Dec 142018

Jasper Lindell reports:

ActewAGL has confirmed 400 electricity, gas and water customers have received bundles of bills addressed to other utility customers in a massive privacy breach affecting 6000 customers in the ACT and NSW.

ActewAGL notified the Privacy Commissioner of the breach after it became aware of the mistake on Wednesday and had set up a taskforce by Friday afternoon to respond to affected customers.

Read more on Canberra Times.

Dec 142018

Hilary Bird reports:

An N.W.T man says he found hundreds of confidential medical records at the Fort Simpson dump.

The documents contain detailed information about patients’ mental health and history of drug use, including applications to addictions treatment facilities, progress reports from those facilities, and detailed notes from one-on-one counselling sessions.

The documents, many of which were on N.W.T. government letterhead, also included social insurance, treaty and health card numbers.


Dec 142018

Todd Wallack reports:

Save the Children Federation, one of the country’s best-known charities said it was the victim of a $1 million cyberscam last year.

The Connecticut-based nonprofit said hackers broke into a worker’s e-mail, posed as an employee, and created false invoices and other documents, to fool the charity into sending nearly $1 million to a fraudulent entity in Japan. The con artists claimed the money was needed to purchase solar panels for health centers in Pakistan, where Save the Children has worked for more than 30 years.

Read more on Boston Globe.

Dec 132018

Sergiu Gatlan reports:

According to the Ministry’s public statement, the hackers managed to get their hands on the names, phone numbers, and email addresses of all people who had an account on the French Ariane emergency contact database. 

The platform is used by the French Ministry of Europe and Foreign Affairs to allow citizens traveling abroad to received security updates in case of emergency. 

“Personal data recorded during registration on the Ariane platform have been stolen,” says the Ministry’s statement

Read more on Softpedia.

Dec 132018

One of the newer incidents appearing on HHS’s public breach tool this week is a report from Mind & Motion, LLC in Georgia.  Mind & Motion offers various types of therapeutic modalities. 

On September 30th, 2018,  they discovered that their server had been attacked with ransomware.

In a notification to patients, they write:

We have learned that your personal information potentially including: name, address, birthday, gender, medical history, social security number, medical diagnosis, insurance information, and medical records may have been compromised.

Ouch. It’s a great notification letter in terms of transparency, though, as it also details findings by the external consultants they brought in to assist and the steps they are taking to prevent a similar incident in the future. I’m sure some readers will pick up on all the past detritus from attacks and wonder why nothing got detected or prevented sooner, but it is what it is and it sounds like they have taken serious steps to improve their data security. I wish them well.

According to their report to HHS, 16,000 patients have been notified.

You can read their entire web site notice, below: