Security News > 2021 > March > Engineer reports data leak to nonprofit, hears from the police
A security engineer and ex-contributor to an open systems non-profit organization recently reported a data leak to the organization.
On discovering this GitHub repository which, the engineer says, was public since at least 2019, the engineer privately reported it to Apperta, and got thanked by them.
A little over a week later, a letter arrived from Apperta's lawyers stating that they considered Dyke's actions as "Unlawful" and demanded a written undertaking that any data the engineer had come across was deleted.
In emails seen by BleepingComputer, Dyke further clarified to Apperta's lawyers that the information he came across was being leaked on GitHub publicly for over two years, rather than proprietary data obtained as a part of unlawful hacking activity.
The details gathered by the engineer as a part of the responsible disclosure was done so from openly accessible public URLs published by Apperta on the internet.
The engineer told BleepingComputer he believes the police investigation is linked to the Apperta incident, given that Northumbria Police oversees the jurisdiction where Apperta's offices are located.
News URL
Related news
- Toyota confirms breach after stolen data leaks on hacking forum (source)
- Brain Cipher claims attack on Olympic venue, promises 300 GB data leak (source)
- Thousands of orgs at risk of knowledge base data leaks via ServiceNow misconfigurations (source)
- Tor says it’s "still safe" amid reports of police deanonymizing users (source)
- A data leak and a data breach (source)
- 5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage (source)