Jason Bramwell reports: Mexican authorities said KPMG Mexico could be fined as much as 30 million pesos (about $1.57 million) for exposing the confidential payroll data of employees at 41 of its clients, which was housed in an unsecured database that wound up on the Internet. According to El Economista, the National Institute of Transparency,…
Category: Exposure
AU: Centrelink privacy breach ‘horrendous’
The Australian Associated Press reports: Labor’s social services spokesperson Linda Burney has criticised the Coalition for its “mismanagement” of a remote community employment program after Centrelink clients had their details published to a public Facebook page. Dozens of names of those required to attend client meetings were uploaded by a Northern Territory work-for-the-dole provider in…
Inmediata Health Group notifies covered entities’ patients after exposure of PHI on web
From their press release: Inmediata Health Group, Corp. (“Inmediata”) recently became aware of a data security incident that may have involved the limited personal and medical information of some of its customers’ patients. Inmediata is directly mailing notification letters to individuals who may have been affected by this incident and to provide resources to assist…
Greek DPA Issues EUR 30,000 Fine For Data Protection Violation by Hellenic Petroleum S.A.
Hunton Andrews Kurth writes: On April 15, 2019, the Greek Data Protection Authority (“DPA”) fined Hellenic Petroleum S.A. EUR 20,000 for unlawful processing of personal data and EUR 10,000 for failing to adopt appropriate data security measures. Hellenic Petroleum S.A. had engaged a vendor to conduct a study on its behalf. The study was exposed…
PA: Millions of rehab records exposed on Steps to Recovery’s unsecured database
Laura Hautala reports: It’s some of the most sensitive medical information a person could have. Records for potentially thousands of patients seeking treatment at several addiction rehabilitation centers were exposed in an unsecured online database, an independent researcher revealed Friday [link corrected by DataBreaches.net]. The records included patients’ names, as well as details of the…
ME: Acadia Hospital mistakenly released confidential information of 300 Suboxone patients
Callie Ferguson reports: A communications official at Northern Light Acadia Hospital in Bangor mistakenly emailed the confidential names of 300 patients with prescriptions for Suboxone, a medication used to treat opioid use disorder, to an editor at the Bangor Daily News last week. In addition to their names, the list also contained the identities of…