NEW YORK – New York Attorney General Letitia James today secured $14.2 million from eight car insurance companies for failing to protect the private information of more than 825,000 New Yorkers. The data breaches were part of a hacking campaign that targeted car insurance companies’ quoting tools and stole people’s personal information, including driver’s license...

Source

In a special edition of “No need to hack when it’s leaking,” DataBreaches reports on a software vendor that, despite multiple attempts by multiple parties, continues to expose confidential and sealed court records.  Overview As a matter of policy, DataBreaches does not publish unredacted stolen or leaked data if it would expose personally identifiable or...

Source

Ry Crozier brings us today’s installment of the “No Need to Hack When It’s Leaking” Files The victims of the breach are applicants to the Northern Rivers Resilient Homes Program, under which the government is offering to either buy back flood-prone homes, contribute to the cost of rebuilding, or to improve resilience such as by elevating...

Source

DataBreaches did not mention this publicly sooner because Kido was already under great pressure due to the breach involving children’s personal information and photos.  But now that many people are feeling some relief that the hackers have supposedly deleted all the data and won’t be calling parents any more, DataBreaches can reveal that on Monday,...

Source

From our “No Need to Hack When It’s Leaking” files, a report involving Archer Health, an in-home healthcare provider. Website Planet recently reported a misconfigured bucket that was found by researcher Jeremiah Fowler.  The unencrypted and non-password-protected database reportedly contained approximately 145k files (totaling 23 GB). “In a limited sampling of the exposed files, I...

Source

In May 2024, DataBreaches logged an incident on our worksheets that involved the Columbia University Irving Medical Center in New York. The incident had been reported to HHS as affecting 29,629 patients whose name, medical record number, date of birth, provider name, and laboratory test result had been exposed between Sept. 11, 2023, and March...

Source

Great investigative journalism by Zack Whittaker on TechCrunch. First, he reports: A new app offering to record your phone calls and pay you for the audio so it can sell the data to AI companies is, unbelievably, the No. 2 app in Apple’s U.S. App Store’s Social Networking section. The app, Neon Mobile, pitches itself as...

Source

And if there haven’t been enough recent data incidents involving car manufacturers and their vendors, here’s a leak to give wannabe criminals some additional details that they might be able to use in a phishing or social engineering campaign. WebsitePlanet reports: Cybersecurity Researcher Jeremiah Fowler discovered and reported to Website Planet about an unencrypted and non-password-protected database...

Source

Mikael Thalen reports: An app for anonymously reporting individuals accused of speaking ill against conservative activist Charlie Kirk leaked personal data about its users. The app, known as “Cancel the Hate,” was taken offline on Thursday amid an investigation into the data leak by Straight Arrow News. Launched in the wake of Kirk’s assassination on Sept. 10,...

Source

Today’s entry in our “No Need to Hack When It’s Leaking” files is courtesy of the Brennan Center, which obtained an internal oversight report detailing the two-months-long exposure of federal, state, and local intelligence about Americans. A 2024 internal oversight report from the Office of Intelligence and Analysis of the U.S. Department of Homeland Security...

Source

Tim Sigsworth, Fiona Parker, and Janet Eastham report: The Church of England is investigating claims it breached the personal data of almost 200 abuse survivors. An official is reported to have failed to conceal the contact details of applicants to a compensation scheme in an email. Unredacted names, email addresses and personal data were therefore visible to other recipients,...

Source

Sarah Sinclair reports: A UK medical cannabis clinic is carrying out investigations after a substantial amount of patients’ information was leaked in a major data breach. In an email sent to patients on Monday 18 August, CB1 Medical confirmed it had identified a ‘data security incident’ when patients’ personal details, including prescription information, were found...

Source

For the “No need to hack when it’s leaking” and the “our government is our insider threat” files, Chiara Eisner of NPR reports: Papers with U.S. State Department markings, found Friday morning in the business center of an Alaskan hotel, revealed previously undisclosed and potentially sensitive details about the Aug. 15 meetings between President Donald...

Source

CNN reports: Federal court officials said Thursday that the judicial branch is taking steps to improve online security – including for sensitive case documents – after “escalated cyberattacks” aimed at its case management system. “The federal Judiciary is taking additional steps to strengthen protections for sensitive case documents in response to recent escalated cyberattacks of...

Source

Chatox and Brosix are communications platforms that advertise for personal use and team use. They are owned by Stefan Chekanov. The only statement Chatox makes about its data security is “Chatox employs encryption across all communications, making it an extremely secure communication and collaboration platform.” Brosix Enterprise advertises its security: Brosix provides you with an...

Bright Choomanee reports: A significant private hospital in Thailand has been penalised with a fine of 1.2 million baht after patient paper records were discovered being repurposed as snack bags, as reported by the nation’s data protection authority. This incident was one of five major cases announced on August 1 by the Personal Data Protection Committee (PDPC), which also included penalties for data law...