Information security analytics

ElasticSearch server exposes 57M US citizen data
An ElasticSearch server that was left open on the Internet without a password has leaked the personal information of nearly 57 million Americans for almost two weeks, ZDNet has learned.
Urban Massage exposes sensitive customer data
Urban  Massage, a popular massage startup that bills itself as providing “wellness that comes to you,” has leaked its entire customer database, the portal reports. The London, U.K.-based startup — now known as just Urban — left its Google-hosted ElasticSearch database online without a password, allowing anyone to read hundreds of thousands of customer and staff records. Anyone who knew where to look could access, edit or delete the database.
Significant GDPR fine of EUR 400K to Portuguese hospital
The first large fine within Europe has been imposed for violating the EU General Data Protection Regulation (GDPR) in Portugal. Due to irregular access to patient data, the Portuguese hospital has been fined a total sum of EUR 400,000 for two GDPR infringements, the website writes.
Data aggregator leaks 9.3m people’s personal information
Security researchers have discovered an unsecured database containing the contact information of more than 9.3 million people, including email addresses, phone numbers, social media data and more, the website IT PRO reports.
USPS patches API flaw that exposed data on 60 million users
The United States Postal Service reportedly patched an API exploit on Wednesday that would allow anyone with a account to view other users' account details. The security flaw impacted some 60 million USPS users, The Engadget reports.
Genentech ex-employees accused of stealing trade secrets
On October 25, 2018, the U.S.
French cinema chain fires executives over fraud and breach
Witness French film production and cinema chain Pathé firing the two-person senior management team for its Amsterdam-based Pathé Theaters BV subsidiary in the Netherlands after the executives fell victim to such a scam, losing €19 million ($21 million), The Bank InfoSecurity writes.
Leaky SMS database exposes sensitive codes
A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more, The TechCrunch reports. The exposed server belongs to Voxox  (formerly Telcentris), a San Diego, Calif.-based communications company. The server wasn’t protected with a password, allowing anyone who knew where to look to peek in and snoop on a near-real-time stream of text messages.
Special Report on Data Breach Penalties
InfoWatch Analytics Center analyzed penalties for violations that caused leaks of personal information and payment details from both government organizations and businesses on a global scale. The research covered cases when breached enterprises were either penalized by information security, financial regulation, and/or other authorities, or subject to decisions by federal or local prosecutor's offices.
Sensitive Information: When Leak Shocks Your Senses
Across a variety of personal data there is also the most sensitive intimate information, such as medical diagnoses, information about income and relationships, and contact details, which can seriously harm people and violate their privacy, often resulting in dramatic incidents or even tragedies. This is a digest of sensitive personal data leaks, prepared by InfoWatch Analytics Center.
l.12-.057c.834-.407 1.663-.812 2.53-1.211a42.414 42.414 0 0 1 3.345-1.374c2.478-.867 5.078-1.427 7.788-1.427 2.715 0 5.318.56 7.786 1.427z" transform="translate(-128 -243)"/>