“Passenger data was not impacted,” said company spokesperson Andrea Koos. In a statement, American Airlines said its version of the misconfiguration affected “business contact information pertaining to corporate travel managers.” A spokesperson for the state of Indiana declined to comment beyond a press release issued by state health officials disclosing the leak. Hunt didn’t immediately respond to a request for comment. Hunt, the state government of Indiana and Microsoft itself. Other organizations cited in UpGuard’s report include the freight giant J.B. “That’s what made so many organizations vulnerable to this potential problem,” Rethmeyer said, adding that “for the most part, our experience was people were very amenable to wanting to get on top of this quickly and correct it, and nobody was aware this was a potential security concern.” Because the issue had not been previously identified, it was not something most organizations knew to look for in their existing security audits, said Kelly Rethmeyer, a spokesperson for UpGuard. The company told CNN that there may well have been more organizations that it did not find out about. The company has since altered the software’s security settings so that it is more restrictive by default for some users.Īt least 47 organizations had been unknowingly exposing their information due to the misconfiguration, UpGuard said in a report published Monday summarizing its work. “We take security and privacy seriously, and we encourage our customers to use best practices when configuring products in ways that best meet their privacy needs,” a Microsoft spokesperson said in a statement. Microsoft told CNN that only a small number of its customers had configured their systems in a way that allowed data to be accessed by unauthorized viewers. Several of the impacted organizations contacted by CNN Business, including American Airlines, the Maryland health agency, the MTA and New York’s Department of Education, confirmed that their systems have been secured and that there is no indication their data was improperly accessed. T-Mobile says data breach affects more than 40 million people shopping bag after leaving a retail store in Torrance, California, U.S., on Monday, Nov. It is unclear which federal agencies may have been affected by the issue.Ī customer carries a T-Mobile US Inc. “There was no breach of sensitive personal information.” “When we learned about the issue, we acted quickly to assess the risk (low) and close the gap,” Ford spokesman T.R. In the case of Ford Motor Co., UpGuard said, lists of loaner vehicles distributed to dealerships had also been exposed. But while the information was unsecured, names, Social Security numbers, phone numbers, dates of birth, demographic information, addresses and even dates of employer drug tests and union membership data were available to anyone with the know-how and inclination to look, said UpGuard. The data leak, which affected American Airlines, Maryland’s health department and New York’s Metropolitan Transportation Authority, among others, led to the exposure of at least 38 million records, including employee information as well as data related to Covid-19 vaccinations, contact tracing and testing appointments, according to UpGuard, the cybersecurity firm that uncovered the issue.Īfter UpGuard privately notified Microsoft and the affected organizations, the leaks were plugged and the ability to access the information removed. Dozens of major companies, state and federal agencies and other organizations that misconfigured a setting in their Microsoft software inadvertently exposed millions of people’s personal information to the public internet for months, according to security researchers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |