Login

Register

Login

Register


The personal data of 10,000 UK rail passengers has been exposed after a Wi-fi provider left a database unsecured online. 

C3UK provides passengers with free Wi-fi at railway stations across the UK. The company admitted failing to secure a database containing user information when contacted by the British Broadcasting Corporation’s news team.

The data breach was discovered by security researcher Jeremiah Fowler, who stumbled across the C3UK database while carrying out research online for Security Discovery. Fowler said the database contained 146 million records, including dates of birth, email addresses, and travel plans. 

Shockingly, the database was stored on an Amazon Web Services storage device that was not protected by a password and could therefore be viewed by anyone.

Passengers affected by the breach include those who have used free Wi-fi services at Harlow Mill, Chelmsford, Colchester, Waltham Cross, Burnham, Norwich, and London Bridge. The database had been created between November 28, 2019, and February 12, 2020. 

Fowler sent evidence of his discovery to C3UK on Valentine’s Day, 2020. When he didn’t receive an immediate response, the researcher sent two follow-up emails over the next six days, warning the company of the data breach. 

“When you see that information, you are racing against the clock to get it closed down,” said Fowler.

C3UK said that the unsecured database, which it described as a back-up copy, was secured as soon as they were made aware of the breach.

The company downplayed the seriousness of the breach, stating: “Given the database did not contain any passwords or other critical data such as financial information, this was identified as a low-risk potential vulnerability.”

C3UK said that an internal investigation into the cybersecurity incident indicated that the mistake had been caught and rectified before any data had wound up in the hands of bad actors.

“To the best of our knowledge, this database was only accessed by ourselves and the security firm and no information was made publicly available,” it said.

After finding no evidence that the data had been accessed or exfiltrated by other parties, C3UK elected not to report the data breach to the regulatory body, the Information Commissioner’s Office (ICO).

The C3UK breach was confirmed by Network Rail, which said it had “strongly suggested” to the company that they report the incident to the ICO.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW