James Walker reports on an incident, which while unfortunate, provides us with an example of prompt incident response and thanking the researcher instead of shooting the messenger: A vulnerability in the website of Inventory Hive, a property inventory service, was leaking members’ personal information, including their name and address, along with internal and external property…
Category: Exposure
UK: Babylon Health data breach: GP app users able to see other people’s consultations
The Guardian reports: Babylon Health has suffered a data breach involving confidential patient information, with users of its GP video consultation app allowed to see other patients’ appointments. The breach emerged when one of its users discovered they had access to video recordings of other patients’ consultations. Read more on The Guardian, although some of…
Months later, KeepNet issues a statement about leak discovered by researcher
Back in March, Security Discovery reported a leak involving KeepNet. This site had picked up that reporting and linked to it. Shortly thereafter I was contacted by KeepNet. Based on their statement and the fact that Security Discovery revised their own report, this site deleted KeepNet’s name from the reporting and simply linked to Security…
Bug in Whatsapp, phone number of crores of users leaks
Harshita Jain reports: If you use WhatsApp for messaging, then this news is for you. The bug has been found on WhatsApp’s platform, due to which phone numbers of crores of users have been published on Google. This information was obtained from the official blog post of Cyber Company security expert Atul Jayaram. According to…
Details of COVID-19 patients leaked in Tiruvarur, patient gets calls from strangers
Megha Kaveri reports: In a shocking instance of breach of privacy, names, addresses and contact numbers of at least two COVID-19 patients who are currently being treated at the Thiruvarur Medical College and Hospital were circulated on social media apps. One of the patients has been receiving calls from strangers inquiring about his well-being, this…
Chile: CPLT announces breach of sensitive patient data in health industry
The Chilean Transparency Council (‘CPLT’) announced, on 1 June 2020, that following an audit of 12,000 purchase orders made by 86 organisations in the health sector, the CPLT found that 12 purchase orders by hospitals and six by health services were made which revealed the sensitive personal data of patients. Read more on OneTrust Data…