Breaches and leaks

  • Dow Jones: their "watchlist" was leaked, with information on 2.4 million companies and individuals that are seen as "high-risk". The records were discovered in an unsecured Elasticsearch instance.
  • Apex Human Capital: a payroll software provider, suffered a large ransomware attack that compromised both their live environment and their disaster recovery site. They ended up paying the ransom.
  • SEDC: a cybersecurity company that provides services to over 250 utility companies, stores all their passwords in plain text, and e-mails them to forgetful customers. Maybe not a leak (yet), but my mind was blown enough that I wanted to share it anyway. They say they are fixing it now.
Dieter Van der Stock