Tepco employee loses info on 22 claiming nuclear compensation redress

 Breach Incidents, Lost or Missing, Non-U.S., Paper  No Responses »
Jun 142013
 

Everywhere you go, documents are left on public transportation by employees, it seems:

Tokyo Electric Power Co. said Friday that one of its employees has lost documents that include the personal information of 22 individuals who have applied for compensation related to the triple-meltdown crisis at its Fukushima No. 1 nuclear plant, adding that this was not the first case of mishandling.

“We deeply apologize for causing trouble,” a Tepco official told reporters, explaining that the employee, a man in his 40s, left the documents on a train when returning home Tuesday. The utility has not received reports of any inappropriate use of the personal information.

Tepco revealed that there have been around 60 cases involving the mishandling of personal information related to compensation claims and it had decided to disclose the latest case because it has not been able to contact all of the 22 individuals involved.

Read more on Japan Times.

Privacy Commissioner details ‘web leakage’ research, but declines to name sites found in violation

 Breach Incidents, Business Sector, Exposure, Non-U.S.  No Responses »
Jun 132013
 

Matthew Braga reports:

The Office of Canada’s Privacy Commissioner has declined to name 11 Canadian websites found to be leaking personal information to third parties without the knowledge of users, but revealed in a blog post that privacy practices had improved after being notified of the government’s concerns.

A study found that user names, email addresses, location data and other identifying information were being sent to advertisers and analytics companies – in some cases, unbeknownst to the websites themselves.

Read more on Financial Post.

I can appreciate that the Commissioner wants to enlist cooperation/remediation and is using the avoidance of naming and shaming as the carrot, but shouldn’t the consumers whose information was leaked – either knowingly or unknowingly by the web sites – be informed? Apparently there is no such legal requirement in Canada.

Australian customers’ private phone calls online

 Breach Incidents, Business Sector, Exposure, Non-U.S.  No Responses »
Jun 092013
 

Ben Grubb reports:

“This call may be recorded for training and quality purposes.”

And perhaps inadvertently uploaded to the internet if you’re a customer of a certain Australian telco.

Recorded voice contracts containing personally identifiable information between telco IF Telecom and its customers have been found online by an Australian security expert while performing a simple Google search.

The audio files found on the internet contain business managers confirming telephone contract agreements to an IF Telecom operator. Information read aloud during the calls by business customers includes their name and position, business name, date of birth, drivers’ licence number and expiry date, business street address and business telephone number.

Read more on The Age.

UK: ICO fines Glasgow City Council £150K

 Breach Incidents, Government Sector, Lost or Missing, Non-U.S., Of Note, Theft  No Responses »
Jun 092013
 

The Information Commissioner’s Office (ICO) has issued Glasgow City Council with a monetary penalty of £150,000 following the loss of two unencrypted laptops, one of which contained the personal information of 20,143 people.

The serious breach of the Data Protection Act comes after the council was previously issued with an enforcement notice three years ago, following a similar breach where an unencrypted memory stick containing personal data was lost.

In the latest incident, two unencrypted laptops were stolen from the council’s offices on 28 May last year. The laptops were stolen from premises which were being refurbished and where complaints of theft and a lack of security had been made. One laptop had been locked away in its storage drawer and the key placed in the drawer where the second laptop was kept, but the second drawer was subsequently left unlocked overnight, allowing the thief access to both laptops.

One of the laptops stolen contained the council’s creditor payment history file, listing the personal information of over 20,000 people, including 6,069 individuals’ bank account details.

The ICO’s investigation found that, despite the ICO’s previous warning and in breach of its own policy, the council had issued a number of its staff with unencrypted laptops after encountering problems with the encryption software. While most of these devices were later encrypted, the ICO also discovered that a further 74 unencrypted laptops remain unaccounted for, with at least six of these known to have been stolen.

Ken Macdonald, the ICO’s Assistant Commissioner for Scotland said:

“How an organisation can fail to notice that 74 unencrypted laptops have gone missing beggars belief. The fact that these laptops have never been recovered, and no record was made of the information stored on them, means that we will probably never know the true extent of this breach, or how many people’s details have been compromised.

“Glasgow City Council was issued with an enforcement notice back in 2010 after a similar incident where an unencrypted memory stick was lost. To find out that these poor practices have returned some two years later shows a flagrant disregard for the law and the people of Glasgow. The council should be held to account, and the penalty goes some way to achieving that.”

The ICO has also served the council with an enforcement notice requiring it to carry out a full audit of its IT assets used to process personal data and arrange for all of its managers to receive asset management training. The council must also carry out a full check of all of its devices each year so that the asset register can be kept up to date.

The ICO has produced guidance on the use of encryption software which is available on the ICO website.

SOURCE: Information Commissioner’s Office

AU: Arrest made over police data breach

 Government Sector, Insider, Non-U.S.  No Responses »
Jun 092013
 

Thomas O’Byrne reports:

Detectives have made a fresh arrest as investigations continue into a major information breach at Victoria Police.

Detectives from Taskforce Keel – commissioned last month to investigate a major leak of confidential police files – announced on Friday that they had arrested a 38-year-old Seddon man.

Police have charged the man with perverting the course of justice and trafficking a commercial quantity of amphetamines.

Since Taskforce Keel was set-up in May, a total of three police officers from the North West Metro region have been suspended and six other people have been charged with related offences.

Read more on The Age.

Hetzner Security Breach Exposes Customer Passwords, Payment Information

 Business Sector, Hack, Non-U.S.  No Responses »
Jun 092013
 

Nicole Henderson reports:

German web hosting provider Hetzner Online AG discovered a backdoor on on its Nagios monitoring servers last week, and emailed customers on Thursday to let them know that password hashes and payment information was compromised.

According to a report by H-Online, founder Martin Hetzner says it’s not clear at this time how many customers have been impacted by the breach, that also included the compromise of its Robot management interface for dedicated servers and the customer payment data stored there, including credit card numbers, the expiry date, card type and the last three digits of credit card numbers.

Read more on WHIR.

 

 Older Entries