Ax Sharma reports: Today, researchers have responsibly disclosed a security vulnerability by exploiting which they could access over 100,000 private employee records of United Nations Environmental Programme (UNEP). The data breach stemmed from exposed Git directories and credentials, which allowed the researchers to clone Git repositories and gather a large amount of personally identifiable information (PII) associated…
Category: Exposure
TT: West Shore launches probe after technician’s post on PM’s health
Darlisa Ghouralal reports: West Shore Private Hospital has launched an investigation into an apparent breach of patient confidentiality following a post by a cardiac technologist regarding the medical care of Prime Minister Dr Keith Rowley. […] The post by the technologist, an employee of Cardiovascular Associates Limited (CVA) who is also a part-time independent contractor…
‘Completely outrageous’: Names of students who use University of Ottawa Students’ Union Food Bank made public
Bridget Coady, Charley Dutil, & Emily Wilson report: The Fulcrum was made aware on Tuesday night that the information of multiple University of Ottawa students who used the University of Ottawa Students’ Union (UOSU) Food Bank was publicly available on the union’s website. A total number of 111 students were listed on the document along…
Decrypted: How bad was the US Capitol breach for cybersecurity?
Zack Whittaker reports on concerns that were raised after the massive security failure at the Capitol that resulted in attackers having access to papers, hard drives and more. Zack reiterates some comforting thoughts that were offered on Twitter in the aftermath of the rampage: Most lawmakers don’t have ready access to classified materials, unless it’s…
Indian government sites leaking patient COVID-19 test results
Is there anyone who didn’t see this coming? Ax Sharma reports: Websites of multiple Indian government departments, including national health and welfare agencies, are leaking COVID-19 lab test results for thousands of patients online. These leaked lab reports which are being indexed by search engines expose patient data, and whether they tested positive for coronavirus. Read more on BleepingComputer.
Indiana attorney general says no charges recommended in fetal remains case
One of the most disturbing privacy and data security cases of the decade has come to an end of sorts. Rick Callahan of AP reports the update to a case first reported last year, but caution: this story may be triggering for some people. Indiana’s attorney general recommended no criminal charges or licensing actions Wednesday…