Marianne Kolbasuk McGee reports: Tens of thousands of documents containing personal information of special education students within New York City’s public school system were held in an unsecured database exposed to the internet. Researcher Jeremiah Fowler of security services firm Security Discovery told Information Security Media Group he found the unsecured database in mid-February and…
Category: Exposure
Bits ‘n Pieces (Trozos y Piezas)
ES: HLA Grupo Hospitalario data listed for sale after web server misconfiguration On March 14, a forum user on BreachForums listed data from the HLA Grupo Hospitalario in Spain for sale. The listing advertised 45,000 patient records and information on 1,600 doctors, with samples provided of each. HLA Grupo Hospitalario is owned by Asisa, which…
Lawsuit: Cop pulled over driver for TikTok livestream—and shared driver’s ID
Ashley Belanger reports: A Dallas County Sheriff’s Department deputy, Francisco Castillo, was briefly suspended after livestreaming a traffic stop, allegedly just to gain TikTok clout, in 2021. Now, the Texas motorist that he pulled over, Torry Osby, is suing, saying that the deputy exposed Osby to risks of identity theft and break-ins at his home by…
UNC data leak exposes more than 1,000 Social Security numbers
WRAL reports: A data leak at the University of North Carolina at Chapel Hill has exposed more than 1,000 Social Security numbers. The university said human error played a role in tax forms that were sent to the wrong people. The leak happened in late January. It included names, addresses, Social Security numbers and tax…
The Chautauqua Center notifies patients of breach; changes EMR provider
The Chautauqua Center (TCC) in New York has disclosed a HIPAA breach by a business associate. The business associate’s error resulted in the protected health information of 747 physical and occupational therapy patients being made accessible to other covered entities. According to their notification letter to those affected, the breach occurred on December 22nd at…
Sentara Health notifying 741 patients after mistake by Coronis Health employee
In a refreshingly straightforward breach disclosure, Sentara Health in Virginia reports that on December 19, an anonymous individual called their Compliance Hotline to alert them that while searching for something online, the called had stumbled across an exposed file with patients’ Medicare billing information. Sentara quickly verified the caller’s report and determined that the file…