Update: On December 2, Sunshine Behavioral Health reported this incident to HHS as impacting 3500 patients. They also ticked the box for Business Associate. Update 2: On January 23, 2020, ID Experts submitted a copy of their notification to patients to the Vermont Attorney General’s Office. Another day, another leak. In this case, an error…
Category: Exposure
Judiciary leaks personnel data of company in cocaine investigation; workers terrified
Janene Pieters reports: Personnel data from a fruit wholesaler in Hedel, Gelderland accidentally ended up in the criminal file of a major cocaine investigation, the Public Prosecution Service in Oost-Nederland confirmed. In a statement, the Prosecutor said it regrets the state of affairs, stressing that there have never been indications that people were in immediate…
Ca: No answers on Fort Simpson dump breach until 2020 due to privacy breach backlog
Hilary Bird reports: Almost a year after boxes of personal medical records were found at the Fort Simpson dump, the Northwest Territories Information and Privacy Commissioner hasn’t had time to investigate the breach. A spokesperson for Elaine Keenan-Bengts’ office says that because of a backlog, the commissioner won’t be able to look into the incident…
Prank Call Service PrankDial Exposed 138 Million Records Online
Jeremiah Fowler reports: On October 28th I discovered a non-password protected database that contained millions of log files. Upon further research, the records all contained information that identified PrankDial.com as the owner of the data. I immediately sent a responsible disclosure notice and the database was closed for public access shortly after. According to their…
VA: Purcellville Sorts Data Breach Stemming from 2017 Botched Investigation
This one may be confusing to follow unless you’ve followed some issues involving this town in the past, but have a go at it anyway. Patrick Szabo reports: The Purcellville Town Council held an emergency meeting Saturday afternoon to discuss a “data security incident” related to a flash drive filled with more than 9 gigabytes…
A leak report quietly disappears, leaving questions in its wake
On October 8, Jeremiah Fowler reported that he had discovered a non-password protected database that contained what appeared to be information regarding healthcare workers and traveling nurses. If you had read the report on Security Discovery at the time, you would have read that almost one million people were potentially affected. Based on that reporting,…