Jan 102019

CBS DFW reports:

A woman in Mansfield got a call from a man who said he found her personal information in a dumpster.

The documents were found in a Mansfield industrial office complex about ten miles from the Liberty Tax Alta Mesa office in Fort Worth where they were filed.

The files included bank account information, social security numbers, addresses and drivers license numbers.

Read more on CBS.

Jan 102019

Catalin Cimpanu reports on another exposed MongoDB installation found by Bob Diachenko of Hacken Proof:

The MongoDB instance contained 854GB of data, with 202,730,434 records in total, most of which were CVs for Chinese users.

The resumes contained all the sensitive details you might expect to find on a CV, such as full names, home addresses, phone numbers, emails, marital status, number of children, political affiliations, body measurements like height and weight, literacy level, salary expectations, education, past jobs, and more.

Read more on ZDNet. This is yet another one of the all-too-many situations in which researchers have to go above and beyond to try to figure out who to notify to get a database secured.

Jan 102019

Yuvraj Malik reports:

A month after its global e-commerce site faced a technical glitch that left exposed user data, Amazon has suffered a similar malfunction this time to its India platform.

Sources in know of the situation said that a glitch was reported internally last week that exposed some sellers’ private financial information to other users. Sellers downloading their monthly financial reports (data of their sales through Amazon.in) were served with those of other vendors, leading to a breach of competitive businesses data.

Amazon India confirmed the incident and said that as soon as the breach came to its notice, technical teams were pressed into action to resolve the issue.

Read more on Business Standard.

Jan 092019

KXnet reports:

Mandan School Administrators are working hard to recover from an accidental information leak that happened at the school just yesterday.

Mandan High School’s administrative office sent an email containing names of all 1,024 students, addresses, phone numbers, PowerSchool ID’s, Department of Public Instruction State ID’s, student schedules and locker combinations.

They had intended to send each student’s second semester schedule.

Read more on KXnet.com.

Jan 082019

Jane Cheung reports:

TransUnion has been forced to apologize again after it was discovered that unauthorized people could gain access to mortgage information on its website.

Despite the apology, it refused to admit that any data leak had occurred, and said it has suspended the online search function and is improving security measures.

Neona Wang, the credit report agency’s chief executive, made the apology during the Legislative Council’s financial affairs panel meeting yesterday, where she was grilled.

In a paper submitted by the agency, it classified the incident as an individual purposely disguised as another to obtain personal information from its system.

Read more on The Standard (HK)