A Bouquet of Breaches
A Data Breach From Years Ago Is Still Alive Today
TechCrunch reports that the Irish Council for Civil Liberties published a dossier of evidence detailing how the online ad-targeting industry profiles internet users’ intimate characteristics without their knowledge or consent, piling more pressure on Ireland’s Data Protection Commission, the country’s data watchdog, to take enforcement action over what complainants contend is the “biggest data breach of all time.” Read more about how the two-year-old complaint remains unresolved.
But In More Recent News…
After receiving a tip, security researcher Bob Diachenko determined that Town Sports International, the parent company of New York Sports Clubs and Christi’s Fitness gyms, exposed loads of customer data. As reported in TechCrunch, Diachenko found that about a year ago, Town Sports International left a server containing almost a terabyte of spreadsheets representing years of internal company data, including financial records and personal customer records, unprotected for almost a year!
Also in slightly more recent news is the big Blackbaud breach continues to affect millions of people. More than three dozen Blackbaud-related health data breaches affecting about 6 million individuals had been posted to the Department of Health and Human Services’ HIPAA Breach Reporting Tool website since the company began notifying clients in the healthcare sector and other affected industries – including universities and nonprofit organizations – about the ransomware incident the company discovered in May. The Blackbaud breach shows that managing cloud risk goes beyond one organization. The software security deficiencies of partner or supplier organizations becomes a company’s own problem when they depend upon them for delivering products or services.
And Right Meow…
Hacker News reported that a back-end server associated with Microsoft Bing exposed sensitive data of the search engine’s mobile application users, including search queries, device details, and GPS coordinates, among others. The data leak, discovered by WizCase on September 12, is a massive 6.5TB cache of log files that was left for anyone to access without any password, potentially allowing cybercriminals to leverage the information for carrying out extortion and phishing scams. According to WizCase, the Elastic server is believed to have been password protected until September 10, after which the authentication seems to have been inadvertently removed. In addition, at least two times since July, the server also came under what’s called a “meow attack,” an automated cyberattack that has wiped data from over 14,000 unsecured database instances with no explanation.
DivvyCloud protects your cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges. With automated, real-time remediation, DivvyCloud customers achieve continuous security and compliance, and can fully realize the benefits of cloud and container technology.
The post A Bouquet of Breaches appeared first on DivvyCloud.
*** This is a Security Bloggers Network syndicated blog from DivvyCloud authored by Jamie Gale. Read the original post at: https://divvycloud.com/bouquet-of-breaches/?utm_source=rss&utm_medium=rss&utm_campaign=bouquet-of-breaches