A school contractor that provides online registration so students can sign up for AP and PSAT exams misconfigured their cloud storage, exposing students’ and parents’ personal information. A number of school districts or schools contract with a firm in Colorado called Total Registration, who, according to their web site, registered more than 525,000 students from…
Category: Exposure
Freedom Mobile server leak exposed customer data
Zack Whittaker reports: A security lapse at Canada’s fourth largest cell network Freedom Mobile exposed customer data. Security researchers Noam Rotem and Ran Locar found an Elasticsearch server leaking five million logs containing customer data. The server wasn’t protected with a password, allowing anyone to access the data. Rotem and Locar, who shared their findings…
Tennessee diagnostic medical imaging services company pays $3,000,000 to settle breach exposing over 300,000 patients’ protected health information
There’s an update to a case I’ve been following on this blog since 2014. From HHS, this announcement: Touchstone Medical Imaging (“Touchstone”) has agreed to pay $3,000,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), and to adopt a corrective action plan to settle potential violations…
Michigan investigating the Inmediata breach
Michigan’s Attorney General is aware of the Inmediata breach and its incident response cock-up that has been reported on this site. People have been complaining here and some have called the state to complain. Remember that in addition to complaining to your state consumer protection bureau or state insurance department, you can also file a…
Vulnerability in Tommy Hilfiger Japan DB Exposes Hundreds of Thousands of Customers to Data Theft
Paul Kane writes: Hacker-activists Noam Rotem and Ran L from Safety Detective’s research lab recently revealed a significant security breach in the Tommy Hilfiger Japan client database – leaving the private and personal details of hundreds of thousands of customers up for grabs. Nearly 1 Million Website Visits Tommy Hilfiger’s Japanese website, which received nearly…
UK: Government in email privacy gaffe
BBC reports: A government department responsible for data protection laws has shared the contact details of hundreds of journalists. The Department for Digital, Culture, Media and Sport emailed more than 300 recipients in a way that allowed their addresses to be seen by other people. The email – seen by the BBC – contained a…