500k Irish National Police records exposed by third party The Register

A third-party contractor running a database without password protection exposed more than 500,000 records related to vehicle seizures by the Irish National Police. Security researcher Jeremiah Fowler found various records dating back to 2017 including scanned identity documents, insurance investigation inquiries, certificates of vehicle registration, and other potentially sensitive data. Incident summary reports were also among the documents exposed. These included names and details of drivers, witnesses, and multiple Garda officers. Fowler's investigation revealed "Approximately 2 to 5 documents related to each individual case" exposed on the database, an insight he extrapolated to predict around 150,000 vehicle owners being affected by the incident. The vehicle seizures were carried out by the Garda, but the database is entirely owned and operated by an unnamed, Limerick-based contractor, which was reportedly highly responsive to reports and remediated the issue promptly. "Under An Garda Síochána's contract with individual towing companies, there are clear obligations on individual towing companies to protect any information supplied to them by An Garda Síochána including personal data," the spokesperson told the publication. "This obligation also extends to situations where individual towing companies provide this information to a third party for storage purposes." During the disclosure process, Fowler told The Register that he wasn't privy to whether there was evidence to suggest malicious actors had accessed the database or exfiltrated data. He believes the access to the public cloud storage repository could have been set to "Public" in error, since access needed to be open to multiple organizations, including the police and towing and storage companies. "These documents are needed for the towing and storage companies and the police to have access at any time, and this could have been where the mistake occurred and public access was opened," he said. The latest revelation follows a long line of stories related to various police forces in the UK all reporting data incidents in recent months. It all started with the Police Service of Northern Ireland posting a spreadsheet full of names and locations of its serving officers back in August, as well as civilian staff members. The incident occurred due to the PSNI mistakenly posting online a response to a request made under the Freedom of Information Act 2000 with too much information. Speaking at the time, the Chair of the Police Federation for Northern Ireland, Liam Kelly, said that if home addresses had been included in the leak, the PSNI would have faced "a potentially calamitous situation." Days later, Cumbria Constabulary became the second police force in the country to disclose officers' personal information. The force confirmed in a statement that human error was to blame when the document was uploaded to its website in March. Again, just days later in what was a wild fortnight for police data leaks, Norfolk and Suffolk police forces confirmed they had leaked raw crime report data in FoI responses. London's Met Police followed suit later in August, disclosing that a third-party breach exposed officers' names, photos, salaries, and more. Greater Manchester Police also announced in September that a third-party supplier of ID badges had been attacked with ransomware, which then led to theft of data relating to the names and photos of its officers.

This Cyber News was published on www.theregister.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to 500k Irish National Police records exposed by third party The Register

