Patrick Gray writes: The entire user database of Groupon’s Indian subsidiary Sosasta.com was accidentally published to the Internet and indexed by Google. The database includes the e-mail addresses and clear-text passwords of the site’s 300,000 users. It was discovered by Australian security consultant Daniel Grzelak as he searched for publicly accessible databases containing e-mail address…
Category: Exposure
Man’s ‘horror’ at NHS web privacy leak
Rhianne Pope reports: A jobseeker has said he is “horrified” after logging on to an NHS job site and seeing other people’s data. The 62-year-old from Bicester, who wished to remain anonymous, said he visited Jobs.nhs.uk to look for a new maintenance job. But after registering his name on the site last Monday, he realised…
RxAmerica and Accendo Insurance notify 175,000 Medicare beneficiaries that mailing error exposed their medication name, date of birth, and member ID
RxAmerica and Accendo Insurance Company, providers of drug benefits to eligible beneficiaries under the Medicare Part D program, issued the following statement today regarding a recent patient information issue: “RxAmerica and Accendo Insurance Company have notified Medicare Part D beneficiaries enrolled in the company’s Prescription Drug Plans that some of their personal information may have…
Canada official: Staples resold hard drives with customer data
Galen Moore reports: …. According to Canada’s privacy commissioner, Jennifer Stoddart, the breaches affected laptop computers and flash drives, and compromised sensitive information including Social Insurance Numbers, and health card and passport numbers; academic transcripts; banking information and tax records. An audit conducted by Stoddard’s office examined 149 data storage devices marked for resale, and…
Centaur website reveals guests’ personal info
Shilpa Phadnis reports: The Centaur Hotels’ website, centaurhotels.com, appears to have compromised personal information of its hotel guests, in what seems to be a case of poor internet security protocols implemented by the site. This allowed website visitors on Saturday to obtain and view details of passports, driving licences, pan numbers, credit cards, and other…
When her data was exposed, Kennedale woman cried foul — and the state listened
Dave Lieber reports: Let’s all stand and cheer for Judy Yacio, a retired Kennedale school principal who struck a blow to stop identity theft. She exposed a flaw in the Teacher Retirement System of Texas that could make it easy for identity thieves to steal her personal banking information. […] After Yacio switched the bank…