Grace Chng reports: Personal information is still being improperly collected, used and disposed of, even though there is a new law to protect personal data. Seventy organisations – especially those in retail, healthcare and property – are under investigation following complaints that they used e-mail addresses and other personal information for marketing purposes or collected…
Category: Exposure
Texas A&M Data Breach of Nearly 4,700 Faculty & Graduate Assistants
KBTX reports: The social security numbers for 4,697 faculty and graduate assistants who taught during the Fall 2014 semester at Texas A&M University were viewable from a department website. The social security numbers were inadvertently displayed along with the individual’s first and last name in the Fall 2014 Semester Teaching Analysis Report (STAR). Upon discovering…
Adventures in breach alerts, Saturday edition
If you’re going to misdirect a fax containing personal information, you probably don’t want to misdirect it to a security firm with a blog. SLC Security reports that they received faxes from William Farrell, CPA of Cary, NC containing what appeared to be payroll information. When they tried to contact the firm using the contact email prominently posted on the firm’s…
Vidant Health leaking PHI since at least September – security firm (updated)
SLC Security posted this yesterday: Second Note: Vidant Health – Greenville, NC Just a quick update that we are still seeing issues with Vidant Health which we previous reported. On October 1, 2014, SLC Security had posted: DISCLOSURE: Vidant Medical Center (www.vidanthealth.com) Leaking PHI to include locations, patient names, diagnosis, age, birthdates and identifying features such…
Talos Discovery Spotlight: Hundreds of Thousands of Google Apps Domains’ Private WHOIS Information Disclosed
Nick Biasini, Alex Chiu, Jaeson Schultz, and Craig Williams write: In mid-2013, a problem occurred that slowly began unmasking the hidden registration information for owners’ domains that had opted into WHOIS privacy protection. These domains all appear to be registered via Google App [1], using eNom as a registrar. At the time of writing this…
Data security glitch on Verizon Wireless exposes woman’s personal data
Joe M. Douglass reports: …Tomi told Joe she lost her phone last summer after her husband passed away in a motorcycle accident. She says she decided to give up her old phone number and ended up using her late husband’s phone instead. Last week, Tomi says three of her family members got strange, nonsensical text…