The UK Information Commissioner has agreed to reduce the £500,000 Monetary Penalty Notice (MPN) imposed on the Cabinet Office in 2021 in relation to the New Year Honours data breach to £50,000, which the Cabinet Office has agreed to pay, reflecting our new approach to working more effectively with public authorities. The UK Information Commissioner issued its fine…
Category: Exposure
CT: Brookfield admits ‘blackout pen’ error led to sharing of special education students’ information
Trevor Ballantyne reports: School officials this week acknowledged a failure to properly redact personally identifiable information linked to students receiving special education services from the school district. According to emails obtained by The News-Times, parents accused the district of violating privacy protections laid out under the U.S. Family Education Rights and Privacy Act, or FERPA,…
AstraZeneca password lapse exposed patient data
Here’s today’s example of “No Need to Hack When It’s Leaking.” Zack Whittaker reports: Pharmaceutical giant AstraZeneca has blamed “user error” for leaving a list of credentials online for more than a year that exposed access to sensitive patient data. Mossab Hussein, chief security officer at cybersecurity startup SpiderSilk, told TechCrunch that a developer left the…
Healthcare provider to incarcerated people discloses breach by data security incident by claims processor
Mediko, Inc. has issued a press release concerning an unintended exposure of protected health information by their third-party claims processor, CorrectCare. According to their notice, on July 6, CorrectCare discovered that two file directories on their server had been misconfigured and were exposing files to the public. The investigation subsequently determined that the exposure occurred…
NC: UCPS student information made vulnerable due to insufficient security protections by vendor, superintendent says
WBTV Web Staff and Nick Ochsner report: Private information of students at schools districts and charter schools across the state were left vulnerable by a software misconfiguration by a third-party vendor, Union County Public Schools Superintendent Andrew Houlihan told parents in a letter this week. According to the letter, the misconfiguration came after iLeadr, a company used…
Amazon accidentally exposed an internal server packed with Prime Video viewing habits
Zack Whittaker reports: It feels like every other day another tech startup is caught red-faced spilling reams of data across the internet because of a lapse in security. But even for technology giants like Amazon, it’s easy to make mistakes. Security researcher Anurag Sen found a database packed with Amazon Prime viewing habits stored on an internal Amazon server that…