Month: July 2023

German news outlets Der Spiegel and Der Standard reported on July 17, 2023, that online malware scanning service VirusTotal leaked data of over 5,600 registered customers.

“On June 29, an employee accidentally uploaded a CSV file to the VirusTotal platform. This CSV file contained limited information of our Premium account customers, specifically the names of companies, the associated VirusTotal group names, and the email addresses of group administrators,” said VirusTotal. “We removed the file, which was only accessible to partners and corporate clients, from our platform within one hour of its posting.”

The 313KB leaked file contained details of accounts associated with official U.S. entities, including the US Cyber Command, Department of Justice, Federal Bureau of Investigation (FBI), and the National Security Agency (NSA). The file also included accounts linked to government agencies in Germany, the Netherlands, Taiwan, and the United Kingdom.

The leaked file was only accessible to VirusTotal partners and cybersecurity analysts with a Premium account with the platform. It wasn’t acceesible to anonymous or free accounts.

Read more about it here.

US healthcare giant HCA Healthcare announced that about 11 million patients’ data has been stolen and was posted on an online forum. In an announcement made on July 10, 1023 on its web site, HCA Healthcare said that stolen data included Patient name, city, state, and zip code; Patient email, telephone number, date of birth, gender; and Patient service date, location and next appointment date. The company further confirmed that the data didn’t include client health information, payment information such as credit cards or account numbers, or personal information, such as passwords, driver’s license or social security numbers.

It’s not clear how the data was stolen. The company said the data theft was from “an external storage location exclusively used to automate the formatting of email messages.” The company disabled user access to the storage location as an immediate containment measure and plans to contact any impacted patients to provide additional information and support.

HCA Healthcare operates 182 hospitals and over 2,300 sites of care in 20 US states and the United Kingdom, employing 290,000 people.

Read more about it here.

Researcher Viktor Markopoulos discovered a Bangladeshi government website the leaks the personal information of millions of Bangladesh citizens. He discovered this on June 27, 2023, and shortly after contacted the Bangladeshi e-Government Computer Incident Response Team (CIRT). The leak includes full names, phone numbers, email addresses and national ID numbers of about 50 millions of Bangladeshi citizens.

“It just appeared as a Google result and I wasn’t even intending on finding it. I was Googling an SQL error and it just popped up as the second result,” he told TechCrunch.

In response, the Bangladeshi government on July 9, 2023 took down citizens’ sensitive data that it had left exposed online.

Read more about it here.