Pasquale Turbide reports: Officials at Sainte-Justine Hospital are working to resolve a privacy breach after a pediatrician leaked confidential documents to a media outlet before taking his own life. According to Radio-Canada, Dr. Alain Sirard sent a USB key last December to Québécor that contained confidential documents, such as excerpts of medical files and reports…
Category: Exposure
Affiliates able to access databases of ALL Hello Markets brands and CRM data in massive security breach
Andrew Saks-McLeod reports: When providing white label solutions to brands, as is the case of a number of smaller retail FX brokerages that either do not have the resources or the business direction to invest in their own servers and infrastructure, as well as the entire OTC binary options business, the security of data is…
Ball State U. sends ‘accidental email,’ violates FERPA
Oops. The Ball State Daily reports: An email sent out on Tuesday did more than just inform students about their academic status. Students who earned a GPA below 2.0 were notified in December about their academic progress, and on Jan. 10, another email was intended to inform students about ways to improve their GPAs. But…
Taipei employees’ financial data leaked
Sean Lin reports: An information security breach led to financial data concerning at least 2,000 Taipei City Government employees being leaked on Tuesday night, with city officials ascribing the incident to outdated and vulnerable data management software. The information, which was leaked to Yahoo Taiwan’s search engine, included the names, pay grades, salaries and bank…
Canadian plastic surgery center and spa were leaking patient files
Dr. M.W. Elmaraghy, a Canadian plastic surgeon, owns SpaSurgica, an outpatient plastic surgery clinic in Waterloo. He also owns Rejuvenate Medical Spa, which is at the same location as SpaSurgica. On December 27, Bob Diachenko of the MacKeeper Security Research team contacted DataBreaches.net to say they had discovered patient data from those two entities was exposed and that anyone could…
Hello Kitty Database of 3.3 Million Users Surfaces
Tom Spring reports: A cache of data including 3.3 million user credentials belonging to Hello Kitty parent company Sanrio surfaced over the weekend. The breach was originally reported in December 2015, but at the time Sanrio denied any data was stolen as part of the breach. The breach was tied to a misconfigured MongoDB installation that…