All news with #disclosure tag

Wed, August 31, 2022

Student Loan Servicer Breach Exposes 2.5M Consumer Records

#Breach #Data Leak #Disclosure #PII #Supply-Chain Incident

🔒 Nelnet Servicing, the servicing and portal provider for EdFinancial and the Oklahoma Student Loan Authority, disclosed a breach affecting 2,501,324 account holders. The incident exposed names, home addresses, email addresses, phone numbers and social security numbers, but did not include users' financial account data. Nelnet said its cybersecurity team secured systems, engaged third‑party forensic experts, and offered two years of credit monitoring, credit reports and up to $1 million in identity theft insurance. Security specialists warned the exposed PII could be used in targeted phishing and social‑engineering campaigns tied to student loan forgiveness news.

Thu, August 25, 2022

Mass-Scale Vulnerability in Hikvision Surveillance Cameras

#Command Injection #Data Leak #Disclosure #Exploit Detected #Hikvision #Insecure Defaults #Patch

🔓 Over 80,000 Hikvision surveillance cameras remain vulnerable to an 11-month-old command injection flaw tracked as CVE-2021-36260, which NIST rated 9.8/10. Researchers report evidence of criminal activity in Russian dark-web forums where leaked credentials are being sold and exploitation collaborations are solicited. The persistent exposure underscores systemic IoT weaknesses, widespread use of default credentials, and uneven patching practices that leave organizations and critical infrastructure at risk.

Wed, August 24, 2022

Twitter Whistleblower Alleges Major Security Failures

#Data Retention #Disclosure #Encryption at Rest #Least Privilege #PAM #PII #Regulatory Action #Threat Report

🔍 An 84-page whistleblower complaint from former Twitter head of security Peiter “Mudge” Zatko alleges systemic security and privacy failings at the company, including excessive staff access, unpatched servers, and potential foreign-agent infiltration. Zatko says these issues violate a 2010 FTC order and pose a national security risk. Twitter calls him a disgruntled ex-employee and says many issues are addressed. Congressional inquiries have already begun.

Sat, September 2, 2017

Exposed S3 Bucket Leaked Thousands of TigerSwan Resumes

#AWS S3 #Data Leak #Disclosure #PII #Supply-Chain Incident

🔓 UpGuard discovered an Amazon S3 bucket publicly exposing 9,402 TigerSwan job applications and resumes, many containing sensitive personal details and hundreds of claims of Top Secret/SCI clearances. The repository, last updated in February 2017 and attributed by TigerSwan to a terminated recruiting vendor, included names, addresses, contacts, passport and partial Social Security numbers, and driver’s license data. UpGuard notified TigerSwan in July 2017; after follow-ups the files were secured on August 24, highlighting the risks of cloud misconfiguration and third-party vendor practices.