iPR Software, which provides a software platform for managing marketing and PR information, exposed internal and client data via a misconfigured Amazon S3 bucket, Threatpost reports. The client data included 477,000 media contacts, business account information, 35,000 hashed passwords, various types of documents, and administrative system credentials. Among the affected clients were GE, Xerox, CenturyLink, Forever 21, Dunkin' Donuts, Nasdaq, and California Courts. UpGuard, which discovered the database, said it appeared to be the backend for iPR Software's CMS product. The database was secured just over a month after UpGuard notified the company of the exposure.
Representative Pramila Jayapal (Democrat of Washington) sent a letter to Google executives inquiring how the company was protecting the health data it collected as part of Project Nightingale, according to TheHill. Jayapal wrote that since Google and its parent company Alphabet "have engaged in an ever-widening acquisition of the highly personal health-related information of millions of people, Americans now face the prospect of having their sensitive health information handled by corporations who may misuse it." She requested that the companies answer her inquiries by January 5th.
Experts from Western consulting firms, universities, and think tanks are being criticized for advising authoritarian regimes such as Saudi Arabia, Foreign Affairs notes. Source Global Research found in 2017 that the consulting market in the Gulf states surpasses $2.8 billion.