Zack Whittaker reports: A bug in T-Mobile’s website let anyone access the personal account details of any customer with just their cell phone number. The flaw, since fixed, could have been exploited by anyone who knew where to look — a little-known T-Mobile subdomain that staff use as a customer care portal to access the…
Category: Exposure
Insurance startup leaks sensitive customer health data
Zack Whittaker reports: A software startup that provides independent insurance brokers with customer management software has exposed highly sensitive information on thousands of insurance policy holders. A vast cache of data was stored on Amazon S3 storage bucket by AgentRun, a Chicago, Ill.-based company founded in 2012 by Andrew Lech, a former independent insurance broker….
D.C. government data breach exposed nurses’ Social Security numbers
Fenit Nirappil reports: The D.C. Department of Health has warned hundreds of nurses that their personal information was inadvertently exposed in the online licensing portal and is offering them one year of credit-monitoring services. A nurse navigating the nursing board’s online portal somehow ended up on a nonpublic portion of a database that included the…
Brit doctors surgery fined £35k for leaving medical records just lying around for more than 18 months
Paul Kunert reports: Bayswater Medical Centre (BMC) in London is licking its wounds after taking a not insignificant punch to the wallet for discarding highly sensitive medical information in an empty building for a year and a half. The Information Commissioner’s Office (ICO) said today the data included medical records, prescriptions and patient identifiable medicine….
SimplyWell (Viverae) notifying Lincoln Electric System employees of of personal health info breach
It’s been a while since I’ve noticed a third-party breach of a wellness vendor, but here we go, it seems. SimplyWell (“Viverae”) works with Healthbreak, who provides wellness services to the firm in question. SimplyWell, Inc. (“SimplyWell”) recently discovered a data privacy incident that may affect the privacy of certain Lincoln Electric System (“LES”) employees’…
Another data breach for South Africa – 934,000 passwords and IDs exposed
IOL reports: Another major leak has surfaced for South Africans. A database containing sensitive personal data that came from a traffic fine platform has been leaked online, according to security researcher Troy Hunt and iAfrikan Digital founder Tefo Mohapi. The information contained in this leak includes names, ID numbers, e-mail addresses, and passwords stored in plain text from…