Skip to content
July 12, 2026
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Zero-hour alerts. Unmatched analysis.

Primary Menu
  • Home
  • CVE Data
    • CVE Watchtower
    • Top Exploited CVEs
    • CVE Stats by Vendor
    • Q2 2026 Report
  • Cyber Criminals
  • Data Leak
  • Linux
  • Malware
  • Vulnerability
  • Submit Press Release
  • Vulnerability Report
Light/Dark Button
  • Home
  • Technique
  • Are We Suffering from ‘Data Leak Fatigue’
  • Technique

Are We Suffering from ‘Data Leak Fatigue’

Do Son May 27, 2020 6 minutes read

When people are frequently exposed to something, they learn how to adapt to it. This is why immersion therapy is so effective for treating phobias in some people: if you are afraid of spiders, then reaching into a box full of arachnids and letting them crawl all over your arm without any negative consequences can help alleviate your fears. However, this isn’t always a positive thing. You only need to look at any news story about Donald Trump (that doesn’t come from Fox News) and then imagine showing it to someone in 2015 to understand how becoming numb from exposure can cause us to normalize and accept things that we normally wouldn’t.

This effect might go some way to explaining why so many businesses have got away with being unacceptably careless with our personal data (e.g. scraping it and then monetizing). A decade or so ago, a major data breach that exposed hundreds of thousands, maybe even millions, of peoples’ data to an attacker would have made headlines around the world. Fast-forward to 2020, and data leaks are now so common that we routinely shrug them off when they occur.

Data Breaches In 2020

With the coronavirus pandemic already upending business operations across the globe, denting consumer confidence, and putting many businesses into precarious financial positions, now is the worst possible time for most of those businesses to be suffering data leaks. But coronavirus hasn’t slowed down the pace that cybercriminals operate at, they are just as eager as ever to get their hands on people’s data.

Data breaches are a global phenomenon. Criminals aren’t at all fussy about where they get their data from. Let’s take a look at some of the breaches that have occurred around the world within the last month.

Tesco Clubcard Database Breach

Tesco is the largest supermarket chain in the UK. It is an enormous business with a yearly-turnover that would make most people’s eyes water. With the resources at its disposal, you would expect Tesco to have invested accordingly in its cybersecurity. You would definitely think that having been fined £16.4 million in 2018 over IT failings at its banking division, Tesco would have learned their lesson and beefed up security appropriately.

However, all the money in the world and the best cybersecurity systems that money can buy won’t help you if your users aren’t going to do their bit. It seems as if the data breach that Tesco suffered at the beginning of March was, at least in part, due to a credential stuffing attack. In other words, attackers took usernames and passwords from another data breach and tried them out.

The result is that the supermarket has now issued 600,000 new store cards to customers and advised users to change their passwords. This attack perfectly illustrates why we are all told not to reuse passwords across multiple services.

Princes Cruises And Holland America Line

Within the last month, two of America’s biggest cruise lines announced that they had been hit by data breaches that may have exposed the personal data of both employees and guests. We should clarify: the actual breach, in this case, has been traced back to a series of suspicious emails received by the businesses in May 2019, but it is only this month that they have acknowledged the scale of the breach.

This is common when it comes to data leaks. In some countries, which now encompasses all of the EU and UK thanks to GDPR, businesses have a legal obligation to report any data breaches in a timely manner. Sometimes there is an inevitable lag between a breach and a report. This isn’t always due to incompetence or malice or giving key people time to dump their stocks (which is far too illegal for us to accuse anyone of), although all too often it is.

While both cruise lines have said that they have no indication the data stolen has been misused, among the nuggets of data that the attackers got their hands on were names, credit card numbers and other financial information, health-related information, government ID numbers, passport numbers and, to top it all off, social security numbers. Basically, everything you need to steal someone’s identity in an afternoon.

What Can We Do?

All too often, consumers feel powerless against the whims of big corporations. As corporate consolidation continues unabated in the US, consumers are increasingly finding themselves with no alternative but to keep giving their money and their custom to businesses, even though they don’t want to.

