Exposure

Government data breach exposes Afghans to more danger

Evan Dyer reports: The names of several hundred vulnerable Afghans seeking refuge from the Taliban were recently leaked in emails sent in error by Immigration, Refugees and Citizenship Canada (IRCC), CBC News has learned. The Afghans in question fear reprisals from the Taliban, who took over the country in August. Some are in hiding...

Data breach leads to £10k fine for Scottish charity

Graham Martin reports: A prominent Scottish charity has been fined £10,000 for a data protection breach. The action was taken after HIV Scotland sent out an email containing the personal details of dozens of people. The breach involved an email to 105 people, including patient advocates representing people living in Scotland with HIV. Read...

Ohio State University email gaffe creates a FERPA breach

An email gaffe due to not using bcc: instead of cc: or TO:  revealed almost 400 Ohio State University students’ disability status to other students.  Read the story on The Lantern. Note that this is a FERPA issue, and there really is no requirement for breach notification to those impacted, but the unintended disclosure...

UK: Schools email marketing company told us to go away when we told them of exposed database creds, say infoseccers

Gareth Corfield reports: An email marketing company claiming to hold details on a million UK teachers and school admin personnel was potentially exposing those to the public internet thanks to a misconfigured error page on its website. Not only that, but the Schools Marketing Company (SMC) seemingly dismissed the findings of the infosec company...

Informed of a data leak in July, Brazilian integrator platform continued to expose more than 1.75 billion files

Updated at 11:11 am:  DataBreaches.net has been informed the data have been secured. Remember when the Brazilian government complained about Raid Forums for posting so many leaks and data dumps from Brazil?  If this one ever shows up on Raid Forums, they will probably go nuts. Safety Detectives reports: The Safety Detectives cybersecurity team, led by Anurag...

Missouri Teachers’ Social Security numbers at risk on state agency’s website; state’s response is to shoot the messenger?

Josh Renaud reports: The Social Security numbers of school teachers, administrators and counselors across Missouri were vulnerable to public exposure due to flaws on a website maintained by the state’s Department of Elementary and Secondary Education. The Post-Dispatch discovered the vulnerability in a web application that allowed the public to search teacher certifications and...

350 Qld border-pass applicants caught in police privacy breach

Matt Dennien reports: The Queensland Police Service has again been caught up in a privacy breach, this time involving the email addresses of more than 350 people – including AFP, Defence and Queensland Health staff –trying to return to Queensland. Read more on The Age. So after telling recipients to keep the invitation hush-hush,...