Dylan Tweney reports: An Amazon.com security flaw allows some customers to log in with variations of their actual password that are close to, but not exactly, their real password. The flaw lets Amazon accept as valid some passwords that have extra characters added on after the 8th character, and also makes the password case-insensitive. For…
Category: Exposure
MA: Students’ Personal Data Posted Online
Team 5 Investigates has learned that the personal information of as many as 1,300 current and former students at the Wentworth Institute of Technology was inadvertently put online. School officials notified all affected students of the data breach, which was reported to WIT on Dec. 22. The letter said that an “electronic file was accessible…
Error sends University of Missouri health insurance mail to wrong addresses
Adam Dodge of ESI sends along this news story by Ladd Egan: Hundreds of participants of University of Missouri’s health insurance program are being told to be on the look-out for insurance fraud after several hundred insurance communications were mailed to the wrong person. Health benefit statements, health services letters and new ID cards were…
UK: Somerset schools’ website security ‘breached’ by Southwest One
Rory McKeown reports: Claims have been made that Southwest One published security passwords for every school website in the county online. An unnamed source contacted this website claiming someone from the venture allegedly performed the “massive security breach” while updating the website itsc.co. uk. They allege security passwords for every school in Somerset and other…
Sydney Festival in privacy glitch
Luke Hopewell reports: Organisers behind the annual Sydney Festival have inadvertently committed a privacy breach by sending an email to users that displayed the contents of its mailing list. The email contains the email addresses of around 130 people who registered for a festival mailing list, some from government departments, Sony Music, JP Morgan and…
Ingenix discovers it may have been exposing health service providers’ SSNs for up to 5 years
This is one of those breaches where I really don’t blame the company, which in this case is Minnesota-based Ingenix. Ingenix provides web-based lookups so that patients can find providers in their area covered by their health plan. The provider data Ingenix uses is provided by the health plans or preferred provider plans themselves. Ingenix…