Mage Data strengthens its data security posture with the ISO 27001 certification. READ MORE >


Retailer database error leaks over one million customer records

  • A database configuration error at a popular automotive retailer led to the exposure of 1TB of records, including customers’ personal information, according to WebsitePlanet.
  • Security researcher Jeremiah Fowler reported the incident to the web-builder site, having traced the records to Philadelphia-based business SimpleTire. The online tire retailer claims to have a network of over 10,000 installers and more than 3000 independent supply points.
  • The SimpleTire database contained over 2.8 million records, including nearly 1.2 million order confirmation PDFs that featured personally identifiable information (PII) such as customer names, phone numbers and billing addresses. Also contained on the order records were partial credit card numbers and expiry dates.


California-based workforce platform leaks drivers licenses and medical records

  • Prosperix, a US-based workforce management platform, has leaked nearly 250,000 files. The breach exposed job seekers’ sensitive data, including home addresses and phone numbers.
  • On May 1st, the Cybernews research team discovered a misconfigured Amazon AWS bucket. The misconfiguration led to the exposure of approximately 250,000 files. 42,000 of them contained the sensitive data of job seekers.
  • According to the researchers, most of these files were employment authorization documents, driving licenses, resumes, filled job application forms, diploma certificates and transcripts. Some of them were medical records – including urine tests and vaccination records.
  • A data leak like this can have many negative consequences for both the company and the affected job seekers.


Idaho hospitals working to resume full operations after cyberattack

  • Two eastern Idaho hospitals and their clinics are working to resume full operations after a cyberattack on their computer systems.
  • Hospital information technology staff identified the attack quickly and immediately acted to limit the impacts and keep all patient information safe and secure, officials said.
  • “Both hospitals remain open and are safely caring for all their patients and the vast majority of clinics are seeing patients as usual,” officials said in a blog post on the Idaho Falls Community Hospital website.


Nine million MCNA Dental customers hit by breach

  • Millions of customers of one of America’s largest dental health insurers have had their personal information compromised after a ransomware breach.
  • A notice published on its website Friday explained that the firm became aware of unauthorized network activity on March 6.
  • The information taken included: first and last name; home and email address; date of birth; phone number; Social Security number; driver’s license/government-issued ID numbers; health insurance information; and bills and insurance claims.
  • Some of this information was not for customers themselves but rather parents, guardians or bill-payers.


Enzo Biochem ransomware attack exposes information of 2.5m individuals

  • Biotechnology company Enzo Biochem has revealed that the clinical test information of roughly 2.47 million individuals was exposed in a recent ransomware attack.
  • On April 11, Enzo Biochem’s investigation revealed that the attackers accessed and exfiltrated certain information from its systems, including names, clinical test information, and, in some cases, Social Security numbers.
  • “The company identified unauthorized access to or acquisition of clinical test information of approximately 2,470,000 individuals. The Social Security numbers of approximately 600,000 of these individuals may also have been involved,” Enzo Biochem notes in the SEC filing.
  • The company says it is investigating whether employee information may have been exposed as well and that it will notify all impacted individuals and regulatory authorities.


Amazon to pay $31m after FTC’s security and privacy allegations

  • The larger of the two civil penalties ($25m) will settle charges that Amazon violated the US Children’s Online Privacy Protection Act Rule (COPPA Rule) and deceived Alexa customers about the smart voice assistant’s data deletion practices.
  • According to a complaint filed by the Department of Justice (DoJ) on behalf of the FTC, Amazon “prominently and repeatedly” assured its users, including parents, that they could delete Alexa voice recordings and geolocation information. However, Amazon actually kept some of this information for years and used it unlawfully to improve the Alexa algorithm, the complaint alleged.
  • “Amazon’s history of misleading parents, keeping children’s recordings indefinitely, and flouting parents’ deletion requests violated COPPA and sacrificed privacy for profits,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection. “COPPA does not allow companies to keep children’s data forever for any reason, and certainly not to train their algorithms.”
  • Separately, Amazon’s Ring business, which it bought in 2018, will pay $5.8m to settle charges that it compromised consumer privacy and failed to implement security best practices. The money will be used for consumer refunds.