Products
▸
Below you’ll find details on two notifiable information security incidents.
The first incident occurred at a travel agency based in Melbourne. Inspiring Vacations has experienced a significant data leak, which resulted into exposure of 26.8 GB database.
Uncovered by cybersecurity researcher Jeremiah Fowler, the exposed database, owned by Inspiring Vacations, contained 112,605 records, encompassing personal information of numerous tourists. The compromised database housed data on 13,684 customers.
The exposed data included:
While the majority of individuals affected were Australian citizens, identification documents of New Zealand, the United Kingdom, and Ireland residents were also discovered.
Although the exact number of affected passports is uncertain, the sample revealed approximately 1,000 identification documents.
The second incident also resulted in a large amount of customer information being leaked.
The data leak at Coronalab.eu, a Dutch COVID-19 testing platform, resulted into exposure of the database with 11.8 million patient records. The prerequisite for the incident was misconfiguration of the Google Cloud Storage bucket named "prod," containing 1.7 million files and 11.7 million records on individuals from 44 countries. The bucket was used for operational and production data management.
The exposed data, spanning 2020 to 2022, comprised 120K Covid certificates in QR code formats and 32K CSV files with over 11.7 million test results. The exposed personal information included:
Most of the leaked information belongeds to residents of Denmark, but information on residents of the UK, the Netherlands, the US, Germany and Italy was also among the data exposed.
You can also read about two similar incidents we reported earlier, the LY Corporation data leak and the LADBible group incident.
