Tech support scam caused massive data breach at Australian airline Qantas
It’s possible to leak PII describing 5.7 million people without breaching privacy rules
PII covers information that identifies people, making its collection, storage, and disclosure central to privacy protection and breach response.
Search across headline titles and summaries.
Background for this topic.
PII (personally identifiable information) is information that identifies a person directly or can do so when combined with other data. Direct identifiers include names, government identification numbers, passport details, and email addresses; indirect identifiers can include birth dates, precise location, or unique account attributes. The term is used broadly in security, but its legal scope varies: laws and regulations may use different definitions, such as “personal data” under the GDPR or protected health information under HIPAA.
PII is a high-value target because unauthorized access or disclosure can enable identity fraud, targeted phishing, or privacy harm. It may be exposed through compromised applications, cloud storage, logs, endpoints, or third parties. Practitioners should inventory and classify it, collect and retain only what is needed, restrict access, and protect it with encryption or tokenization where appropriate. Monitoring and tested procedures for investigating exposure are important, while retention, deletion, and notification duties depend on the applicable jurisdiction and sector.
Weekly headline count for the current query.
It’s possible to leak PII describing 5.7 million people without breaching privacy rules
Lidl disclosed a third-party data breach affecting online shop customers in Germany, Belgium, and the Netherlands. Payment data was not exposed. Lidl contacted customers of its online shop in Germany, Belgium, and the Netherlands last week to inform them that their personal data had been stolen in an attack on an external IT service provider. […]
German discount supermarket chain Lidl notified customers in Germany, Belgium, and the Netherlands that attackers stole their personal information in a breach at a service provider. [...]
Hackers stole data from 4.38 million Aflac Japan customers after accessing its systems for 10 days before the breach was detected. Aflac Japan disclosed that hackers stole the personal information of 4.38 million customers and agents after gaining access to its systems between June 15 and June 25. Attackers stole data from the company policyholder […]
WhatsApp will introduce usernames later this year, letting its 3 billion users connect without sharing phone numbers. WhatsApp has over three billion users, and it’s finally letting them talk to each other without exchanging phone numbers. The company announced this week that usernames are coming later this year, and reservations are open now. The problem […]
WhatsApp is finally allowing users to reserve usernames, a privacy feature that lets them hide their phone numbers from people not in their contact list. [...]
WhatsApp on Monday officially announced the start of global reservations of usernames with an aim to protect the privacy of more than three billion users on the messaging platform
Investigators Found Months of Unchecked Database Scraping ActivitySouth Korea's privacy regulator fined Coupang a record 624.7 billion won after concluding that weak authentication controls, insider access abuse, evidence destruction and unauthorized data collection contributed to the exposure of personal information belonging to 33.7 million people.
Novo Nordisk suffered a cyberattack where clinical trial data was copied. The breach is confirmed, but no threat actor has claimed responsibility. The Danish pharmaceutical giant Novo Nordisk disclosed a cybersecurity breach that resulted in unauthorized access to internal IT systems and the theft of personal data. The company sells some of the most in-demand […]
The ShinyHunters extortion gang stole personal information from more than 137,000 school staff accounts in a Salesforce data theft attack that targeted the widely used Infinite Campus K-12 student information system in March. [...]
The Personal Information Protection Commission (PIPC), South Korea's data protection regulator, has fined e-commerce giant Coupang a record 624.6 billion won (roughly $409 million) following a massive data breach affecting more than 37 million customers [...]
California Attorney General Rob Bonta filed a lawsuit against 23andMe, now Chrome Holding Co., over the company's failure to protect sensitive customer genetic and personal information. [...]
A North Carolina man was sentenced to more than 10 years in prison for selling the personal information of over 7 million elderly Americans to Jamaican scammers. [...]
The ShinyHunters extortion gang stole personal information from 4.9 million accounts after hacking the U.S. telecom giant Charter Communications in early April, according to data breach notification service Have I Been Pwned. [...]
Carnival disclosed a data breach affecting nearly 6 million people after hackers used social engineering to access employee accounts. Carnival Corporation is notifying nearly 6 million people after a data breach exposed personal information. According to the notification shared with the Maine Attorney General’s Office, the total number of persons affected is 5,995,277. The company said […]
The ShinyHunters extortion gang stole the personal information of over 183,000 people after hacking the systems of convenience store chain giant 7-Eleven in April, according to data breach notification service Have I Been Pwned. [...]
Grafana has disclosed that an "unauthorized party" obtained a token that granted them the ability to access the company's GitHub environment and download its codebase
'Have I Been Pwned' Founder Troy Hunt Reviews Impact on People and OrganizationsThe volume of data breaches that result in stolen personal data being leaked online has been surging, "courtesy of the ShinyHunters," and while it affects individuals, the organizations being extorted are bearing the brunt of such attacks, said Troy Hunt, founder and CEO of Have I Been Pwned.
Hackers Constantly Break 'Confirmation of Data Destruction' PromisesWhen a business that stores children's personal data gets hit by data-leaking extortionists, what should it do? For Instructure, which develops online learning platform Canvas, the answer was to pay a ransom, and tell victims, straight-faced, to have "digital confirmation of data destruction."
The Information Commissioner's Office has fined South Staffordshire Water Plc and parent company South Staffordshire Plc £963,900 ($1.3 million) over a cyberattack that exposed the personal data of 663,887 customers and employees. [...]