A curated list of the top stories of the week concerning data leaks and digital threats.
By Aaron Mamiit, June 22, 2019, Digital Trends
The National Aeronautics and Space Administration confirmed that its Jet Propulsion Laboratory (JPL) was hacked last year, with the attacker able to steal 500 MB of data related to the space agency’s missions, using a cheap Raspberry Pi computer. The attacker remained undetected for 10 months.
By Cyware Team, June 26, 2019, Cyware
243, 376 Taiwanese civil servants’ information has been compromised and made available on foreign websites. The compromised information includes ID numbers, names, national identification card numbers, agency information, job designations, and the agencies the civil servants work for.
By Catalin Cimpanu, June 20, 2019, ZDNet
Desjardins, Canada’s largest credit union and one of the world’s biggest banks, announced a security breach caused by a former employee. The former employee took the data of 2.9 million members (2.7 million home users and 173,000 businesses and associated contacts) from their database. Only PII was taken from the system, not any e-banking passwords, security questions, account PINs, or credit and debit card numbers.
Florida advertising agency suffers a breach: data about veterans’ combat injuries and other sensitive details leaked
By Lucia Danes, June 23, 2019, 2spyware
xSocial Media, an advertising agency based in Florida, encountered a data breach that exposed databases with details about past advertising campaigns. Hundreds of thousands of users’ details leaked, including information about medical malpractice cases and sensitive information about U.S military veterans’ combat injuries.
By Lindsey O’Donnell, June 27, 2019, ThreatPost
Three publicly-accessible cloud storage buckets from data management company Attunity leaked more than a terabyte of data from its top Fortune 100 customers – including internal business documents, system passwords, and sensitive employee information. Impacted customers whose files were discovered in the exposed datasets include Netflix, TD Bank, and Ford.
By Rohan Pearce, June 27, 2019, ComputerWorld
An Amazon Web Services S3 bucket exposed sensitive data of the apprentice network provider called MGET, including passport scans, visa details, employment agreements, and performance warnings. MEGT itself did not set up the S3 bucket; it appeared to have been employed by a third-party service provider for a migration process involving the group training company.