Emily Tate reports that a vendor in the higher education space exposed more than 1 million potential college applicants’ information due to a misconfigured rsync backup: The data — which included names, phone numbers, email addresses, home addresses, high school graduation years and, in a few cases, dates of birth and Social Security numbers —…
Category: Exposure
Nova Scotia government portal reportedly breached; under investigation
CBC News in Canada reports: Halifax police have detained a person after a breach of the Nova Scotia government’s freedom-of-information website that included access to personal information. More than 7,000 documents were accessed. About four per cent were determined to have “highly sensitive personal information,” according to government officials. They said the number of Nova Scotians affected is “in…
Mistake in Some Google Groups Permissions Left Sensitive Info Accessible to Boston College community
Steven Everett and Connor Murphy report: Until December 2017, Google Groups containing hundreds of University communications and associated documents with restricted, confidential, or otherwise sensitive information had misconfigured permission settings such that anyone who could access the Boston College G Suite—known formally as Google Apps—could view them, a Heights investigation found. The Heights notified the…
Former California State Contractor Sued Over Breach Of HIV Patient Privacy
Anna Gorman reports: A security breach by a private company that contracted with California’s public health department inadvertently allowed unauthorized access to the HIV status of 93 people, according to a lawsuit filed this week in San Francisco County Superior Court. New York-based nonprofit Lambda Legal filed the lawsuit against the contractor, A.J. Boggs &…
DriveHer, ride-sharing app for women, suspends service after data breach exposes personal information
Jaren Kerr reports: The owner of a ride-sharing app created to increase safety and security for women drivers and riders has suspended its services after learning that its user data was vulnerable to a breach. DriveHer, which launched in Toronto in March and has more than 1,000 downloads, was created to both empower women and…
Virtua Medical Group Agrees to Pay Nearly $418,000, Tighten Data Security to Settle Allegations of Privacy Lapses Concerning Medical Treatment Files of Patients
There’s a follow-up to a breach previously reported on this site in 2016 in which a transcription vendor’s error resulted in the exposure of some Virtua Medical Group’s patients’ protected health information on the internet. It appears that New Jersey has settled charges against VMG over the incident. Of note, the charges are that the VMG…