Security News
Hundreds of databases on Amazon Relational Database Service are exposing personal identifiable information, new findings from Mitiga, a cloud incident response company, show. Amazon RDS is a web service that makes it possible to set up relational databases in the Amazon Web Services cloud.
Australian insurance firm Medibank has confirmed that hackers accessed all of its customers' personal data and a large amount of health claims data during a recent ransomware attack. [...]
This year's survey highlights the critical need for further transparency as consumers say their top priority is for organizations to be more transparent on how they use their personal data. The survey also showed that while, in theory, consumers are supportive of AI, 65% have lost trust in organizations due to their use of AI. This year, 81% of respondents agreed that the way an organization treats personal data is indicative of how it views and respects its customers - the highest percentage since Cisco began tracking it in 2019.
An EU watchdog says rules that allow Europol cops to retain personal data on individuals with no links to criminal activity go against Europe's own data privacy protections, not to mention undermining the regulator's powers and role. The European Data Protection Supervisor has asked Europe's top court to toss out two amendments to the Europol Regulation that took effect on June 28 enabling this data hoarding by the police.
Virtual pet website Neopets has suffered a data breach leading to the theft of source code and a database containing the personal information of over 69 million members. Neopets is a popular website where members can own, raise, and play games with their virtual pets.
In addition to that portal, data was exposed on several other online dashboards provided the state, including: Assault Weapon Registry, Handguns Certified for Sale, Dealer Record of Sale, Firearm Safety Certificate, and Gun Violence Restraining Order dashboards. The Cali DOJ noted that the dashboards and data were available to the public "For less than 24 hours," and the information exposed included names, dates of birth, gender, race, driver license numbers, addresses, and criminal histories.
LockBit ransomware gang promises bounty payment for personal data. In a new twist on the ransomware game, the LockBit cybercrime group has launched a bug bounty program promising money to people willing to share sensitive data that can be exploited in ransomware attacks.
A Japanese contractor working in the city of Amagasaki, near Osaka, reportedly mislaid a USB drive containing personal data on the metropolis's 460,000 residents. It's unknown how good of a time the man had, but he did reportedly end up passing out in the street, Japanese news source NHK reported the company who employed him as saying, elaborating on an incident report from the Amagasaki city government.
People have become much more sensitive about privacy and are more concerned about who has access to their data, but at the same time they are constantly sharing that information online, whether by logging into a website, by posting something on social media, by creating a new account, etc. In this video for Help Net Security, Nong Li, CEO at Okera, explains what it means for average consumers to share data, what this means in regards to trust, and how that data is going to be used.
A privacy rights org this week lost an appeal [PDF] in a case about the sharing of Bulk Personal Datasets by MI5, MI6, and GCHQ with foreign intelligence agencies. The decision means a contested part of a 2018 ruling by the IPT will stand: that safeguards and rules around data collection between 2015 to 2017 by the state agencies meant that sharing that data was legal - "Compatible with article 8 of the European Convention of Human Rights."