Stephen White reports: Confidential data of employees at older people’s charity, Independent Age, have been accidentally exposed to a former worker. The blunder occurred as the company responded to the ex-staff member’s submission of a DSAR (data subject access request). Independent Age says that the security breach compromised personal data, including bank information, sort codes, account…
Category: Exposure
Personal Data (Incl. SMS & Calls) of Mobile Loan App Users in China Left OPEN for ALL to See
Jim Wilson of Safety Detectives reports on some of their team’s recent findings: Safety Detectives’ research team has recently discovered a sizeable data leak (over 899gb and growing by the day) of a China-based server, which has now been closed. We are unable to confirm the company behind the leak, but according to the data,…
HIPAA nightmare: An IT vendor’s error left more than 300,000 files with protected health information exposed
Medico, Inc.’s IT vendor’s error left at least two Amazon buckets unsecured More than 300,000 files contained protected health information related to patient billing, complete with insurance information and treatment codes Leaks were independently discovered by at least three researchers using different search methods It’s been a rough few months in terms of business associates…
Aavgo security lapse exposed hotel bookings
Zack Whittaker reports: A security lapse at a hotel management startup has exposed hotel bookings and guests’ personal information. The security lapse was resolved Monday after TechCrunch reached out to Aavgo, a hospitality tech company based in San Francisco, which secured a server it had left online without a password. The server was open for…
Ca: RCMP sent confidential details of suicide attempt to wrong email chain: report
Catharine Tunney reports: The RCMP inadvertently sent an account of someone’s suicide attempt to the wrong email chain, leaving the details in the inboxes of more than 160 people, according to a report on the mishap. The email included the person’s name and date of birth, details of the suicide attempt, the injuries they sustained…
Estonian information authority urges attention to cybersecurity following breaches
Baltic News Service reports: The Information System Authority (RIA) has urged both individuals and businesses to take seriously the issue of data protection and security. The announcement follows several recent, potentially serious data leaks, involving the retail and service sector, as well as one municipality, Baltic News Service reports. Breaches occurring happened over the past…