Breaches and leaks

  • Indian governement: had an unsecured Elasticsearch server showing the locations of 11.000 trains and buses. Sounds like useful information for citizens to me, but apparently it wasn't meant to be open.
  • Oxo International: manufacturer of office supplies and homeware. They disclosed that a Magecart-looking attack has skimmed payment details and personal information from their website between June 2017 and October 2018.
  • Australian Early Warning System: the service was hacked and used to send out a (fortunately innocent) message to subscribers.
  • Singapore Airlines: had a bug in their frequent flyer program. When logging in you could see data belonging to other members.
  • BenefitMall: payroll and HR services company. Had a phishing attack which might have exposed customer information.
  • St Lawrence College: someone sent out phishing e-mails to parents offering a discount on tuition for the next term, if they paid now. Two parents fell for it.
  • Neiman Marcus: no new breach, but the news came out that they are being fined $1.5 million for a credit card breach that occurred in 2013.
Dieter Van der Stock