A small roundup of incidents from the past 24 hours, including some dark web disclosures Uintah Basin Healthcare notifies patients of data breach discovered in November Uintah Basin Healthcare (“UBH”) in Utah became aware of unusual activity in their network on November 7, 2022. They are first notifying patients who received care at UBH between…
Category: Exposure
Japan’s ubiquitous convenience stores now serving up privacy breaches
Simon Sharwood reports: Japan’s minister for digital transformation and digital reform, Taro Kono, has apologized after a government app breached citizens’ privacy. The app is called the “Certificate Issuing Server” and, as explained by the municipal government of Kodaira City, allows residents to print documents such as certificates that prove they’ve paid taxes. Fujitsu Japan developed and…
Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data
Brian Krebs reports: A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service (USPS) has exposed its internal IT operations and database of nearly 900,000 customers. The leaked records indicate the network’s chief technology officer in Pakistan has been hacked…
U. of Iowa Health Care denies sharing patient data with Facebook, but are they right?
DataBreaches never accused U. of Iowa Health Care of sharing patient data with Facebook, but it seems that someone did. Clark Kaufmann reports: The University of Iowa Hospitals & Clinics is denying that it shares any confidential patient information with Facebook. Last week, lawyers for an Iowa woman, Eileen Yeisley, filed suit against UIHC in…
Court records online include private information for thousands of Missouri residents
Josh Renaud reports: Documents containing Social Security numbers and other private information for thousands of Missourians are accessible to anyone using the Casenet website, the state’s judicial records system, the Post-Dispatch recently discovered. Missouri Supreme Court officials have acknowledged the issue after being alerted by the Post-Dispatch, and they fixed one vulnerability on Casenet. But…
Many Public Salesforce Sites are Leaking Private Data
Brian Krebs reports: A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging…