The #DataInsecurity Digest | Issue 100

Massive biometric data breach raises concerns for long-term data security

By John Breyault (@jammingecono,
NCL Vice President of Public Policy, Telecommunications and Fraud

Subscribe here. Tell us what you think.

Editor’s note: Researchers have discovered fingerprints, facial recognition data and passwords were inadvertently leaked by a British security firm, compromising some of the most sensitive data for more than a million consumers.

In other news: at least 20 Texas municipalities are battling a ransomware attack; the porn accounts of 1.2 million users have been compromised; and around 10 million dating app users’ geolocation data have been leaked.

Finally, a big “huzzah” to the entire #DataInsecurity Digest team for our 100th issue! Special kudos to NCL staffers Carol McKay, Taun Sterling, and Brian Young for making yours truly look good every other week! And, of course, thanks to all of our loyal readers for making the Digest a success! If you like this email, share it widely and encourage your friends and colleagues to subscribe!

And now, on to the clips! 


Millions of pieces of biometric data leaked. This massive breach includes thefingerprints of over 1 million individuals, face recognition information, unencrypted names and passwords, and other personal info.” @techreview comments that the data leak strikes at the heart of one of the big fears and criticisms about the increasing use of biometrics: You can change your username and password with a couple of clicks. Your face is forever.” (Source: MIT Technology Review)  

At least 20 municipalities in Texas suffered a ransomware attack. Government officials would not release the names of the entities affected by the breach “for security reasons.” (Source: The Hill)  

Breach du jour: 1.2 million pornography accounts. The adult content sharing site Lucious exposed the personal information of nearly 1.2 million of its users. Of the breach victims,many users joined Luscious using their government email addresses,” which inflicts “a great deal of additional vulnerability,” to the breach victims. (Source: IT Pro

Breach du jour part deux: Tens of thousands of MoviePass customer credit cards. “Movie ticket subscription service MoviePass has exposed tens of thousands of customer card numbers and personal credit cards because a critical server was not protected with a password.” (Source: Tech Crunch)   

Smart ovens are turning themselves on. While the smart oven company, June, blames this fire hazard on “user error,” the company “is planning an update that’ll hopefully remedy the situation and prevent it from happening again, but that change isn’t coming until next month.” (Source: The Verge

Suggested reading: How much damage could a hacker do with just a victim’s phone number? (Source: New York Times)

Cyber threats against financial institutions increased by 56 percent in the last 12 months. Researchers “found more than 8.9 million security events in a 12-month period. Brand abuse and manipulation was the most common threat, with more than 250,000 events. Ninety percent of these were name impersonations, often not easily detected due to disguising tactics.” (Source: Dark Reading)

Grindr, Romeo, Recon, and 3fun expose users’ exact location. Together, the four dating apps boast around 10 million users. The breach of location data has the potential to increase discrimination. @alexlomas comments that, “aside from exposing yourself to stalkers, exes and crime, de-anonymizing individuals can lead to serious ramifications. … In the UK, members of the BDSM community have lost their jobs if they happen to work in ‘sensitive’ professions like being doctors, teachers, or social workers. Being outed as a member of the LGBT+ community could also lead to you losing your job in one of many states in the USA that have no employment protection for employees’ sexuality.” (Source: Threat Post)


National Consumers League
Published August 29, 2019