Earlier this week, Jigsaw Security noted that they had discovered that improper redaction of documents posted on the Virginia Dept of Human Resource Management website was potentially exposing employees’ personal information: A PDF posted by this organization contained information that was obfuscated by blocks but was a layered image so if you edit the document the…
Category: Exposure
Disclosure of patient’s mental health status and treatment results in strong response by Serbia’s Commissioner of Information of Public Importance and Personal Data Protection
Marko Popovic and Bogdan Ivaniševic of BDK Advokati write: In December 2015, a journalist disclosed one patient’s health data in a TV show. The data were related to the patient’s mental health and his treatment in the mental health clinic “Dr Laza Lazarevic”, in Belgrade. The Serbian Commissioner for Information of Public Importance and Personal Data Protection (“Commissioner”)…
Thai justice system hacked by Blink Hacker Group; personal info dumped
It appears that Anonymous is not quite done going after the Thai justice system with its #BoycottThailand campaign. Recent attacks on almost 300 government sites have been in response to the conviction of two migrant workers in the murder of two British backpackers, David Miller and Hannah Witheridge – a conviction that Anonymous finds totally unjust. Not only has Anonymous defaced government sites,…
Ca: Children’s Aid Society exposes sensitive information to a woman’s business partner
The Hamilton Spectator reports on one of those cases that doesn’t affect a lot of people, but has a significant effect for the individual who was affected: The Hamilton Children’s Aid Society is apologizing to a city woman for mistakenly disclosing confidential information about her to her business partner. Ayla Smith, 28, says the breach…
UK: Hospital trust rapped after it lost birth records and sent sensitive medical data to wrong person
Croydon Advertiser reports: Croydon’s hospital trust mistakenly sent a patient’s sensitive medical information to the wrong person. And while being investigated for that data breach, Croydon Health Services NHS Trust “misplaced” its register of births for April 2009 to May 2010 for five months. The Information Commissioner’s Office (ICO) has rapped the trust for the…
AU: Google search puts NSW Medical Council on the wrong side of privacy laws
Paris Cowan reports: A NSW tribunal has ruled that the state’s Medical Council breached privacy laws when it published what it thought was a redacted PDF document on its website, but in doing so revealed the hidden identities of a doctor and her son to Google’s web crawling bot. In April, the NSW Civil and…