Mar 102019
 

Today’s reminder that some “human error” breaches can put lives at risk. Alex Horton reports:

Army officials inadvertently disclosed sensitive information about hundreds of immigrant recruits from nations such as China and Russia, in a breach that could aid hostile governments in persecuting them or their families, a lawmaker and former U.S. officials said.

A spreadsheet intended for internal coordination among recruiters was accidentally emailed to recruits and contained names, Social Security numbers and enlistment dates. The list was sent out inadvertently at least three times between July 2017 and January 2018.

Read more on Washington Post.

And yes, the Army made a statement that included the all-too-predictable claim that they take privacy seriously, etc. etc.

Mar 102019
 

Emma Spears reports:

Reports are surfacing that Canadian licensed producer RedeCan is facing a privacy breach after a mass email to patients revealed their personal information to other patients.  Although officials from RedeCan have not commented publicly, an email from the LP to a patient impacted by the breach indicates the company has self-reported the breach to the Privacy Commissioner of Canada.

Read more on GrowthOp.

You can read the thread on Reddit here. It contains the text of the email and a statement from a patient who received it that it had 115 other patients’ names in the cc: field.

Mar 102019
 

Scott O’Connell reports:

Teachers and School Committee members are looking for answers from the School Department in the wake of the district’s release of personal information for thousands of school employees to a testing company last year.

According to Worcester Superintendent Maureen Binienda, the district’s IT department opted to use the last four digits of employees’ Social Security numbers as a password for their entry to a portal run by a testing company called Renaissance, which the Worcester schools began contracting with last year. The rationale, she said, was that it would be an easy password for employees to remember when they signed on.

D’oh?

Read more on Telegram.

Mar 102019
 

CBC News reports:

Personal information including names, student numbers, addresses and banking information of some University of Waterloo students was accidentally sent to a mailing list of 2,000 students, the school says.

The emails went out Wednesday evening. Of the emails sent to the mailing list, 15 contained some private information like names and student numbers, Matthew Grant, the university’s director of media relations, told CBC Kitchener-Waterloo in an interview.

Read more on CBC News.