#data-breach

#data-breach

While scanning for unsecured databases at the end of September, an ethical security researcher stumbled upon the exposed cache of data and discovered that it was part of a site called DomeWatch. The service is run by the House Democrats and includes videostreams of House floor sessions, calendars of congressional events, and updates on House votes. It also includes a job board and résumé bank.

An unencrypted, non-password-protected database was discovered by Cybersecurity Researcher Jeremiah Fowler. This database contained files from an email marketing platform and held approximately 40 billion records (13 TB). The records appeared to belong to Netcore Cloud Pvt. Ltd (Netcore), an India-based company providing marketing services. Fowler sent a message to Netcore to inform them of the exposure, and the database was restricted the same day.

on the unindexed internet.

A spokesperson for Apple told Business Insider that both apps were removed for not meeting "requirements around content moderation and user privacy, in addition to receiving an excessive number of user complaints and negative reviews - including complaints of minors' personal information being posted in the apps." The spokesperson added that for Apple, the general approach after discovering a violation is to communicate with the app developer to bring the platform up to standard.

The MoD was responsible for the accidental data breach, which took place in February 2022 and is likely to have cost more than £850 million. Evidence of the breach only came to light in July this year after a government superinjunction, imposed in August 2023, was lifted. According to a report [PDF] from the National Audit Office (NAO), the MoD first became aware of the data breach in August 2023 when personal details of ten individuals from the dataset were posted to Facebook.

Anti-fraud nonprofit Cifas was left red-faced after sending out a calendar invite that exposed the email addresses of dozens of individuals working across the fraud space. The invite was sent in August to a session scheduled for October 16 about the organization's JustMe app, which allows individuals to confirm if applications made in their name are genuine. Over a dozen addresses were exposed in the To field, with another 45 in the CC field, according to the message.

On October 16 and 17, the ScatteredLAPSUS$Hunters Telegram channel repeatedly violated Telegram's TOS by leaking personal information on people - and in this case, information on employees of the Department of Justice (DOJ/FBI), U.S. Attorneys Office (DOJ/USAO), the Department of Homeland Security (DHS), and the Federal Aviation Authority (FAA). DataBreaches did not report on it at the time precisely because the files were still exposed. Instead, DataBreaches contacted Telegram to inquire why the channel hadn't been banned again for leaking sensitive information about government employees.

More than 17 million individuals were likely impacted by a data breach at peer-to-peer lending marketplace Prosper, data breach notification service Have I Been Pwned warns.Prosper disclosed the incident last month, noting that hackers accessed its network and stole confidential, proprietary, and personal information from its systems. According to the US-based company, the attackers queried its database containing customer information and applicant data to exfiltrate the information, but did not access user accounts.

In August, the New York State Department of Financial Services reached agreement with Healthplex, Inc., a licensed insurance agent and independent adjuster, to pay a $2 million civil penalty after a hacker executed a phishing attack on an employee's email and gained access to the private health data and sensitive nonpublic information of tens of thousands of Healthplex consumers. Eight years in the making, the final phase of New York's groundbreaking Cybersecurity Regulation Part 500 takes effect Nov. 1.

If you're a current or former AT&T customer, the deadline to file a claim to be part of the $177 million class-action settlement over two major data breaches has been extended. The breaches -- one dating back to 2019 and a second in 2024 -- exposed Social Security numbers, call and text records, names, addresses, dates of birth, and more.

A database was found to be without password protection or encryption, exposing approximately 180,000 records (178,519 files) containing PII and payment data. This database was discovered by Jeremiah Fowler, a Cybersecurity Researcher and was initially reported to Website Planet . In an examination of the exposed files, Fowler identified invoices that contained personally identifiable information (PII). Sensitive data in these invoices included, but was not limited to: These invoices belonged to employees, customers, service providers and partners globally.

The Qantas data, which was stolen from a Salesforce database in a major cyber-attack in June, included customers' email addresses, phone numbers, birth dates and frequent flyer numbers. It did not contain credit card details, financial information or passport details. On Saturday the group marked the data as leaked, writing: Don't be the next headline, should have paid the ransom.

State Rep. Josh Schriver, R-Oxford, who has called porn a scourge and compared it to heroin, introduced legislation in September to ban online pornography statewide. But data reviewed by Metro Times show that an account linked to his personal AOL email address appeared in a data breach from Fling.com, a pornographic dating site that features live web cams and promised users they could find sex and get laid tonight.

Since these attacks took place, specialist Met investigators have been working at pace to identify those responsible. We understand reports of this nature can cause considerable concern, especially to those parents and carers who may be worried about the impact of such an incident on them and their families. We want to reassure the community and anyone affected that this matter continues to be taken extremely seriously.

If you used the ParkMobile app to pay for parking at a meter several years ago, you might be getting a payment as a result of a data breach. Unfortunately, it's probably not an amount you'd expect for the inconvenience of having your data exposed. And while it's a comically low amount, don't spend it all in one place, because, well.... You're literally not allowed to.