Data Leakage News

An ElasticSearch server that was left open on the Internet without a password has leaked the personal information of nearly 57 million Americans for almost two weeks, ZDNet has learned.

Urban  Massage, a popular massage startup that bills itself as providing “wellness that comes to you,” has leaked its entire customer database, the portal techcrunch.com reports.

The first large fine within Europe has been imposed for violating the EU General Data Protection Regulation (GDPR) in Portugal. Due to irregular access to patient data, the Portuguese hospital has been fined a total sum of EUR 400,000 for two GDPR infringements, the website Omada.net writes.

Security researchers have discovered an unsecured database containing the contact information of more than 9.3 million people, including email addresses, phone numbers, social media data and more, the website IT PRO reports.

The United States Postal Service reportedly patched an API exploit on Wednesday that would allow anyone with a USPS.com account to view other users' account details. The security flaw impacted some 60 million USPS users, The Engadget reports.

On October 25, 2018, the U.S. Attorney for the Northern District of California filed an indictment against four individuals (three of whom were former Genentech employees) alleging theft of trade secrets, computer fraud and abuse, and other crimes.  The indictment alleges that the defendants stole trade secrets related to Genentech’s products Pulmozyme, Rituxan, Herceptin, and Avastin, as well as other trade secrets related to Genentech’s manufacturing processes, the website jdsupra.com reports.

Witness French film production and cinema chain Pathé firing the two-person senior management team for its Amsterdam-based Pathé Theaters BV subsidiary in the Netherlands after the executives fell victim to such a scam, losing €19 million ($21 million), The Bank InfoSecurity writes.

A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more, The TechCrunch reports.

Across a variety of personal data there is also the most sensitive intimate information, such as medical diagnoses, information about income and relationships, and contact details, which can seriously harm people and violate their privacy, often resulting in dramatic incidents or even tragedies.

This is a digest of sensitive personal data leaks, prepared by InfoWatch Analytics Center.

A motor industry employee has been sentenced to six months in prison in the first prosecution to be brought by the Information Commissioner’s Office (ICO) under legislation which carries a potential prison sentence.