Jan 122019

Updated January 15: Locsin subsequently clarified his claim and said that no data had been removed or stolen, but had been made inaccessible. See this report.

Original post:

Katrina Domingo reports:

MANILA – Some Filipinos renewing their passports may have to present their birth certificates as an additional requirement after a passport production contractor the government had terminated “made off with data,” Foreign Affairs Secretary Teodoro Locsin Jr. has said.

The Department of Foreign Affairs needs to “rebuild” its database for passports issued before 2010 because a “previous outsourced passport maker took all the data when contract terminated,” Locsin said in a tweet on Jan. 9

Read more on ABS-CBN.

Jan 102019

Lucie Edwardson reports:

The United Conservative Party‘s privacy policies are being questioned after a party laptop was stolen out of an employee’s car in a parkade.

The laptop contains the names, addresses and contact information of 40,000 UCP members.

Experts say the language used in the memo to inform members was confusing and didn’t answer important questions.

“This is clearly a matter that the party needs to improve their information protection practices,” said Sharon Polsky, president of the Privacy and Access Council of Canada, adding the party will have to regain public trust.

Read more on CBC.

I don’t see where there’s a serious risk of identity theft here. We’re talking about names, addresses, and contact info. That could be a phone book. Or a phone book with email addresses.  Either way, it’s not like SIN with DOB and additional details.

That said, there is no reason that the whole drive wasn’t encrypted when the laptop was off. And if it wasn’t encrypted, why on earth was it left in an unattended vehicle? Yes, people should be asking the UCP specific questions about the training and policies they give employees. But who’s going to require them to answer those questions?  No one?

Jan 102019

AP reports:

Belgian authorities said Wednesday that they have arrested a man who served jail time on terrorism charges over the theft of a computer hard drive containing autopsy reports about the victims of the suicide bombings in Brussels in 2016.

Brussels prosecutor’s office spokesman Denis Goeman said the man, identified only by the initials I. K. and born in 1991, is suspected of stealing the hard drive and other items from a forensic doctor’s office at the city’s main justice offices last week.

Belgian media, quoting unnamed justice sources, said the suspect is Illiass Khayari and that he was sentenced to five years in prison on terror charges in 2016 but only served about half his term.

Read more on Herald-Whig.  It’s not clear from the report why someone convicted on terrorism charges would be released after less than 3 years.  Nor is it clear, it seems, that his intention in allegedly stealing the drive was to obtain the autopsy reports on it.

Jan 052019

Their press release of December 14:

Ben-Ora, Hansen & Vanesian Imaging, Ltd. d/b/a Solis Mammography (“Solis”) is committed to protecting the confidentiality and security of our patients’ information. Regrettably, this noticeconcerns an incident that involved some of that information.

On October 17, 2018, we learned that a Solis computer had been stolen from our Phoenix location and was in the possession of an unauthorized individual. We immediately began an investigation, including hiring a leading forensic firm to assist, and reported the theft to law enforcement. Our investigation determined that some patient information may have been contained on the computer. Because we are unable to locate the computer, we cannot confirm the specific patient information that may have been stored on it. The computer is believed to contain information pertaining to approximately 500 patients. This information may have included the patients’ names, dates of birth, insurance information, laboratory results, imaging, and other items. No financial information is believed to be on the computer. We are working with law enforcement, but the computer has not been located to date.

We have no indication that any patient information has been misused in any way. However, out of an abundance of caution, with this notice, we are advising our patients of the incident. We also want to assure our patients that we take this very seriously. We recommend that our patients review statements they receive from their health insurers and healthcare providers. If they see services they did not receive, contact the health insurer or provider immediately. If you believe you are affected or have questions regarding the incident, please call toll-free 1-877-698-3691, Monday through Friday, between 6:00 a.m. and 6:00 p.m., Arizona time.

We deeply regret any inconvenience or concern this incident may cause our patients. To help prevent something like this from happening in the future, we are implementing strong access controls and developing new procedures governing the secure disposal of information.

It’s not clear to me how their post-incident steps would have prevented a laptop theft, and I have written to them to seek more clarification. This post will be updated when I get a response.

Dec 292018

Dave Bartkowiak Jr. reports:

 Blue Cross Blue Shield of Michigan announced Friday that the personal data of nearly 15,000 of Medicare Advantage members may have been compromised after an employee’s laptop computer was stolen in October. 

Blue Cross said it was notified on Nov. 12, 2018 by COBX, a subsidiary company vendor serving Medicare Advantage business for them, that an employee’s work laptop was stolen on Oct. 26, 2018. Although the laptop was encrypted and password-protected, the employee’s access credentials may have been potentially compromised, Blue Cross said.

Read more on ClickOnDetroit.