that discovered the exposure.

    Reply
  28. Tomi Engdahl says:

    Security Lapse Exposed Clearview AI Source Code
    https://tech.slashdot.org/story/20/04/16/193259/security-lapse-exposed-clearview-ai-source-code?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29

    Mossab Hussein, chief security officer at Dubai-based cybersecurity firm SpiderSilk, found the repository storing Clearview’s source code. Although the repository was protected with a password, a misconfigured setting allowed anyone to register as a new user to log in to the system storing the code. The repository contained Clearview’s source code, which could be used to compile and run the apps from scratch.

    Security lapse exposed Clearview AI source code
    The code repository had secret keys to cloud buckets storing its apps
    https://techcrunch.com/2020/04/16/clearview-source-code-lapse/

    Since it exploded onto the scene in January after a newspaper exposé, Clearview AI quickly became one of the most elusive, secretive and reviled companies in the tech startup scene.

    The controversial facial recognition startup allows its law enforcement users to take a picture of a person, upload it and match it against its alleged database of 3 billion images, which the company scraped from public social media profiles.

    But for a time, a misconfigured server exposed the company’s internal files, apps and source code for anyone on the internet to find.

    The repository contained Clearview’s source code, which could be used to compile and run the apps from scratch. The repository also stored some of the company’s secret keys and credentials, which granted access to Clearview’s cloud storage buckets. Inside those buckets, Clearview stored copies of its finished Windows, Mac and Android apps, as well as its iOS app, which Apple recently blocked for violating its rules. The storage buckets also contained early, pre-release developer app versions that are typically only for testing, Hussein said.

    Reply
  29. Tomi Engdahl says:

    Data Breach Shows Iranians Use Chat Apps to Spy, Researchers Say
    By Ryan Gallagher
    April 17, 2020, 9:33 AM EDT
    https://www.bloomberg.com/news/articles/2020-04-17/data-breach-shows-iranians-use-chat-apps-to-spy-researchers-say

    ‘Hunting System’ contained data on 42 million chat accounts
    Information on server from users of Telegram and its imitators

    Reply
  30. Tomi Engdahl says:

    267 million Facebook profiles sold for $600 on the dark web
    https://www.bleepingcomputer.com/news/security/267-million-facebook-profiles-sold-for-600-on-the-dark-web/
    Threat actors are selling over 267 million Facebook profiles for £500
    ($623) on dark web sites and hacker forums. While none of these
    records include passwords, they do contain information that could
    allow attackers to perform spear phishing or SMS attacks to steal
    credentials.

    Reply
  31. Tomi Engdahl says:

    Passwords and email addresses for thousands of Zoom accounts are for sale on the dark web
    https://www.nbcnews.com/tech/security/passwords-email-addresses-thousands-zoom-accounts-are-sale-dark-web-n1183796

    Zoom users who reuse the same passwords from other accounts can face an ugly unintended consequence.

    Personal account information including email addresses, passwords and the web addresses for Zoom meetings are both being posted freely and sold for pennies. One dataset for sale on a dark web marketplace, discovered by an independent security firm and verified by NBC News, includes about 530,000 accounts.

    Reply
  32. Tomi Engdahl says:

    Over 267 million Facebook profiles are offered for sale on dark web sites and hacker forums, the dump is offered for £500 ($623) and doesn’t include passwords.
    https://securityaffairs.co/wordpress/101952/deep-web/facebook-profiles-dark-web.html

    Reply
  33. Tomi Engdahl says:

    Bold claim. Is this true?

    WHO, CDC, NIH, World Bank, Wuhan Biolab and Bill Gates Foundation Hacked
    https://counterglobalist.com/bill-gates-foundation-hacked-also-w-h-o-wuhan-lab/

    Hackers looking for the truth behind the novel coronavirus outbreak have allegedly hacked the World Health Organization, the World Bank, the Centers for Disease Control, National Institute of Health, the Wuhan Institute of Virology, the World Bank and the Bill and Melinda Gates Foundation. A set of huge databases containing usernames and passwords has been leaked

    people are taking matters into their own hands.

    COMMENT:

    Found this covered on cybersecmag: An Australian cybersecurity expert says that WHO email leak is from an old hack but there seems to be real login credentials leaked

    https://cybersecuritymag.com/gates-foundation-nih-who-emails-hacked-and-posted-online/

    https://www.washingtonpost.com/technology/2020/04/21/nearly-25000-email-addresses-passwords-allegedly-nih-who-gates-foundation-are-dumped-online/ again it stills says allegedly so whether or not there’s truth to it is for time to tell but here’s something that is from msm

    Reply
  34. Tomi Engdahl says:

    Holy security breach!

    Data Of Nearly 8,000 Small Businesses May Have Been Exposed, SBA Says
    https://www.npr.org/sections/coronavirus-live-updates/2020/04/21/840384036/data-of-nearly-8-000-small-businesses-may-have-been-exposed-sba-says?utm_source=facebook.com&utm_campaign=npr&utm_medium=social&utm_term=nprnews

    As if small businesses didn’t have enough trouble, the Small Business Administration has notified nearly 8,000 businesses that their information may have been exposed to other businesses via the agency’s website.

