Yle Uutiset: Public slams Finnish Transport Safety Agency for privacy breach. “Trafi’s database required nothing more than a name to pull up a person’s driving information. The Finnish Transport Safety Agency (Trafi) on Sunday said it had suspended the service while it investigates whether the tool infringes on people’s data privacy and security. The database went public last July.”
Krebs on Security: Jared, Kay Jewelers Parent Fixes Data Leak. “In mid-November 2018, KrebsOnSecurity heard from a Jared customer who found something curious after receiving a receipt via email for a pair of earrings he’d just purchased as a surprise gift for his girlfriend.”
HackenProof: New Data Breach exposes 57 million records. “A massive 73 GB data breach was discovered during a regular security audit of publicly available servers with the Shodan search engine. Prior to this publication, there were at least 3 IPs with the identical Elasticsearch clusters misconfigured for public access. First IP was indexed by Shodan on November 14th, 2018. An open Elasticsearch instance exposed personal info of 56,934,021 US citizens, with information such as first name, last name, employers, job title, email, address, state, zip, phone number, and IP address.”
TechCrunch: Urban Massage exposed a huge customer database, including sensitive comments on its creepy clients. “Urban Massage, a popular massage startup that bills itself as providing ‘wellness that comes to you,’ has leaked its entire customer database. The London, U.K.-based startup — now known as just Urban — left its Google-hosted ElasticSearch database online without a password, allowing anyone to read hundreds of thousands of customer and staff records. Anyone who knew where to look could access, edit or delete the database.” The headline makes it sound like all massage clients might be creepy, but in fact there were clients who were problematic and those were the ones commented on.
ZDNet: Brazil’s largest professional association suffers massive data leak. “Brazil’s Federation of Industries of the State of São Paulo (FIESP) is being accused of exposing millions of personal data records from three of its databases online. FIESP represents about 130 thousand companies and is the largest class entity in the Brazilian industrial sector. The records leaked included names, ID and social security numbers, as well as full addresses, emails and telephone numbers.”
Slashgear: Hospitals, insurance companies leak more health data than hackers. “Hospitals, insurance firms, physician offices, and similar companies leak more personal health data than hackers, a new study has revealed. According to researchers with two major US universities, more than half of personal health data breaches resulted from problems with the medical providers themselves rather than an external force, such as hackers.”
The Baltic Course: 120 gigabytes documents leaked out of SRS database in Latvia. “The Latvian State Television (LTV) news magazine show “De facto” reported last night about the leak of 7.4 million documents (120 gigabytes) from the State Revenue Service’s (SRS) electronic declaration system (EDS).”