BBC reports: A school has apologised for a data breach in which personal information about students was sent to their teenage classmates. Sixth-form pupils at Wymondham College, Norfolk, were mistakenly sent a link to a spreadsheet intended for teachers. It included data on whether pupils had special educational needs, whether they were “looked-after” children and…
Category: Exposure
Update on the VA’s eBenefits website breach
The VA responded to my email inquiries about the recently disclosed breach involving the eBenefits web site with the following statement: The Department of Veterans Affairs (VA) takes seriously our obligation to properly safeguard personal information. During a limited period of time Wednesday evening, as part of a process to improve software supporting the joint…
‘Defect’ on VA benefits site shares vets’ personal details online
Barnini Chakraborty has an update on the Veterans Administration e-benefits website breach reported here recently: The VA issued a statement Friday afternoon acknowledging the “software defect.” “VA took immediate action upon discovering the software defect and shut the eBenefits system down in order to limit any problems,” the agency said. It also said that the…
Insecure healthcare.gov allowed hacker to access 70,000 records in 4 minutes
Darlene Storm reports: When it comes to the atrocious state of HealthCare.gov security, white hat hacker David Kennedy, CEO of TrustedSec, may feel like he’s beating his head against a stone wall. Kennedy said, “I don’t understand how we’re still discussing whether the website is insecure or not. It is; there’s no question about that.” He added,…
Starbucks sat on its clear-text password problem for months
Evan Schuman reports: When Starbucks published the new version of its iOS mobile app yesterday to fix its passwords-in-clear-text problem, it demonstrated a seemingly awesome ability to correct a serious security issue in a single day. But was it truly awesome? Not if it knew about the security hole for months. Not if it knew about it before it published the prior iOS app…
KC engineer ‘exposed unencrypted spreadsheet with phone numbers, user IDs, PASSWORDS’
Kelly Fiveash reports: Hull’s dominant telco, KC, is investigating revelations of what appears to be poor handling of the company’s customer data. This comes after a recent sign-up claimed one of its engineers had unwittingly exposed a customer spreadsheet containing the telephone numbers, user IDs and unencrypted passwords of all its subscribers. Read more on…