When they discovered more than 42,000 patient records and millions of patient clinical notes exposed on a misconfigured rsync backup, researchers at UpGuard responsibly set out to notify the entity to secure their data. It turned out to be a Herculean task that would take almost two months and multiple entities to get the job…
Category: Exposure
MX: Movimiento Ciudadano fined almost $2 million for 2016 voter list data leak
In 2016, I reported on a leak involving a Mexican voter registration database with details on 93.4 million Mexican voters. The list had been in the possession and control of one of the political parties there, Movimiento Ciudadano, who tried to claim that they were hacked by none other than Chris Vickery, who had discovered their…
SAMBA Federal Employee Benefit Association programming error resulted in mismailed information
From their press release: SAMBA Federal Employee Benefit Association (“SAMBA”) recently learned of an incident that may affect information related to eligible family members of subscribers (“family members”) covered by the SAMBA Federal Employees Health Benefits Plan in 2017. “We take this incident, and member privacy, very seriously,” Walter E. Wilson, SAMBA’s Executive Director stated….
Class action suit vs. CenturyLink and DirecTV alleges customer data can be accessed via internet search
Nat Levy reports: A lawsuit against internet provider CenturyLink and AT&T-owned DirecTV alleges the companies fail to adequately protect personal customer data — to the point that it can be found through a simple internet search. The suit was filed Monday in U.S. District Court in Seattle and seeks class action status. The plaintiff, James Jantos,…
360,000 current and former Pennsylvania teachers notified of breach
So that breach in February affecting Pennsylvania teachers affected approximately 360,000 current and former teachers. A 30-minute exposure leads to so much cost and anxiety. Ouch.
ID: School district reports inadvertent disclosure
This item by Dr. Michael Garrett that appeared in the Clearwater Tribune appears to concern Joint School District #171 in Idaho. At approximately 7:35 a.m. on March 19, a supervisor brought to my attention that an employee had discovered personal employee information on the district website. The information was verified in a payroll report which inadvertently…