Jacquie Miller reports: The owner of a medical marijuana dispensary in Gloucester has apologized after emails were accidentally sent to 24 patients that revealed the names and addresses of all the store’s customers. “Some people were obviously upset, for good reason,” said Charlie Cloutier, owner of Greenworks Medicinal on Canotek Road. Staff phoned all the…
Category: Exposure
Equifax Was Warned
Last year, a security researcher alerted Equifax that anyone could have stolen the personal data of all Americans. The company failed to heed the warning. Great reporting by Lorenzo Franceschi-Bicchierai on Motherboard. Go read it all.
Whois Maintainer Accidentally Makes Password Hashes Available For Download
Tom Spring reports: The regional internet registrar that administers IP addresses for the Asia Pacific region accidentally leaked Whois database data, including hashed passwords, forcing it to reset all passwords for objects in its Whois database. According to Asia Pacific Network Information Center (APNIC), the organization that maintains domains for the region, it experienced a…
Cosmetics Brand Tarte Exposed Personal Information About Nearly 2 Million Customers
Kate Conger and Dell Cameron report: Tarte Cosmetics, a cruelty-free cosmetics brand carried by major retailers like Sephora and Ulta, exposed the personal information of nearly two million customers in two unsecured online databases. The databases were publicly accessible and included customer names, email addresses, mailing addresses, and the last four digits of credit card…
UK: University of East Anglia not punished over data breach
BBC reports: A university that mistakenly emailed sensitive personal information about students to hundreds of undergraduates will face no further action. Details of health problems, family bereavements and personal issues were sent by the University of East Anglia (UEA) in Norwich to 298 students. The Information Commissioner’s Office said no regulatory action was needed. Read…
Cloudy with a chance of PHI leaks
Maybe we should do this one as a “write your own headline” exercise. Earlier this week, Kromtech Security reported that they had uncovered yet another improperly secured AWS S3 bucket that was exposing protected health information. The company that was responsible for the collection of the home monitoring data, Patient Home Monitoring, was exposing what…