Nico Grant reports: DNA-testing service Vitagene Inc. left thousands of client health reports exposed online for years, the kind of incident that privacy advocates have warned about as gene testing has become increasingly popular. More than 3,000 user files remained accessible to the public on Amazon Web Services cloud-computer servers until July 1, when Vitagene…
Category: Exposure
Unsecured databases leak 90 million records of people and businesses in China
Dev Kundaliya reports: Two databases lying unprotected on the internet leaked records of more than 90 million people and businesses in China last week, a security researcher has claimed. The databases belonged to the Jiangsu Provincial Public Security Department in China and contained more than 26GB of data. In total, they contained 58,364,777 citizen records…
UK: Security Medway Council reforms eforms to stop blurting out residents’ details
Jude Karabus reports: Medway council in Kent has corked a hole in its website that spat out residents’ names, mailing addresses, phone numbers and email addresses after a Reg reader got in touch to complain. The breach appeared courtesy of some of Medway Council’s electronic forms. The council’s eforms were conceived during a collaboration of…
SG: Spize fined S$20,000 after more than 100 customers’ personal data leaked
Food and beverage outlet operator Spize has been fined S$20,000 after the personal data of about 150 customers was disclosed on its online ordering portal in 2017. In the grounds of decision dated Thursday (Jul 4), which was published on the Personal Data Protection Commission (PDPC) website, the PDPC received a complaint on Aug 12,…
Telangana website leaking sensitive data of pensioners; official says it won’t be fixed until July 31
Soumyarendra Barik reports something that is somewhat… “mind-boggling:” Sensitive information, including bank account numbers, PAN numbers, PPO (pension payment order) IDs, tax-deductions and pension amounts of retired state government employees is being leaked on the Directorate of Treasuries and Accounts (DoTA) website, according to a New Indian Express report. Director of Treasuries and Accounts KSRC…
MYOB in payslip privacy bungle
Ry Crozier reports: Imagine what would happen if you went to open your emailed group certificate and found out it was your boss’ or a colleague’s instead. That’s the rather awkward situation some customers of MYOB could be facing after its automated payroll program accidentally emailed 220 individual payment summaries to the wrong people. Read…