Collaborate Disseminate
Our system produces preview images of A4 documents, which contain sensitive data (email, phone numbers, social networks and adresses) of our users. We would like to save those preview images in our cloud, to later present them to the corre… Continue reading Extraction of sensitive data out of down- scaled images
We are currently implementing an envelope encryption scheme in order to securely store PII data in our database. That means we will have a user- specific DEK (data encryption key), and a KEK, which will get derived from the user’s password… Continue reading Envelope Encryption: KEK management in Auto- Login case
Avis Car Rental is notifying roughly 300,000 individuals that their personal information was stolen in an August 2024 data breach.
The post 300,000 Impacted by Data Breach at Car Rental Firm Avis appeared first on SecurityWeek.
Continue reading 300,000 Impacted by Data Breach at Car Rental Firm Avis
I have a table in Postgres that stores phone numbers. Since phone
numbers are considered PII, I cannot store them as plaintext.
For other PII fields, I use AES-256-CBC. However, the requirements are that phone numbers are
part of a unique… Continue reading Searchable encryption for phone numbers
A coming White House Executive Order seeks to protect personal information by preventing the mass transfer of Americans’ sensitive data to countries of concern.
The post White House to Issue Executive Order on Personal Information Protection appeared f… Continue reading White House to Issue Executive Order on Personal Information Protection
I am on the very last functionality to implement before launching my app. I have the same requirements someone like Fanduel or Draftkings does. When my users cross the $600 threshold for prizes in the year, I need to store their ss number … Continue reading Help me securely store and retrieve Social Security numbers [closed]
I have been using my personal Gmail Account for years to create accounts on a wide range of websites like evite.com and Instagram.
Google conducted a dark web scan and created a report of instances where my personally identifiable informat… Continue reading My personal info was leaked on the dark web through my Gmail Account; is it still safe to continue using said Gmail Account?
I recently had a peculiar experience where a vase, courtesy of my mischievous cat, took an unexpected detour onto my head. In the aftermath, I couldn’t help but wonder about the security of an Airline booking system used by various airline… Continue reading Hypothetical Discovery: Security Concerns in Airline Booking Systems – Seeking Guidance on Responsible Reporting [duplicate]
The Australian federal government aims to deliver changes to privacy laws in 2024. Organisations are being warned to prepare ahead of time by creating a comprehensive map of organisational data. Continue reading What Australian IT Leaders Need to Focus on Ahead of Privacy Act Reforms
I’m currently designing an API endpoint to validate a customer, and they can either pass in their postcode or their last name, as well as their customer ID (plus some other irrelevant data).
I’ve heard that including PII or sensitive data … Continue reading Is it a security issue to include postcode and/or last name in a GET request query string?