At approximately 7am PST, the REvil ransomware and extortion gang posted the first collection of data stolen from Medibank on the dark web. The collection included two small files of sample data, screenshots of the group's negotiations with Medibank, and two large compressed files each containing approximately 800k rows of personally identifiable information ..read more

UpGuard can now report an ElasticSearch instance used as data storage for the debt collection system ENCollect has been secured. The server contained data about loans from multiple Indian and African financial services companies that had apparently been sent to ENCollect for collection. The data totalled 5.8GB in storage size and contained a total of 1,686,363 records. Those records included personal information like name, loan amount, date of birth, account number, and more ..read more

UpGuard can now report that a public Google Cloud Storage bucket containing approximately 1.5 terabytes of data used to administer funding programs for college students has been secured. The bucket belonged to SmarterSelect, a company that provides software for managing the application process for scholarships, grants, and awards. The more than 2.8 million files included documents like transcripts, resumes, personal essays, tax returns, and invoices for approximately 1.2 million applications to funding programs ..read more

38 million records were exposed in multiple data leaks resulting from misconfigured Microsoft Power Apps portals. Data included sensitive information such as COVID-19 contact tracing data, COVID-19 vaccination appointments, social security numbers for job applicants, employee IDs, and millions of names and email addresses ..read more

UpGuard can now disclose that an Amazon S3 storage bucket containing publicly exposed backups of systems representing the intranet and web presence for Martin County, Florida has been secured ..read more

The UpGuard Cyber Risk Team has discovered and secured a data exposure of documents appearing to describe GoDaddy infrastructure running in the Amazon AWS cloud, preventing any future exploitation of this information ..read more

Learn how 3.5 million records were exposed by Los Angeles County 211, including names, addresses, and call notes detailing reports of abuse and crisis ..read more

An internet-exposed Puppet master and secret keys left the media empire's cloud assets vulnerable to exploitation ..read more

Thousands of resumes belonging to individuals applying to security firm TigerSwan were found publicly exposed in an AWS S3 bucket ..read more

UpGuard has identified an exposure of Chicago voters' personal information by an electronic voting machine firm ..read more