Learning Curve: How Personal Data for One Million Individuals Was Exposed

In an incident that calls to mind multiple data breaches in the analytics and influencing industries, the UpGuard Cyber Risk Team can now report that data relating to a number of subsidiaries of Kansas City holding company Blue Chair LLC, such as lead generation company Target Direct Marketing, was left exposed online, revealing personally identifiable information for over one million individuals seeking further information about higher education. Revealed in the repository are personal details for these million individuals, including their names, email addresses, phone numbers, and, in some cases, information such as the person’s high school graduation year and area of study. Also exposed in this leak are what appear to be backups of a set of server configurations for a large network of feeder websites designed to draw consumers toward the for-profit education application process.

Read More

Health Risk: How a Medical Practice Exposed Details for 40,000 Patients

The UpGuard Cyber Risk Team can now confirm that a digital data repository containing records from a Long Island medical practice was left publicly accessible, revealing medical details and personally identifiable information for over forty-two thousand patients. As detailed here and at databreaches.net, this data exposure appears to originate from Cohen Bergman Klepper Romano Mds PC, a Huntington, New York practice specializing in internal medicine and cardiovascular health, revealing such details as patient names, Social Security numbers, dates of birth, phone numbers, insurance information, and more. 

Read More

Blackout: Engineering Firm Exposes Critical Infrastructure Data

The UpGuard Cyber Risk Team has discovered a new data exposure within the systems of Texas-based electrical engineering operator Power Quality Engineering (PQE) , revealing the information of such clients as Dell, the City of Austin, Oracle, and Texas Instruments, among others. Left accessible to the wider internet via a port configured for public access and used for rsync server synchronization, the breach allowed any interested browser to download sensitive electrical infrastructure data compiled in reports by PQE inspectors examining customer facilities.

Read More

What is Cyber Resilience?

Cyber resilience is a fundamental change in understanding and accepting the true relationship between technology and risk. IT risk (or cyber risk, if you prefer) is actually business risk, and always has been. And the cybersecurity industry, for what it's worth, has generally avoided this concept because it goes against the narrative that their respective offerings—whether it's a firewall, IDS, monitoring tool, or otherwise—would be the one-size-fits-all silver bullet that can keep businesses safe. But reality tells a different story.

Read More