Information security analytics

An ElasticSearch server that was left open on the Internet without a password has leaked the personal information of nearly 57 million Americans for almost two weeks, ZDNet has learned.

Urban  Massage, a popular massage startup that bills itself as providing “wellness that comes to you,” has leaked its entire customer database, the portal techcrunch.com reports. The London, U.K.-based startup — now known as just Urban — left its Google-hosted ElasticSearch database online without a password, allowing anyone to read hundreds of thousands of customer and staff records. Anyone who knew where to look could access, edit or delete the database.

The first large fine within Europe has been imposed for violating the EU General Data Protection Regulation (GDPR) in Portugal. Due to irregular access to patient data, the Portuguese hospital has been fined a total sum of EUR 400,000 for two GDPR infringements, the website Omada.net writes.

Security researchers have discovered an unsecured database containing the contact information of more than 9.3 million people, including email addresses, phone numbers, social media data and more, the website IT PRO reports.

The United States Postal Service reportedly patched an API exploit on Wednesday that would allow anyone with a USPS.com account to view other users' account details. The security flaw impacted some 60 million USPS users, The Engadget reports.

On October 25, 2018, the U.S.

Witness French film production and cinema chain Pathé firing the two-person senior management team for its Amsterdam-based Pathé Theaters BV subsidiary in the Netherlands after the executives fell victim to such a scam, losing €19 million ($21 million), The Bank InfoSecurity writes.

A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more, The TechCrunch reports. The exposed server belongs to Voxox  (formerly Telcentris), a San Diego, Calif.-based communications company. The server wasn’t protected with a password, allowing anyone who knew where to look to peek in and snoop on a near-real-time stream of text messages.

InfoWatch Analytics Center analyzed penalties for violations that caused leaks of personal information and payment details from both government organizations and businesses on a global scale. The research covered cases when breached enterprises were either penalized by information security, financial regulation, and/or other authorities, or subject to decisions by federal or local prosecutor's offices.

Across a variety of personal data there is also the most sensitive intimate information, such as medical diagnoses, information about income and relationships, and contact details, which can seriously harm people and violate their privacy, often resulting in dramatic incidents or even tragedies. This is a digest of sensitive personal data leaks, prepared by InfoWatch Analytics Center.