Perhaps the best example of this is Facebook. No one, and I mean no one, thinks that Facebook is good business. Don’t ever forget that the largest and most egregious data breach in history – the Cambridge Analytica scandal – was conducted entirely using Facebook’s own tools and API. There was no circumventing security or breaking into sensitive systems. Instead, Cambridge Analytica simply used the tools that Facebook provided to harvest data and potentially undermine the legitimacy of two of the most important democratic votes of the last century. Even at the best of times, Facebook is a privacy nightmare and proof-positive that once a business reaches a certain critical mass, it can basically do whatever it wants.

And yet, people continue to use Facebook regardless. The same is true for the myriad of other businesses that have been careless with their users’ data. Why is this the case? There are a number of reasons, but a big part of the problem is a general sense of hopelessness and apathy amongst consumers. Data leaks are so common now that we have become fatigued.

Even people who genuinely do care about data leaks and are actively involved in lobbying for change are suffering from data leak fatigue. These leaks are now so common that they aren’t registering with us the way that they should.

The only solution to this problem is for those of us who refuse to accept the current situation to make our voices heard. GDPR isn’t perfect, but it has been a game-changer as far as privacy in the EU is concerned. GDPR normalizes a healthy attitude towards data privacy and threatens serious financial consequences for businesses that ignore it. A similar federal law in the US seems inevitable, especially now that California has set the blueprint with CCPA.

Share this article:

Facebook Post LinkedIn Telegram
Tags: Data Leak Fatigue

Search

Translation

CVE WATCHTOWER
🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

Upgrade Package

🚨 Active Exploits in the Wild

  • CVE-2026-1207CVSS 5.4
    An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on...
    Admin intel📅 Updated: Jul 10, 2026
  • CVE-2026-48939CVSS 10.0
    A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment...
    CISA KEV📅 Added to KEV: Jul 10, 2026
  • CVE-2026-56291CVSS 10.0
    The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files...
    CISA KEV📅 Added to KEV: Jul 10, 2026
  • CVE-2026-55255CVSS 8.4
    Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-48908
    A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-56290
    The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-20896CVSS 9.8
    Gitea Docker image: `REVERSE_PROXY_TRUSTED_PROXIES = *` default lets any source IP impersonate any user via `X-WEBAUTH-USER`
    Admin intel📅 Updated: Jul 6, 2026
  • CVE-2026-48282CVSS 10.0
    ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted...
    Admin intelCISA KEV📅 Added to KEV: Jul 7, 2026📅 Updated: Jul 3, 2026
Powered by CVE Watchtower

🔴 Live Critical Threats

  • CVE-2026-56271CVSS 9.8
    Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses weak hardcoded default...
  • CVE-2026-56260CVSS 9.1
    Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker...
  • CVE-2026-61447CVSS 10.0
    PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that...
  • CVE-2026-61445CVSS 9.9
    PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in...
  • CVE-2026-60090CVSS 9.8
    PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the...
  • CVE-2026-57827CVSS 10.0
    The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload...
  • CVE-2026-57828CVSS 9.0
    The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file...
  • CVE-2026-14480CVSS 9.9
    OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the...
  • CVE-2026-20744CVSS 9.8
    The charging station websocket endpoint accepts connections without proper authentication, which could...
  • CVE-2026-57807CVSS 9.8
    Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security...
Powered by CVE WATCHTOWER

Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
  • Top Exploited CVEs
  • Daily CyberSecurity

    • About SecurityOnline.info
    • Advertise with us
    • Announcement
    • Contact
    • Contributor Register
    • Login
    • Disclaimer
    • DCMA
    • Privacy Policy
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact Us

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • CVE Watchtower
    • CVE Statistics by Vendor 2026
    • Q2 2026 Report
    • Top Exploited CVEs
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    © 2017 - 2026 Daily CyberSecurity. All Rights Reserved.