Allie Coyne reports: The Australian Red Cross Blood Service and its website contractor have escaped penalties from the country’s privacy watchdog over a 2016 data breach that exposed the data of 550,000 donors. In late October last year the Blood Service revealed its website partner Precedent had inadvertently exposed a 1.74GB database backup containing 1.28 million…
Category: Exposure
AU: Sensitive details of vulnerable children in care released in department bungle
Nino Bucci reports: The personal details of children in care, including whether they were sexually active, was accidentally sent to the mother of one of the children in a troubling information breach. A spreadsheet was emailed to the mother outlining the name, birthdate, location, and specific concerns and alerts relating to all children in the…
Data Breach as Office 365 Admin Center Displays Usage Data from Other Tenants
Tony Redmond reports: The danger of making mistakes when changing cloud systems that run at massive scale was demonstrated on Thursday evening (August 3) when the Office 365 Admin Center suddenly started to reveal usage data belonging to other tenants. Reports flooded in from administrators who noticed that the reported email and SharePoint usage for…
Personal Info of 650,000 Voters Discovered on Poll Machine Sold on Ebay
Kevin Collier reports: When 650 thousand Tennesseans voted in the Memphis area, they probably didn’t expect their personal information would eventually be picked apart at a hacker conference at Caesars Palace Las Vegas. […] But hackers given access to an ExpressPoll-5000 electronic poll book—the kind of device used to check in voters on Election Day—have…
NHS staff personal data leaked in latest data breach
Nick Ismail reports: The details of hundreds of junior doctors has been mistakenly published online by an NHS trust, according to the Health Service Journal. In wake of this news – an instance of another data protection failure – Phil Codd, managing director Ireland & UKI Regional Director at SQS Group, is calling for the NHS…
CNIL Fines Rental Car Company for Data Security Failure Attributable to Third-Party Service Provider
Hunton & Williams explain: On July 27, 2017, the French Data Protection Authority (“CNIL”) imposed a fine of €40,000 on a French affiliate of the rental car company, The Hertz Corporation, for failure to ensure the security of website users’ personal data. On October 15, 2016, the CNIL was informed of the existence of a…