LOS ANGELES, CALIFORNIA - JUNE 12: Convention goers attend E3 2019 at the Los Angeles Convention center on June 12, 2019 in Los Angeles, California. (Photo by Vivien Killilea/Getty Images for E3/Entertainment Software Association)

Photo by Vivien Killilea/Getty Images for E3/Entertainment Software Association

E3, the largest gaming event in the western hemisphere, became the next culprit in 2019’s continued saga of data leaks. A document posted on the E3 2019 website exposed the personal data of thousands of media members that covered the event in June.

In a YouTube video, content creator, Sophia Narwitz, chronicled her discovery of the spreadsheet. In the video, she explains how she discovered the document. An entry in the “Helpful Links” tab of the E3 site, when clicked, downloaded a list of over 2,000 media members. She also states that she contacted the Entertainment Software Association (ESA), the parent organization that runs E3, to alert them of the leak. The ESA removed the link, which now only gives a 404 error, but the damage may already be done.

The ESA has since released a statement on the leak.

“ESA was made aware of a website vulnerability that led to the contact list of registered journalists attending E3 being made public. Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this this occurrence and have put measures in place to ensure it will not occur again.”

This could potentially lead to significant legal issues for the ESA in multiple countries. Because European journalists were also on the document this could be considered a GDPR violation in the European Union. Under GDPR, companies that collect the data of EU citizens must meet certain security standards in protecting that data or face fines.

Checkpoint XP is following this story as it develops.