Jana Ballweber reports (translation) After glaring security deficiencies in the IT of Corona test centers became known in March, thousands of test results including personal data could be found online again. Security experts from the “Zerforschung” group managed to view the names, addresses, dates of birth, telephone numbers, email addresses and test results of over 14,000 people tested from centers in Hamburg,…
Category: Exposure
Br: Leak exposes 1.7 TB of customer data from Brazilian fintech iugu
Felipe Demartini reports (translation): A serious security breach exposed the information of, it is believed, all customers of the iugu services company, which operates in Brazil through financial management and automation systems. Users’ personal, banking and transaction data was available on an unprotected server for at least an hour. The discovery is by security expert…
Follow-up: Adventist Health Physician’s Network fined $40,000 for 2018 breach incident
Jeremy Childs reports: Adventist Health Physician’s Network, a hospital in Simi Valley, was fined $40,000 as part of a civil privacy settlement this week, according to the Ventura County District Attorney’s Office. The settlement stems from an incident in October 2018 when private medical files were found inside a storage unit in Simi Valley. The…
No password required: Mobile carrier exposes data for millions of accounts
Dan Goodin reports: Q Link Wireless, a provider of low-cost mobile phone and data services to 2 million US-based customers, has been making sensitive account data available to anyone who knows a valid phone number on the carrier’s network, an analysis of the company’s account management app shows. Read more on The Register. Opinion: I…
Education nonprofit Edraak ignored a student data leak for two months
Zack Whittaker reports: Edraak, an online education nonprofit, exposed the private information of thousands of students after uploading student data to an unprotected cloud storage server, apparently by mistake. The nonprofit, founded by Jordan’s Queen Rania and headquartered in the kingdom’s capital, was set up in 2013 to promote education across the Arab region. The…
Good Luck Explaining to HHS Why Your PHI is in GitHub’s Vault for the Next 1,000 Years
You may see a number of hospitals and covered entities issuing statements this week about a data security incident involving Med-Data (Med-Data, Incorporated). So far, Memorial Hermann, U. of Chicago, Aspirus, and OSF Healthcare have posted notices. Others should be or may be posting soon. Here’s DataBreaches.net’s exclusive report on the incident. Another Day, Another…