It seems that the Meta pixel issue that made headlines in the U.S. last June may first be hitting the NHS in the UK. Shanti Das reports: NHS trusts are sharing intimate details about patients’ medical conditions, appointments and treatments with Facebook without consent and despite promising never to do so. An Observer investigation has uncovered a covert tracking…
Category: Exposure
Bits ‘n Pieces (Trozos y Piezas)
CO: SECOP II platform affected by “presumed hacking” The SECOP II platform is a transactional platform with accounts for state entities and contractors used for submitting, evaluating, and awarding contracts. On May 3, La Agencia Nacional de Contratación Pública – Colombia Compra Eficiente reported a cyberattack on its SECOP II platform. The attack was announced…
Indiana University exposes sensitive student data
Jurgita Lapienytė reports: Each year, hundreds of institutions across the US and Canada ask their first-year, transfer, and older students to participate in a survey about their prior academic and co-curricular experiences. They also ask them to share their expectations from the coming year. The survey isn’t anonymous – students are asked to enter their…
Notice relating to Ambulance Victoria privacy breach
May 17, 2023 On Thursday 11 May 2023 Ambulance Victoria (AV) was made aware that documents containing personal information of some current and prospective employees was accessible to other AV employees on the AV intranet. The documents contained the alcohol and other drug testing results of approximately 600 job applicants undertaken between May 2017 and…
Re-Victimization from Police-Auctioned Cell Phones
Brian Krebs writes: Countless smartphones seized in arrests and searches by police forces across the United States are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized, a new study found. In response, the largest online marketplace for items seized in U.S. law…
HHS Office for Civil Rights Settles HIPAA Investigation with Arkansas Business Associate MedEvolve Following Unlawful Disclosure of Protected Health Information on an Unsecured Server for $350,000
As background: this case began with someone finding an unsecured FTP server owned by MedEvolve. He reported it to DataBreaches. This site first reported on the leak in 2018. This site also reported when MedEvolve issued a statement months later, and again two years later when HHS got them to notify patients. Today, the U.S….