Dec 142018
 

Jasper Lindell reports:

ActewAGL has confirmed 400 electricity, gas and water customers have received bundles of bills addressed to other utility customers in a massive privacy breach affecting 6000 customers in the ACT and NSW.


ActewAGL notified the Privacy Commissioner of the breach after it became aware of the mistake on Wednesday and had set up a taskforce by Friday afternoon to respond to affected customers.

Read more on Canberra Times.

Dec 142018
 

Hilary Bird reports:

An N.W.T man says he found hundreds of confidential medical records at the Fort Simpson dump.


The documents contain detailed information about patients’ mental health and history of drug use, including applications to addictions treatment facilities, progress reports from those facilities, and detailed notes from one-on-one counselling sessions.


The documents, many of which were on N.W.T. government letterhead, also included social insurance, treaty and health card numbers.

Read more on CBC.ca.

Dec 132018
 

YLE reports:

The head of the Finnish Transport Safety Agency Mia Nykopp has resigned after a privacy breach that allowed details about every driver in the country to be easily accessible online

[…]

Since July it has been possible to view details of every driver’s license online, and to check if they have a valid license. Trafi shut down the service on Sunday.

Read more on YLE.

Dec 132018
 

Errors involving spread sheets continue to contribute to breaches.  Consider this description in a notification from San Bernardino Community College District – Crafton Hills College Campus. The breach occurred on October 25:

What Happened
We recently learned that a District employee inadvertently sent a spreadsheet containing certain individuals’ information to a community college distribution list. Although the spreadsheet was sent to a known group of individuals and related to certain program information, there was additional information contained in the spreadsheet that was not intended for broader distribution.


What Information Was Involved
The information stored in the spreadsheet varies by individual, but may include first and last name, address, date of birth, Social Security number, and certain course-related information.

[…]

This incident does not involve any unauthorized access to or use of any of San Bernardino Community College District’s internal computer systems or network and, as outlined above, this information was sent to a community college distribution list. Please note that we are not aware of any fraud or misuse of your information as a result of this incident.

It’s not clear from the sample notice whether this was a case of hidden fields in the spread sheet or if the employee just didn’t really pay attention to all the fields with additional information.  Either way, it’s yet another breach that might have been easily avoided but will now cost the college to investigate and mitigate.

Dec 132018
 

Janene Pieters reports:

A data leak affecting the municipality of Amsterdam revealed the names and addresses of residents upset about the city’s home share policy. In one case a phone number was also leaked, AT5 reports.


The data was not recorded on the municipality’s website in an unrecognizable way, according to the Amsterdam broadcaster. Around 10 Amsterdam residents were affected by the leak. Whether the data was misused is unclear. 

Read more on NL Times.