The personal data of more than 2,000 journalists was recently leaked via a spreadsheet found on the website of the Electronic Entertainment Expo (E3).
E3, a global video game trade show, took place in Los Angeles back in June and it attracts video game journalists from across the world to see, play and report on the latest developments and releases.
Following the event, YouTube content creator, Sophie Narwitz, reported that she had found names, addresses, emails and phone numbers on a spreadsheet linked to E3’s registration process entitled, ‘Registered media list’. A simple click of the public link would then reveal the personal information.
The link now returns a 404 with Narwitz commenting: “It has since been removed given I contacted the ESA, but this is a massive breach of trust and privacy,”
The ESA (Entertainment Software Association) have since responded by commenting, “ESA was made aware of a website vulnerability that led to the contact list of registered journalists attending E3 being made public. Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this occurrence and have put measures in place to ensure it will not occur again.”
Keeping personal data safe and secure is of course something that all organisations large and small should take very seriously. The General Data Protection Regulation (GDPR) requires that personal data is processed securely using appropriate technical and organisational measures.