Posts in the Exposure Category at DataBreaches.net

WeTransfer Security Incident Sent Files to the Wrong People

Posted by Dissent at 8:24 am Business Sector, Exposure, Other

Jun 222019

Lawrence Abrams reports:

In an embarrassing security incident, the WeTransfer file sharing service announced that for two days it was sending it’s users shared files to the wrong people. As this service is used to transfer what are considered private, and potentially sensitive files, this could be a big privacy issue for affected users.

Starting today, users began to receive emails from WeTransfer [1, 2, 3] stating that on June 16th and 17th, files sent using the WeTransfer service were also delivered to people that they were not meant to go to.

The email goes on to say that the team doesn’t know what happened and that they are working to contain the situation.

Insurance company AIA fined $10,000 by PDPC for personal data breach

Posted by Dissent at 10:06 am Business Sector, Commentaries and Analyses, Exposure, Non-U.S., Paper

Jun 212019

Lester Wong reports from Singapore:

Insurance company AIA was fined $10,000 by the Personal Data Protection Commission (PDPC) for mistakenly sending 245 letters meant for various customers to just two people due to a programming error in its software system that auto-generates the letters.

The bulk of the letters (237) were premium notice letters for the company’s Integrated Shield Plan, and contained full names and policy numbers of the intended recipients, as well as premium amounts and due dates.

The letters were sent out between Dec 28, 2017, and Jan 2 last year, with 179 sent to the first recipient and 66 to the second one.

Read more on The Straits Times. That seems like a steep penalty for that kind of error. How many mismailings have we seen in this country that never resulted in any fines at all?

Email gaffes are still a thing. Why? HIV patients hit by NHS Highland email privacy breach

Posted by Dissent at 10:23 am Exposure, Health Data, Non-U.S.

Jun 192019

BBC reports:

The email addresses of almost 40 people who have HIV have been made public by mistake.

It is understood the 37 patients in the Highlands were able to see their own and the others people’s addresses in an email from NHS Highland.

Parliament chiefs investigate claims its website was hacked amid fears of confidential data breach

Posted by Dissent at 9:15 am Exposure, Government Sector, Non-U.S.

Jun 182019

Matt Dathan reports:

The site containing bills currently before Parliament was showing private folders not meant for publication.

One Twitter user said they had found passwords had leaked online too.

A Parliamentary spokesman said it was looking into the reports but said it had not found any evidence that confidential parliamentary data had been breached.

Thousands of medical injury claim records exposed by ad agency

Posted by Dissent at 8:37 am Business Sector, Commentaries and Analyses, Exposure, Health Data, U.S.

Jun 182019

Zack Whittaker reports:

An internet advertising company specializing in helping law firms sign up potential clients has exposed close to 150,000 records from a database that was left unsecured.

The database contained submissions as part of a lead-generation effort by X Social Media, a Florida-based ad firm that largely uses Facebook to advertise various campaigns for its law firm customers.

Read more on TechCrunch. It’s another could-have-awful-consequences exposure situation. And not surprisingly, the researchers who found it throw in references to HIPAA, although further down in their report, they acknowledge that x Social Media is not covered by HIPAA.

Throwing in references to HIPAA doesn’t help if HIPAA doesn’t apply — even though the public may want the standards of security and privacy to be upheld in the business sector. What would have been more on point for vpnMentor to mention would be any privacy policy for x Social Media or assurances about data security that may have been violated.

Think FTC, not HHS, folks.

Older Entries