For today’s episode of “No Need to Hack When It’s Leaking,” DataBreaches brings you three leaks involving patient/medical information: one from the U.S., one from India, and one from Australia. Tridas Center Jeremiah Fowler and the Website Planet research team discovered an unsecured database containing more than 16,000 records with personally identifiable information about...
Mathrubhumi.com reports: The personal data of over 30,000 students at Kannur University were reportedly leaked. A private cyber security agency in Kochi found that the data were published on a dark web portal. As per the preliminary assumption, the data of the students were leaked due to a technical glitch in the university’s official...
Jay Jay reports: The South Reading & Shinfield Group Medical Practice, a healthcare clinic in Reading, recently leaked the email addresses of many of its patients after clinic officials included their email addresses in an emailed invitation. Source: Teiss
Why would other victims ever come forward and report their assaults when they cannot trust the police to protect their reports? This is an appalling breach, and an “investigation” isn’t going to undo any harm that has been done. What exactly is going to be done to mitigate harm to the victims of this...
NL Times reports: A data leak at the Land Registry meant that protected residential addresses were visible and accessible between September 18 and October 11, the organization that manages real estate confirmed to the Volkskrant. According to the Land Registry, the leak occurred during a recent system update, and it notified the Dutch Data Protection Authority....
The UK Information Commissioner has agreed to reduce the £500,000 Monetary Penalty Notice (MPN) imposed on the Cabinet Office in 2021 in relation to the New Year Honours data breach to £50,000, which the Cabinet Office has agreed to pay, reflecting our new approach to working more effectively with public authorities. The UK Information Commissioner issued its...
CT: Brookfield admits ‘blackout pen’ error led to sharing of special education students’ information
Trevor Ballantyne reports: School officials this week acknowledged a failure to properly redact personally identifiable information linked to students receiving special education services from the school district. According to emails obtained by The News-Times, parents accused the district of violating privacy protections laid out under the U.S. Family Education Rights and Privacy Act, or...
Here’s today’s example of “No Need to Hack When It’s Leaking.” Zack Whittaker reports: Pharmaceutical giant AstraZeneca has blamed “user error” for leaving a list of credentials online for more than a year that exposed access to sensitive patient data. Mossab Hussein, chief security officer at cybersecurity startup SpiderSilk, told TechCrunch that a developer left...
Mediko, Inc. has issued a press release concerning an unintended exposure of protected health information by their third-party claims processor, CorrectCare. According to their notice, on July 6, CorrectCare discovered that two file directories on their server had been misconfigured and were exposing files to the public. The investigation subsequently determined that the exposure...
Community Health Network notifies patients of meta pixel breach