VPNMentor reports: Dalil is the biggest phone directory in Saudi Arabia. With more than 5 million downloads, Dalil is the 13th most popular communications app in the Kingdom. For context, this is where Viber and Telegram rank in the US. 96% of its users are in Saudi Arabia; the remainder are in Egypt and other…
Category: Exposure
NZ: Patient documents missing, reportedly lost in ‘a gust of wind’
Joanne Carroll reports: A health board employee is under investigation after “misplacing” hundreds of patients’ medical information – some of which are still missing. The Canterbury and West Coast District Health Board only became aware of what it calls a “potential privacy breach” when a member of the public found some of the documents in…
Dow Jones Risk Screening Watchlist Exposed Publicly in a Major Data Breach
Bob Diachenko reports: On Feb 22 2019, I found a copy of the Dow Jones Watchlist dataset, sitting on a public Elasticsearch cluster 4.4GB in size and available for public access to anyone who knew where to look (hint: any public IoT search engine, such as BinaryEdge). “Used by eight of the world’s ten largest,…
UK: Dumbarton sheriff blasts hospital over medical records mix-up
Lennox Herald reports: A Dumbarton sheriff said a hospital could face legal action after it was revealed the wrong medical records had been sent to assist in a case. Sheriff William Gallacher blasted the actions of the hospital, calling the blunder a “catastrophic breach” of data protection. Solicitors had requested medical records for Mark Kelly,…
Delhi Citizens Data Leak
Bob Diachenko writes: On Feb 19, 2019, I have discovered a MongoDB that required no password. The database was located in an India region which (along with other data) also contained highly sensitive information collected on 458,388 individuals located in Delhi. A 4.1GB-sized database had been indexed by Shodan and was left unattended for public…
UW Medicine notifying 974,000 patients whose information was exposed online in December
The University of Washington Medicine (UW Medicine) is notifying patients after an error exposed protected health information of 974,000 patients online for three weeks in December. UW Medicine includes the University’s medical school as well as Harborview Medical Center, the UW Medical Center, Northwest Hospital and Medical Center, Valley Medical Center and more than two-dozen…