    The application portal for Economic Injury Disaster Loans is the culprit, as CNBC’s Kate Rogers reported Tuesday.

    Reply
  35. Tomi Engdahl says:

    Nearly 25,000 email addresses and passwords allegedly from NIH, WHO, Gates Foundation and others are dumped online
    https://www.washingtonpost.com/technology/2020/04/21/nearly-25000-email-addresses-passwords-allegedly-nih-who-gates-foundation-are-dumped-online/

    Reply
  36. Tomi Engdahl says:

    SBA Reports Data Breach in Disaster Loan Application Website
    https://www.securityweek.com/sba-reports-data-breach-disaster-loan-application-website

    Thousands of small business owners reeling from the aggressive measures taken to halt the spread of the coronavirus may have had their personal information exposed last month on a government website that handles disaster loan applications.

    The Small Business Administration said Tuesday that the personal information of more than 7,000 business owners applying for economic injury disaster loans was potentially seen by other applicants on the SBA website on March 25.

    The SBA said only the disaster loan program was affected, not the Paycheck Protection Program

    Reply
  37. Tomi Engdahl says:

    Valve Says It’s Safe To Play CS:GO and TF2 After Source Code Leaked Online
    https://games.slashdot.org/story/20/04/23/1742236/valve-says-its-safe-to-play-csgo-and-tf2-after-source-code-leaked-online?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29

    Valve told ZDNet today that it’s safe to play games like Counter-Strike: Global Offensive and Team Fortress 2 even after their source code leaked online this week on 4chan and torrent sites. From a report:
    The leak has caused panic in the two games’ online communities. For most of the day, gamers have been warning each other that hackers may develop exploits based on the leaked source code that may be used to hack computers connecting to CS:GO and TF2 servers. Warnings have been circulating all day on Twitter and on the official /r/counterstrike and /r/tf2 subreddits.

    Valve says it’s safe to play CS:GO and TF2 after source code leaked online
    https://www.zdnet.com/article/valve-says-its-safe-to-play-csgo-and-tf2-after-source-code-leaked-online/

    Old 2017 source code for Counter-Strike: Global Offensive and Team Fortress 2 leaked online today on 4chan.

    Reply
  38. Tomi Engdahl says:

    How to Child-Proof Your Devices and Apps During Lockdown
    https://www.wired.com/story/child-proof-tech-parental-controls-iphone-netflix-hulu/
    Having kids home all the time doesn’t mean they get full run of your
    devices. Here’s how to keep control.

    Reply
  39. Tomi Engdahl says:

    Free online ‘threat blocker’ launched in Canada as successful COVID-19
    scams multiply
    https://www.cbc.ca/news/politics/free-cyber-blocker-cse-1.5542888
    Canadian Internet Registration Authority teamed up with spy agency on
    service to thwart malicious websites. The CIRA Canadian Shield is a
    free new protected DNS service that prevents Canadians from connecting
    to malicious websites that might infect their devices and steal their
    personal information. (Trevor Brine/CBC). Read also:
    https://www.cira.ca/cybersecurity-services/canadian-shield

    Reply
  40. Tomi Engdahl says:

    Nine million logs of Brits’ road journeys spill onto the internet from password-less number-plate camera dashboard
    Democratising mass surveillance, one snafu at a time
    https://www.theregister.co.uk/2020/04/28/anpr_sheffield_council/

    Exclusive In a blunder described as “astonishing and worrying,” Sheffield City Council’s automatic number-plate recognition (ANPR) system exposed to the internet 8.6 million records of road journeys made by thousands of people, The Register can reveal.

    The ANPR camera system’s internal management dashboard could be accessed by simply entering its IP address into a web browser. No login details or authentication of any sort was needed to view and search the live system – which logs where and when vehicles, identified by their number plates, travel through Sheffield’s road network.

    Britain’s Surveillance Camera Commissioner Tony Porter described the security lapse as “both astonishing and worrying,” and demanded a full probe into the snafu.

    Reply
  41. Tomi Engdahl says:

    Home affairs data breach may have exposed personal details of 700,000 migrants
    https://www.theguardian.com/technology/2020/may/03/home-affairs-data-breach-may-have-exposed-personal-details-of-700000-migrants

    Exclusive: Privacy experts say the breach in the SkillsSelect platform, which affects data going back to 2014, was ‘very serious’

    The department’s SkillsSelect platform, hosted by the employment department, invites skilled workers and business people to express an interest in migrating to Australia.

    Expressions of interest are stored for two years and displayed on a publicly available app, advertised on the home affairs website, allowing them to receive invitations for skilled work visas.

    With just two clicks, users of the app can view a range of fields including the applicants’ “ADUserID”, a unique identifier composed of partial name information and numbers.

    Searches by Guardian Australia revealed the public database contained 774,326 unique ADUserIDs and 189,426 completed expressions of interest, searchable as far back as 2014.

    Other information available includes the applicants’ birth country, age, qualifications, marital status and the outcome of the applications.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*