ComputerWeekly – Most third-party risks are discovered after the initial due diligence period, Gartner study shows, highlighting the need for a new approach to risk management and the importance of effective access controls.

The Verge – I’m not a massive fan of personalized license plates, but even I feel a little bad for Joseph Tartaro, a security researcher who, at one point, had as much as $12,049 in traffic fines because of an ill-advised license plate choice.

Forbes – A security researcher by the name of Droogie decided to mess with the Automatic License Plate Reader systems that issue traffic fines, securing the vanity plate “NULL,” part for fun and part in the hope that this spoofed the system into returning errors whenever his plate was seen. Instead he received more than $12,000 in fines—clearly his plate became a dumping ground for erroneous data records.

Sky News – More than one million fingerprints and a host of usernames and passwords have been exposed on an unsecured database hosted by a security platform that lists the Metropolitan Police among its clients. Researchers claim to have discovered the publicly accessible information on the web-based BioStar 2, which is owned and operated by South Korean company Suprema.

Forbes – Drone commercialization has skyrocketed over the past five years. With capabilities from top-quality imaging and video software to speeds that can reach over 60 miles per hour, drones are endlessly appealing to the public. However, these same capabilities quickly become dangerous if the products on the market are not secure.

HelpNetSecurity – While working on a web-mapping project, VPNMentor researchers Noam Rotem and Ran Locar discovered a publicly accessible database containing fingerprint records of over 1 million users, facial recognition information, personal information and much more.

InfoSecurity Magazine – British Airways has come under fire from the security community again, this time after a vulnerability in its e-ticketing system was found to be exposing passenger’s personal information (PII). Security firm Wandera claimed in a blog post yesterday that the airline was sending out unencrypted check-in links to customers which contained booking reference and surname in the URL itself.

ComputerWeekly – British Airways has not addressed a potential leak of passenger details despite warnings from security researchers, but says it is aware of the issue and is taking action.

SecurityWeek – British Airways (BA) has been criticized for allowing hackers easy access to customer flight information. The issue was exposed Tuesday by researchers who discovered “a vulnerability affecting British Airways’ e-ticketing system that exposes passengers’ personally identifiable information (PII).”

ComputerWeekly – The discovery of a publicly accessible database of biometric information highlights failings by the supplier, the need for supply chain security, and the challenges of using biometric data.