Exposure

FBI Palantir glitch allowed unauthorized access to private data

Ben Feuerherd reports: A computer glitch in a secretive software program used by the FBI allowed some unauthorized employees to access private data for more than a year, prosecutors revealed in a new court filing. The screw-up in the Palantir program — a software created by a sprawling data analytics company co-founded by billionaire...

NL: Data leak at Radboudumc hospital was caused by former employee

This is a Google translation of a story in Dutch: The data breach at Radboudumc in Nijmegen is due to a former employee, the hospital reports in an update . Due to the leak, the data of an unknown number of employees is on the street. The hospital discovered the data breach earlier this month. Names, login names, email addresses...

By Design: How Default Permissions on Microsoft Power Apps Exposed Millions

The UpGuard Team writes: The UpGuard Research team can now disclose multiple data leaks resulting from Microsoft Power Apps portals configured to allow public access – a new vector of data exposure. The types of data varied between portals, including personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, social security numbers for job applicants,...

Chico State Students React to COVID-10 Vaccination Data Breach

Carmela Karcher reports: A data breach at Chico State University exposed the personal information of students who requested COVID-19 vaccination religious exemptions. According to the Associated Press, the information was posted on an anonymous internet message board and leaked records for about 130 students. Read more on CBS12. It’s not clear how this data...

Secret terrorist watchlist with 2 million records exposed online

Ax Sharma reports: A secret terrorist watchlist with 1.9 million records, including classified “no-fly” records was exposed on the internet. The list was left accessible on an Elasticsearch cluster that had no password on it. Read more on BleepingComputer. The government wouldn’t respond to inquiries by BleepingComputer as to whether this was the government’s Terrorist Screening Center list, and...

JP Morgan Chase Bank Admitted Leaking Sensitive Data of its Customers

Ax Sharma reports: Chase Bank has admitted to the presence of a technical bug on its online banking website and app that allowed accidental leakage of customer banking information to other customers. The issue is believed to have lasted between May 24th and July 14th this year, and impacted both online banking and Chase Mobile app customers...

Current and former North Carolina state employees notified of unintended exposure of file on intranet

From the no-need-to-hack-when-it’s-leaking dept., state edition, the North Carolina Department of Information Technology and Office of State Human Resources are notifying  84,860 current or former state agency employees that a file with their name and SSN was uploaded by mistake to a state intranet site accessed by more than 65,000 authenticated users: We are...

Brooklyn Tech students uncovered a NYC schools data breach.

Pooja Salhotra reports: Teachers’ social security numbers, student academic records, and families’ home addresses are among the dozens of pieces of information a group of tech savvy high school students stumbled across on Google Drive this year. The documents — many of which contained confidential information — were leaked because of a quirk in...