Josh Renaud reports: The Social Security numbers of school teachers, administrators and counselors across Missouri were vulnerable to public exposure due to flaws on a website maintained by the state’s Department of Elementary and Secondary Education. The Post-Dispatch discovered the vulnerability in a web application that allowed the public to search teacher certifications and credentials…
Category: Exposure
350 Qld border-pass applicants caught in police privacy breach
Matt Dennien reports: The Queensland Police Service has again been caught up in a privacy breach, this time involving the email addresses of more than 350 people – including AFP, Defence and Queensland Health staff –trying to return to Queensland. Read more on The Age. So after telling recipients to keep the invitation hush-hush, they…
Parents furious after personal information is leaked in 2nd data breach in online program
Rachel Keller reports: The Virginia Department of Behavioral Health and Developmental Services (DBHDS) is now investigating after some residents’ personal information was leaked in a data breach of one of their online programs. At 10 a.m. on Thursday, Oct. 7, families on the waiting list to receive Individual and Family Support Program funding logged onto the…
Telegraph newspaper bares 10TB of subscriber data and server logs to world+dog
Gareth Corfield reports: The Telegraph newspaper managed to leak 10TB of subscriber data and server logs after leaving an Elasticsearch cluster unsecured for most of September, according to the researcher who found it online. The blunder was uncovered by well-known security researcher Bob Diachenko, who said that the cluster had been freely accessible “without a…
Today’s reminder that small breaches may have the biggest impact
While everyone understandably raises alarms about the possible impact of a ransomware attack, let us never forget that simple, stupid, careless, willful, or just human errors can create significant safety risks for people. A foster family in Missouri is raising concerns about what may be two separate breaches that pose safety risks to them and…
QR codes temporarily removed from Sask. COVID-19 vaccine records due to ‘privacy breach’
Kelly Skjerven reports: QR codes are being temporarily removed from residents’ COVID-19 vaccination records due to a situation that eHealth Saskatchewan is treating as a privacy breach. A Saskatchewan government release said they were alerted to an issue downloading patient QR codes. “IT has identified that the COVID-19 vaccination records of up to 19 residents have the potential of…