The City of Burlington in Vermont is notifying some of its residents that their names and Social Security numbers had not been redacted from their tax abatement requests that were submitted to the city’s board and uploaded to the city’s website as part of a clickable agenda for the meeting. The information was uploaded on…
Category: Exposure
Tokyo ordered to pay damages to Muslim victims of privacy breach
There’s a follow-up to a breach covered previously on this site involving a data leak from the Metropolitan Police Department in Tokyo. The Tokyo District Court ordered the Tokyo Metropolitan Government to pay 90 million yen (around $860,000) in damages to 17 Muslims for the breach of privacy lawsuit they filed against the city. Around 114 documents were leaked…
Credit Card Receipts from Bay Area Old Navy Store Mistakenly Shipped to Shopper in Upstate New York
Ah, that pesky human error strikes again. Marianne Favro reports: Attention, Old Navy shoppers: Your credit card receipt, with full account number and signature, may have ended up in a random mailbox in Upstate New York. Anita Vogel lives in West Seneca, New York, near Buffalo. She recently received a package in the mail containing…
The Coupons App – Android Coupons App leaks your personal information to everyone – Appthority
In this bad app report we’ll be looking at one of the most popular coupon apps for Android, and how it shares private data it collects from mobile devices. This app also illustrates how privacy issues can extend beyond just the servers used by the app from using HTML5, by mishandling private data, they have…
VA: Supt. of Loudoun County Public Schools statement on breach (updated)
Statement on the school district’s website from Supt. Dr. Edgar B. Hatrick: Recently, the school system was informed of a security breach involving one of our software vendors. The vendor, Risk Solutions International, maintains the school system’s Emergency Management Plans. The website contains some personal information about students and staff members that is normally restricted to…
ZA: Hacker reveals e-toll website security flaw
Jan Vermeulen reports that a hacker has reported a vulnerability in the SANRAL website that exposes user information: This is due to a page on the South African National Roads Agency Limited (Sanral) website which can be exploited to expose the PIN of any registered e-toll website user. The page is intended to be used…