DataBreaches hates reporting on an incident when the entity has not yet secured misconfigured storage, but after four months of futile efforts to get a Canadian clinic to respond to responsible disclosures, maybe publication will help get them off the dime. Bolton Walk-In Clinic in Ontario has a data protection policy that says: We are…
Category: Exposure
Over 600,000 Records, Including Background Checks, Vehicle, and Property Records Exposed Online: SL Data Services/Propertyrec
Jeremiah Fowler reports finding another exposed database with a lot of personal information. This one may belong to SL Data Services, LLC, though Fowler notes that the folders inside it were named with separate website domains. “It appears that the company operates a network of an estimated 16 different websites, offering a range of information…
PDPC: Breach of the Protection Obligation by HMI Institute of Health Science
A financial penalty of $10,000 was imposed and directions were issued to HMI Institute of Health Science for failing to put in place reasonable security arrangements to protect the personal data of former students. Case No. DP-2405-C2321 HMI Institute of Health Science Pte. Ltd. (the “Organisation”) is a healthcare training provider in Singapore. On 2…
Information and Privacy Commissioner of Alberta Publishes 2023-24 Annual Report
November 27 EDMONTON – The 2023-2024 Annual Report of the Office of the Information and Privacy Commissioner (OIPC) of Alberta was tabled today by the Speaker of the Alberta Legislative Assembly and has now been published online by the OIPC. “The 2023-24 year can best be characterized as a year of change and engagement for…
Irish researcher finds 1.1 million NHS employee records were leaked
James Cox reports: A Dublin cybersecurity researcher, Aaron Costello, has found that 1.1 million NHS employee records were leaked online because of improper configuration settings in Microsoft Power Pages, a software platform used by over 250 million people a month to build websites. Mr Costello, who works with AppOmni, previously discovered a computer glitch meant the HSE’s…
N.J. school accidentally released names of kids who opted out of sex education
Tina Kelley reports: A Cherry Hill resident has asked the U.S. Department of Education to investigate the Cherry Hill School District for releasing the names of dozens of students whose families opted them out of sex education classes. The breach came after an education advocacy group filed public records requests in every district in the state,…