#data-breach

#data-breach

Some data breaches make headlines for the number of people affected globally, such as a Facebook scraping incident in 2019 that affected 553 million people worldwide. Then there are breaches that affect a country's entire population or much of it, such as a misconfigured database that exposed almost the entire population of Ecuador in 2019, an insider breach that compromised the information of almost all Israelis in 2006,

The government is unable to calculate the total cost of a secret relocation plan it set up following the Afghan data leak, the public spending watchdog has said. The Ministry of Defence (MoD) estimates the cost of the massive data breach - and setting up a new scheme to relocate those whose lives might be at risk over it - to be 850m. But the National Audit Office (NAO) says the MoD has not provided enough evidence to give it confidence in that figure, which does not include legal expenses, or compensation claims likely to follow.

Because of this breach, someone outside Cloudflare got access to our Salesforce instance, which we use for customer support and internal customer case management, and some of the data it contains,

It examined 11 major UK data breaches between 2008 and 2023, including the Ministry of Defence's (MoD) dangerous email blunder that exposed the details of Afghans who worked with British forces during the conflict with the Taliban, as well as British troops and spies. The others included a similar email mistake made by the Police Service of Northern Ireland, Norfolk and Suffolk police forces, Digital ID, another MoD leak of data to Malian recipients instead of US military (.ml/.mil), and more in the public sector.

We have contacted everyone who received the message and have reported the incident to the Charity Commission, the Information Commissioner's Office and the Solicitor's Regulatory Authority. We will fully comply with any investigations. We understand the significant impact this will have on those affected for which we apologise unreservedly. We remain committed to supporting victims and survivors of Church of England-related abuse to secure the financial redress, therapeutic, spiritual and emotional support, acknowledgement of wrongdoing on the part of the Church, apology and other forms of bespoke redress under this scheme.

The complaint from Charles Borges, the chief data officer at the SSA, alleges that Doge staffers effectively created a live copy of the entire country's social security data from its numerical identification system database. The information is a goldmine for bad actors, the complaint alleges, and was placed on a server without independent oversight that only Doge officials could access.

U.S. Senator Ron Wyden on Monday asked Chief U.S. Supreme Court Justice John Roberts to commission an independent review of the federal judiciary's cybersecurity practices, following a major hack of the court system's electronic case management system. Wyden, a Democrat from Oregon, in a letter to Roberts said the recent breach of the federal judiciary's filing system marked the second time since 2020 it had been hacked by foreign actors exploiting the same cyber vulnerabilities.

US insurance giant Farmers Insurance says more than a million customers had personal data nicked after a third-party vendor was compromised. The insurer, which sells car, home, life, and business cover to more than 10 million Americans, briefly published an advisory on its website confirming the breach before quietly pulling it offline [PDF]. Farmers isn't saying why, but companies sometimes retract notices to tweak wording or to coordinate with regulators.

When she finally got back on to the dating scene, she was wary. She decided to sign up for a new app where women could do background checks and share experiences of men they were dating. Users of the US-based Tea Dating Advice app, which is only available in America, could flag if potential partners were married or registered sex offenders. They could run reverse image searches to check against people using fake identities.

The association between the SIM ID, phone numbers, and real names is worrying and could enable very targeted frauds, such as phishing attacks addressing people by name or to re-associate phone numbers with a real person.

The existence of the exploit was first reported last week by vx-underground, which said it was released by Scattered Lapsus$ Hunters, a new fluid alliance formed by Scattered Spider and ShinyHunters.

We recently identified that Workday had been targeted and threat actors were able to access some information from our third-party CRM platform.

The campaign is one of the most aggressive, large-scale examples of an insider threat, where individuals abuse authorized access to cause harm.

Thousands of Afghans brought to safety in the UK have had their personal data exposed due to a data breach caused by a Ministry of Defence sub-contractor.

A former Afghan interpreter exposed in a catastrophic Ministry of Defence (MoD) data breach has had his offer of relocation to the UK revoked despite waiting for two years in Pakistan.

"We are deeply shocked by this data breach," said Elza den Hertog, chair of the Executive Board. "Participating in the cervical cancer screening program is already stressful enough for many women. And now they are being told that their personal data may have been leaked."

The incident involved unauthorized access to a limited set of data from a Google business Salesforce instance including company names, phone numbers, and internal notes.

Eamon McShane claimed a loss of €1,400 due to a cyber attack related to his work phone. He lost a court challenge over this claim.