Joanne Carroll reports: A health board employee is under investigation after “misplacing” hundreds of patients’ medical information – some of which are still missing. The Canterbury and West Coast District Health Board only became aware of what it calls a “potential privacy breach” when a member of the public found some of the documents in…
Category: Exposure
Dow Jones Risk Screening Watchlist Exposed Publicly in a Major Data Breach
Bob Diachenko reports: On Feb 22 2019, I found a copy of the Dow Jones Watchlist dataset, sitting on a public Elasticsearch cluster 4.4GB in size and available for public access to anyone who knew where to look (hint: any public IoT search engine, such as BinaryEdge). “Used by eight of the world’s ten largest,…
UK: Dumbarton sheriff blasts hospital over medical records mix-up
Lennox Herald reports: A Dumbarton sheriff said a hospital could face legal action after it was revealed the wrong medical records had been sent to assist in a case. Sheriff William Gallacher blasted the actions of the hospital, calling the blunder a “catastrophic breach” of data protection. Solicitors had requested medical records for Mark Kelly,…
Delhi Citizens Data Leak
Bob Diachenko writes: On Feb 19, 2019, I have discovered a MongoDB that required no password. The database was located in an India region which (along with other data) also contained highly sensitive information collected on 458,388 individuals located in Delhi. A 4.1GB-sized database had been indexed by Shodan and was left unattended for public…
UW Medicine notifying 974,000 patients whose information was exposed online in December
The University of Washington Medicine (UW Medicine) is notifying patients after an error exposed protected health information of 974,000 patients online for three weeks in December. UW Medicine includes the University’s medical school as well as Harborview Medical Center, the UW Medical Center, Northwest Hospital and Medical Center, Valley Medical Center and more than two-dozen…
India’s state gas company leaks millions of Aadhaar numbers
Zack Whittaker reports: Another security lapse has exposed millions of Aadhaar numbers. This time, India’s state-owned gas company Indane left exposed a part of its website for dealers and distributors, even though it’s only supposed to be accessible with a valid username and password. But the part of the site was indexed in Google, allowing…