KBTX reports: The social security numbers for 4,697 faculty and graduate assistants who taught during the Fall 2014 semester at Texas A&M University were viewable from a department website. The social security numbers were inadvertently displayed along with the individual’s first and last name in the Fall 2014 Semester Teaching Analysis Report (STAR). Upon discovering…
Category: Exposure
Adventures in breach alerts, Saturday edition
If you’re going to misdirect a fax containing personal information, you probably don’t want to misdirect it to a security firm with a blog. SLC Security reports that they received faxes from William Farrell, CPA of Cary, NC containing what appeared to be payroll information. When they tried to contact the firm using the contact email prominently posted on the firm’s…
Vidant Health leaking PHI since at least September – security firm (updated)
SLC Security posted this yesterday: Second Note: Vidant Health – Greenville, NC Just a quick update that we are still seeing issues with Vidant Health which we previous reported. On October 1, 2014, SLC Security had posted: DISCLOSURE: Vidant Medical Center (www.vidanthealth.com) Leaking PHI to include locations, patient names, diagnosis, age, birthdates and identifying features such…
Talos Discovery Spotlight: Hundreds of Thousands of Google Apps Domains’ Private WHOIS Information Disclosed
Nick Biasini, Alex Chiu, Jaeson Schultz, and Craig Williams write: In mid-2013, a problem occurred that slowly began unmasking the hidden registration information for owners’ domains that had opted into WHOIS privacy protection. These domains all appear to be registered via Google App [1], using eNom as a registrar. At the time of writing this…
Data security glitch on Verizon Wireless exposes woman’s personal data
Joe M. Douglass reports: …Tomi told Joe she lost her phone last summer after her husband passed away in a motorcycle accident. She says she decided to give up her old phone number and ended up using her late husband’s phone instead. Last week, Tomi says three of her family members got strange, nonsensical text…
Saintly mix-up results in breach notification for Providence Health & Services
Providence Health & Services is notifying some of their patients that their data were exposed after an error concerning the name of the facility where they were treated: We are writing to you about the disclosure of your medical billing information to one of our business partners. On February 18, 2015, Providence St. Joseph Medical…