A total of 18 breaches were found and analysed resulting in 4,228,354 leaked accounts containing a total of 20 different data types. The breaches found publicly and freely available included Synevo, Helix, Zurich Insurance - Japan, Over Clock Zone and Agence Emploi Jeunes. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

An artificial intelligence driven sports analysis company recently had a section of its SQL database leaked online. Founded in 2014, their paid service for professional athletes aims to improve techniques and develop personalised training. The software monitors footage of athletes when training or competing and then offers advice on things like their stance and posture. This type of data breach is a prime choice for scammers and threat actors who will undoubtedly add it to their collection for defrauding or identity theft.

The Montclair Township in New Jersey suffered a ransomware attack several days ago has paid the ransom. The township’s insurer, The Garden State Joint Insurance Fund, negotiated a settlement of $450,000 with the attackers, suspiciously it is not clear how much of a 'discount' was negotiated. Ransomware groups have continued to target local governments across the United States in 2023, bringing down systems in municipalities in California, Texas, South Carolina, Oregon, Georgia and more.

A central school district in New York has had a full list of their pupils and staff posted online with their school email addresses. The Data breach happened last month with the motive for attack seemingly to have come from a request to 'Dox' one of the victims at the district.

VULNERABILITY CHAT

A group of security researchers have uncovered a vulnerability in the points.com API. It is claimed the vulnerability could be exploited to expose personal information and steal customers precious points, miles or any form of loyalty currency. The platform from Points is used to build loyalty programs from Delta Airlines, United Airlines, Hilton and Marriott Hotels to name a few.

Papercut, the print management software has had another high severity flaw exposed (CVE-2023-39143). The vulnerability could result in remote code execution under specific circumstances. Tenable, an exposure management company, has been credited with discovering and reporting the issue.

The CEO of Tenable published a damning attack on Microsoft via LinkedIn, following their discovery of an issue that enables "limited, unauthorised access to cross-tenant applications and sensitive data" for companies using Azure AD. It has been reported Microsoft waited months to respond prior to the post being published. Microsoft have now confirmed the vulnerability has been resolved fully.

INFORMATION PRIVACY HEADLINES

Meta has announced that is intends to offer Europeans a free choice to deny its ad target tracking but will not ask UK users for consent to their surveillance. In what feels like a potentially embarrassing moment for the ICO, they have responded commenting with 'paying close attention' and 'assessing what this means for right of people in the UK.'

Digital rights group, Open Rights Group, are raising concerns of an individuals control and access to their data, namely that the new post Brexit bill favours big businesses and "shady" technology companies. The bill is changing wording on which requests for personal data can be refused, from "manifestly unfounded or excessive" to "vexatious or excessive" - likely leading to a lower threshold for refusal.

If you're from the UK, that's a potential no 'opt out' option from surveillance with the surveilling company refusing to tell you what they hold about you and how they use that data!