500k Irish National Police records exposed by third party The Register - A third-party contractor running a database without password protection exposed more than 500,000 records related to vehicle seizures by the Irish National Police. Security researcher Jeremiah Fowler found various records dating back to 2017 ...
1 year ago Theregister.com
What is Proposition E and Why Should San Francisco Voters Oppose It? - In addition to removing certain police oversight authority from the Police Commission and expanding the circumstances under which police may conduct high-speed vehicle chases, Proposition E would also amend existing laws passed in 2019 to protect San ...
10 months ago Eff.org
Electronic Frontier Foundation - We're not just talking about the ballot box, but the everyday power we all have to demand government agencies make their records and data available to public scrutiny. At every level of government in the United States, there are laws that empower the ...
9 months ago Eff.org
San Francisco Police's Live Surveillance Yields Almost 200 Hours of Spying-Including of Music Festivals - A new report reveals that in just three months, from July 1 to September 30, 2023, the San Francisco Police Department racked up 193 hours and 19 minutes of live access to non-city surveillance cameras. That means for the equivalent of 8 days, police ...
10 months ago Eff.org
Threatening Emails Rattle Bengal Schools: Police Pursue Latvia Lead - In a statement announced Tuesday, the Kolkata Police said that more than 20 schools across the city have been threatened with bombs, which have been later revealed as hoaxes. According to the sender, bombs had been placed in numerous classrooms ...
8 months ago Cysecurity.news
Victory! Police Drone Footage is Not Categorically Exempt From California's Public Records Law - Video footage captured by police drones sent in response to 911 calls cannot be kept entirely secret from the public, a California appellate court ruled last week. The police department is the first law enforcement agency in the country to use drones ...
11 months ago Eff.org
Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates - U.S. and U.K. authorities have seized the darknet websites run by LockBit, a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ...
10 months ago Krebsonsecurity.com
Dutch police breached by a state actor - “The police have been informed by the intelligence services that it is very likely a ‘state actor’, in other words: another country or perpetrators on behalf of another country.” reads the update on the data breach published ...
2 months ago Securityaffairs.com
Data Breaches in US Schools Exposed 37.6M Records - Since 2005, educational institutions in the United States have experienced 3713 data breaches, impacting over 37.6m records. According to new data by Comparitech, 2023 marked a record year, with 954 breaches recorded - a dramatic rise from 139 in ...
7 months ago Infosecurity-magazine.com
Intellexa: Irish-linked spyware used in 'brazen attacks' - The Irish government is set to investigate a digital surveillance alliance that has been accused of letting its smartphone spyware "Run wild across the world", BBC News NI understands. It comes after Intellexa Limited and its parent company ...
1 year ago Bbc.com
Data breach debacle hits yet another UK public sector org The Register - More than 22,000 patients of Cambridge University Hospitals NHS Foundation Trust were hit by data leaks that took place between 2020 and 2021. In both cases, it was an own goal when the org handed over the data itself while responding to requests ...
1 year ago Go.theregister.com
Human cost of PSNI data breach laid bare in official review The Register - An official review of the Police Service of Northern Ireland's August data breach has revealed the full extent of the impact on staff. The review lays bare the broad impact on staff in Northern Ireland, detailing how various officers have been forced ...
1 year ago Packetstormsecurity.com
Human cost of PSNI data breach laid bare in official review The Register - An official review of the Police Service of Northern Ireland's August data breach has revealed the full extent of the impact on staff. The review lays bare the broad impact on staff in Northern Ireland, detailing how various officers have been forced ...
1 year ago Go.theregister.com
ProcessUnity Introduces Industry's All-In-One Third-Party Risk Management Platform - PRESS RELEASE. BOSTON-(BUSINESS WIRE)- ProcessUnity, provider of comprehensive end-to-end third-party risk management and cybersecurity solutions to leading enterprises, today announced the completed integration of the Global Risk Exchange. The newly ...
10 months ago Darkreading.com
Surge of swatting attacks targets corporate executives and board members - At around 8:45 pm on February 1, 2023, a caller to the Groveland, Massachusetts, 911 emergency line told dispatchers that he harmed someone in a home on Marjorie Street in the upscale small town 34 miles north of Boston. The caller also said he would ...
1 year ago Csoonline.com
Here Are the Secret Locations of ShotSpotter Gunfire Sensors - Just because officers don't find evidence of gunfire, they say, doesn't mean it didn't happen. While SoundThinking says its alerts are reviewed by its Incident Review Center before being sent to the police, in Pasadena, officers who investigated ...
9 months ago Wired.com
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago
Check if you're in Google Chrome's third-party cookie phaseout test - Google has started testing the phasing out of third-party cookies on Chrome, affecting about 1% of its users or approximately 30 million people. Learn how to check if you are part of the initial test. Third-party cookies, which track users' browsing ...
10 months ago Bleepingcomputer.com
Drone As First Responder Programs Are Swarming Across the United States - Police DFR programs involve a fleet of drones, which can range in number from four or five to hundreds. In response to 911 calls and other law enforcement calls for service, a camera-equipped drone is launched from a regular base to get to the ...
5 months ago Eff.org
A Plan to Protect Critical Infrastructure from 21st Century Threats - On April 30th, the White House released National Security Memorandum-22 on Critical Infrastructure Security and Resilience, which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and ...
6 months ago Cisa.gov
Kelvin Security hacking group leader arrested in Spain - The Spanish police have arrested one of the alleged leaders of the 'Kelvin Security' hacking group, which is believed to be responsible for 300 cyberattacks against organizations in 90 countries since 2020. News of the arrest of a leader of the ...
1 year ago Bleepingcomputer.com
EFF adds surveillance hub so Americans can check spying The Register - For a country that prides itself on being free, America does seem to have an awful lot of spying going on, as the new Street Surveillance Hub from the Electronic Frontier Foundation shows. The Hub contains detailed breakdowns of the type of ...
10 months ago Go.theregister.com
What Are the Cybersecurity Threats When Allowing Third-Party Cookies on Mac? - Let's explore the dangers of allowing third-party cookies on a Mac. Let's learn what third-party cookies are. Third-party cookies are small files that websites use to track your activity. These cookies can follow you across multiple sites, gathering ...
5 months ago Securityboulevard.com
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
6 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
6 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)