Collaborate Disseminate
I’m currently designing an API endpoint to validate a customer, and they can either pass in their postcode or their last name, as well as their customer ID (plus some other irrelevant data).
I’ve heard that including PII or sensitive data … Continue reading Is it a security issue to include postcode and/or last name in a GET request query string?
For many file formats, there are typical types of metadata that one may want to erase if they do not want personally-identifying information to be associated with the file. EXIF data in image files is a typical example.
I have recently beg… Continue reading Identifying information contained in Adobe files
I was registering on isc2 website for a certification exam and saw that the date of birth was a "required" field to be filled out. I skimmed through their privacy policy, etc, but didn’t see a reason why this piece of data was b… Continue reading isc2 website is asking for date of birth to register for exam, should i be concerned? [closed]
I started capturing my home network data with wireshark and tcpdump after receiving a notification that my personal email was being accessed from another location. In the data capture files, I found I am compromised.
How do I go to report … Continue reading How can I go about reporting a data breach in my private network without compromising my personal/private network data [closed]
Documents such as driving license, financial statements etc. with a lot of PII, how big is the risk of storing such type of documents on the shared external storage on android?
Assumptions:
Android device is encrypted but the individual f… Continue reading What are the security risks of storing sensitive documents on your android devices’s external storage?
We have a requirement to display some PII and partially obfuscating it on the frontend. However, it should still be intuitive enough for the end-user to decipher whether it is correct or not. I can’t find any official guidance or best-prac… Continue reading Best practice for partially obfuscating PII [closed]
Just recently decided to move to NYC, and I am noticing a pattern in rental application systems:
Many of the application systems store the SSN, financial docs, sometimes banking information, along with all the other PII you can imagine in … Continue reading Social Security & PII Exposure on NYC Rental Applications [closed]
If I sign up for Gmail I probably agree to give Google the right to use all my content for whatever purposes they want. We know they have incredible research going on into data mining and machine learning to identify and predict sensitive … Continue reading Is Google mining the content of emails I send to people who use gmail? Could they?
A long time ago, I signed up for Apple Pay Cash. After a bit of using the service, I was asked to input my name and birthdate to continue using the service. At the time, I was underage. I input inaccurate information signifying I was 18+ t… Continue reading What are the main PII data brokers? (How do certain online companies get accurate age verification?)
At my local medical center in New Hampshire, USA, every new encounter with a patient – office visits, booking appointments by phone, etc. – begins with the patient providing their name and date of birth. This is fine if I initiate the phon… Continue reading Medical center uses DOB for identification over the phone. Alternatives? [closed]