Estée Lauder could have exposed 440 million records due to a database leak

Phishing and unprotected databases have become reasons for serious leakage this week.

Altice, an American cable television provider, turned to be the major phishing scam's target. Almost 12 000 people – there were mostly current employees, but also some of their former colleagues and clients, – got their personal data compromised. The breached data included Social Security numbers, birth dates and more. Unauthorised third party accessed corporate email account credentials which were used for downloading the email attachments. The reports enclosed in mailboxes contained employee personal information.

Read more about personal data protection

JailCore, an app for correctional facilities management and prisoners’ activities and medical information monitoring, exposed data belonging to inmates and facilities employees stored in a misconfigured Amazon bucket.

All records comprising notes on inmates’ behavior, medication, their names and mugshots as well as officers’ details including their names, signatures and reports based on observation of arrestees are managed by JailCore and some part of personally identifiable information appeared to be available.

The incident has already raised question about inmates’ rights and the level of their personal data protection.

Another data breach due to unsecured database exposed about 440 million records belonging to the cosmetic giant Estée Lauder. The incident spilt customer and employee email addresses, confidential files, marketing reports and data storage paths.

The breach can be subject to GDPR related investigation as data of EU citizens were affected.

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.