Here’s another case where there’s a long gap between discovery of an incident and notification to individuals. The Oklahoma Department of Securities had an incident that began Nov. 29, 2018. It was discovered December 11, 2018. On January 16, 2019, the agency issued a statement saying: The Oklahoma Department of Securities (ODS) has initiated a…
Category: Exposure
Personal and health insurance information of most of Panama’s citizenry found in unsecured database
Bob Diachenko reports that he found an unprotected and publicly available Elasticsearch cluster containing what appears to be 3,427,396 records of Panamanian citizens. According to Diachenko, each record in tables labeled “patient” contained the following info: full name date of birth national ID number (cedula) medical insurance number (poliza seguro medico) phone email address other…
Charnwood Borough Council data breach sees residents’ personal details published online
Dan Martin reports: A council has apologised after publishing residents’ personal details online by mistake. Officials at Charnwood Borough Council failed to remove from a document names, addresses, phone numbers and email addresses of people who responded to a survey on levels of council tax to be levied on empty homes before uploading it to…
Independent Health mistakenly emailed information on 7,600 members
Tracey Drury reports: Protected health information on more than 7,600 Independent Health members was accidentally emailed to a member in March, a breach that violates federal privacy laws. The Amherst-based health plan told members that an employee inadvertently emailed documents containing their information on March 19 to an unauthorized recipient who happened to be an…
TX: UMC Physicians Notifies Patients of Compromised Patient Data
Press Release: UMC Physicians (UMCP) is educating employees on approved cloud storage solutions and notifying patients of an incident that may have compromised the privacy of protected health information held by their clinic: UMC Southwest Gastroenterology. UMCP has no evidence of actual or attempted misuse of personal information at this time. On March 12, 2019,…
UK: More than 2,000 motorists had private info exposed by DVLA after driving licences and passports were sent to the WRONG addresses
Dan Elsom reports: MORE than 2,000 drivers had confidential details exposed by the Driver and Vehicle Licensing Agency after important documents were sent to the wrong addresses. The DVLA reported 439 data breaches over a 10-month period, according to a BBC Freedom of Information investigation. Read more on The Sun.