Major American Companies Are Making Basic Data Security Mistakes

Six months after the European Union's General Data Protection Regulation, or GDPR, took effect and threatening global companies with massive fines if they didn't look after customer data properly, new research suggests it's making a difference in Europe — but not so much for U.S. web users.


Personal information of American charity donors, political party supporters, and online shoppers has continued to quietly leak onto the internet as a result of poor website security practices. As many as one in five e-commerce sites in the U.S. are still leaving their customers exposed, New York-based search marketing company Seer Interactive reports.


Using simple Google searches, similar to methods examined by Seer, media giant Bloomberg was able to access sensitive user information from a wide range of randomly chosen U.S. websites.


In one instance, the website of St. Jude Children's Research Hospital had made public the receipt for a donation of hundreds of dollars, including the donor's full name and address, their method and date of payment, and their email. Bloomberg was able to find similar data in PDF format relating to purchases of sporting goods at the Pine Hills Golf Club in Hinckley, which included full names, home addresses and email details, as well as reference numbers for the person's purchase.


This vulnerability can be caused by a number of basic errors, one of which is that if a website lets a user share a transaction on social media — such as to promote a charitable donation — a search engine can see their post, and from there index the original web page, whether the user knows this or not. With no security protection in place, these pages are available to anyone.

more news

Cyberattacks: Preparing For The Inevitable


It is generally accepted that it is when, not if, large organisations will be the target of malicious cyberattacks. The importance of being prepared has been laid out in a blog post Sweat In Peace, Don't Bleed In War, written by Meredydd Hughes, a former UK chief constable with substantial crisis management experience.

read more

Varonis Blog Highlights 110 Cybersecurity Statistics


Cybersecurity company Varonis has issued its predictions for the forthcoming year with a blog post entitled 110 Cybersecurity Statics For 2020. The blog states that cybersecurity issues are becoming a day-to-day struggle for businesses. Recent trends and cybersecurity statistics reveal a huge increase in hacked and breached data from sources that are increasingly common in the workplace, like mobile and IoT devices.

read more

UK To Go On The Cyber Offensive


The UK Government is about to launch a new proactive and offensive cybersecurity team that will wage cyberwarfare against hostile nation-states and online crime organisations. It would be naive to believe that the UK has not launched cyberattacks against third parties, but the killing of Qassem Soleimani has brought this out into the open.

read more

Are You Ready For Iranian Revenge Cyberattacks?


Following the killing of Qassem Suleimani no-one can be sure of what military action Iran will take, but experts agree that its cyberattacks will increase against countries and governments it sees as hostile.

read more