In some fields, such as medical data entry, hackers have actually surpassed accidental data disclosure, or data spillage, in terms of responsibility for data lost. However, this is a fairly new trend. By and large, more data has been lost due to accidental leaks than due to cybercrime. Here are some of the more well-known cases in recent memory.
Uber
In late 2015, Uber accidentally dropped the personal data for hundreds of their drivers. The leak included social security numbers, copies of drivers licenses, vehicle registration numbers and much, much more. Even drivers who had never actually taken a job from the service, but simply signed up, saw their taxi certification forms and W-9’s being spread across the internet. 674 drivers in total were affected by the leak.
The good news is that damage was minimal, and the company’s security team took only a half-hour to patch the leak.
Here’s an interesting statistic: In the UK, less than five percent of around 220,000 requests made to Google for the removal of online information come from criminals, politicians or public figures. 95% of the requests for the removal of sensitive information come from private citizens who just want to keep their private information private.
Of course, Google reveals personal data about people all the time simply by nature of being a search engine, why is this a story? Well, the story is that we shouldn’t actually know who’s requesting the removal of their sensitive information, but Google accidentally leaked the intel on their “right to be forgotten” requests. Rather than this information simply vanishing without a trace, Google released information on individuals making these requests.
Menulog
Menulog is an Australian food and beverage ordering service where users can log in and book their meal for delivery. They suffered a major leak just last month wherein customers were able to see what other customers had ordered through their phone app. Users logged in only to see other peoples’ histories and data, rather than their own. In previous newsletters we’ve talked about how hackers aren’t as smart as they seem, that almost anyone can guess passwords until they get it right, well, apparently you can be a hacker completely by accident, too.
Menulog quickly shut down their website and patched the security flaw in their system, but not before the email addresses and names of over one million users had been leaked to the public.
