UK NHS Database Exposes Over 1 Million Patient Records
During the past week, a breach was discovered in patient booking system SwiftQueue, which is widely used by several National Health Service (NHS) facilities. The database may have contained patient information for up to 1.2 million UK citizens, though the actual data has yet to be fully examined. Even worse, attackers now claim they have found additional SwiftQueue vulnerabilities and are in possession of all 11 million records stored by the company.
Booking Provider’s Data Found in Public Data Dump
Researchers recently discovered a large customer data dump in a publicly-facing Amazon S3 bucket. The data in question belongs to Groupize, a groups and meetings solution, and contains everything from customer interactions to full credit card information used to book hotels and other meeting spaces. Fortunately for anyone who has used the service, the data was properly secured within a week of the discovery.
Phishing Site Hosted on .fish Domain
A new phishing site using a .fish domain was found in the past few weeks. .Fish is one of many generic top level domains (TLDs) created several years ago. While the site itself appears to have been compromised, rather than created maliciously, it was issuing redirects to an actual phishing page disguised as a French banking cooperative in Vietnam. This is the second .fish-hosted phishing site in the past 2 weeks; the first was a Netflix phishing attack that emerged just one week prior.
Stay up-to-date on the most important security news on our Threat Blog.
