Mark Quinlivan reports: Police have admitted nearly 40 firearms licence applicants have had their privacy breached. A police spokesperson told Newshub 38 people had been impacted by the “localised” privacy breach after an email was sent advising the recipients to undertake a firearms safety course. Read more on NewsHub.
Category: Exposure
Jp: Two Salesforce incidents reportedly shut down online vaccination reservation systems, exposed other personal info
Updated May 18: See the Salesforce statement issued May 17 that says confirming that there was no data loss or breach involving the first incident described below. Yomiuri Shimbun reports: A failure in a cloud computing system provided by U.S.-based IT company Salesforce.com Inc. paralyzed COVID-19 vaccination reservation systems operated by local governments across Japan…
UK: NHS vaccination website leaks people’s medical data
Joel Khalili reports: A gaping security hole has been discovered in the NHS vaccination booking website, which can be easily exploited to find out whether someone has received a jab. The problem relates to the way the website treats different users, depending on how far along they are in the vaccination process. Read more on…
Ca: Brreach possibly affects 100s of Yukon gov’t workers: Department of Finance.
Julien Gignac reports: Roughly 400 Yukon government employees may have been affected by a recent privacy breach, according to a spokesperson at the Department of Finance. […] According to a government-issued notice obtained by CBC, a problem occurred during the processing of T4 and T4A slips that may have caused information such as Social Insurance…
MN: RCTC students birthdates released in data breach
Erich Fisher reports that Rochester Community Technical College discovered it had twice made errors in responding to semi-annual public records requests from LexisNexis: A data breach at Rochester Community Technical College was identified and remedied on March 31 after it was discovered that a third-party company had received the birthdates of 5,392 students. No other…
Peloton’s leaky API let anyone grab rider’s private account data
Zack Whittaker reports: Halfway through my Monday afternoon workout last week, I got a message from a security researcher with a screenshot of my Peloton account data. My Peloton profile is set to private and my friend’s list is deliberately zero, so nobody can view my profile, age, city, or workout history. But a bug allowed…