Major American Companies Are Making Basic Data Security Mistakes

Six months after the European Union's General Data Protection Regulation, or GDPR, took effect and threatening global companies with massive fines if they didn't look after customer data properly, new research suggests it's making a difference in Europe — but not so much for U.S. web users.


Personal information of American charity donors, political party supporters, and online shoppers has continued to quietly leak onto the internet as a result of poor website security practices. As many as one in five e-commerce sites in the U.S. are still leaving their customers exposed, New York-based search marketing company Seer Interactive reports.


Using simple Google searches, similar to methods examined by Seer, media giant Bloomberg was able to access sensitive user information from a wide range of randomly chosen U.S. websites.


In one instance, the website of St. Jude Children's Research Hospital had made public the receipt for a donation of hundreds of dollars, including the donor's full name and address, their method and date of payment, and their email. Bloomberg was able to find similar data in PDF format relating to purchases of sporting goods at the Pine Hills Golf Club in Hinckley, which included full names, home addresses and email details, as well as reference numbers for the person's purchase.


This vulnerability can be caused by a number of basic errors, one of which is that if a website lets a user share a transaction on social media — such as to promote a charitable donation — a search engine can see their post, and from there index the original web page, whether the user knows this or not. With no security protection in place, these pages are available to anyone.

more news

65000 GDPR Data Breaches In Europe To Date


European privacy authorities have received almost 65,000 data breach notifications since the EU's new privacy law went into full effect. In addition, regulators in 11 European countries have imposed $63 million in General Data Protection Regulation fines.

read more

More than half of British firms 'report cyberattacks in 2019'


The proportion of UK firms reporting a cyberattack has jumped, despite most businesses admitting they are under-prepared for breaches, according to research from Hiscox reported by the BBC. The insurer found 55 per cent had faced an attack in 2019, up from 40 per cent last year.

read more

Sloppy IT Processes Risk Cyberattacks - McAfee


McAfee this week published a report that turns familiar survey findings on their heads by reporting that most cybersecurity breaches are the result of lax IT processes rather than mistakes made by end users.

read more

Cybercrime Soaring Reports MalwareBytes


Cybercrime is accelerating at a worrying rate, reports MalwareBytes in its Q1 2019 report. Every quarter that goes by shows more alarming data as to how much cybercrime activity is going on out there, with organizations and companies being called to face and deal with an increasing amount of threats, coming literally from everywhere.

read more