Amy Farnworth reports: Lancashire County Council has referred itself to the Information Commissioner’s Office following a data breach involving its new HR and finance system. At this point there is no evidence that personal data has been publicly available, only that this information has been visible to internal users should someone want to find it….
Category: Exposure
Data Breach Reported At Mount Pleasant Central School District
Ben Crnic reports: A data breach may have exposed information related to some students at a school district in Northern Westchester. The breach was announced by Mount Pleasant Central School District Superintendent Peter Giarrizzo on Friday, Feb. 17, who said that several student email passwords may have been compromised by the incident. After the data breach…
FL: Brooks Rehabilitation notifies patients of pixel tracking breach
On January 30, Brooks Rehabilitation (“Brooks”) in Florida disclosed that in December, they discovered tracking technology vendors that provide services to Brooks were able to view/access individually identifiable health information (IIHI) provided when a website user provided contact information or feedback via a Brooks website. The data transmitted could have included information such as name;…
Indian social media app Slick exposed childrens’ user data
Jagmeet Singh reports: Emerging Indian social media app Slick left an internal database containing users’ personal information, including data of school-going children, publicly exposed to the internet for months. Since at least December 11, a database containing full names, mobile numbers, dates of birth, and profile pictures of Slick users was left online without a password. Read…
Penang government data leaked online
Predeep Nambiar reports: Over 600,000 “rows of private data” from the Penang government’s official website have allegedly been stolen and uploaded onto the internet. The data was uploaded to a forum known as BreachForums by a user with the handle “LeakBase” on Jan 18, who said it was available for download. Read more at Free…
The Center for Autism and Related Disorders notifies patients after vendor’s error caused HIPAA breach
The Center for Autism and Related Disorders (“CARD”) has locations throughout the U.S. On January 24, it experienced a reportable breach when “as part of a recent update to its patient billing systems, the third-party vendor responsible for generating patient invoices incorrectly made a computer error which resulted in certain caregivers receiving an invoice for…