Kat Hall reports: HMRC is spewing job applicants’ email addresses to potential rivals in mass circular responses it has blamed on “a technical glitch”. A reader got in touch to report their email address had been circulated to all other applicants in three instances. In an email seen by The Reg, the reader’s address was included…
Category: Exposure
UK: WHSmith “bug” spams confidential customer details from “contact us” form
James Temperton reports: WHSmith‘s website has randomly sent out hundreds of private emails to people on its mailing list. The issue appears to come from a broken “contact us” form, with anything customers send through the form being erroneously sent to hundreds of WHSmith’s customers. Details included in the emails include real names, phone numbers,…
UK: London clinic accidentally exposes HIV status of 780 patients
Joseph Patrick McCormick reports that 780 patients at the 56 Dean Street sexual health clinic in London had their names, HIV status, and contact details exposed to one another. The breach occurred when an employee sent out an email newsletter but put the mailing list in the “To:” field instead of the “bcc” field. The clinic…
Ca: Limestone District School Board concludes breach investigation
CKWS reports: In February the Limestone District School Board launched an investigation after thousands of documents containing personal information including social insurance numbers, addresses, banking and beneficiary information was discovered by a student using a computer at a local school. The records involved both past and present staff dating back to 2001, some 5 thousand people…
Backblaze Faces Class Action Over Unencrypted Hard Drives
Tamara Burns reports: Backblaze Inc., a company specializing in computer data backup and recovery, is the subject of a proposed class action lawsuit filed last Friday. The class action lawsuit alleges Backblaze puts private customer data at risk by shipping them unencrypted external storage drives. [….] Plaintiff Scott Hellervik takes issue with Backblaze’s procedures for…
Minnesota blames faulty web portal for breach of 18 residents’ driver’s license information
AP reports: Minnesota officials say driver’s license data on 18 residents was accessed after a password-protected portal was inadvertently opened online. The Department of Public Safety said Monday the breach happened when a server update accidentally removed the authentication process to access the state’s driver’s license database. Two individuals used the portal 55 times between…