Jagmeet Singh reports: Rapido, a popular ride-hailing platform in India, has fixed a security issue that exposed personal information associated with its users and drivers, TechCrunch has exclusively learned. The flaw, discovered by security researcher Renganathan P, was related to a website form meant to collect feedback from Rapido auto-rickshaw users and drivers. The form…
Category: Exposure
No need to hack when it’s leaking: Cisco edition
The hacker and forum owner known as “IntelBroker” announced that he and others breached Cisco systems and obtained source code and other valuable information. In a forum post where they offered “partial Cisco” data, they admit that a Cisco error had enabled them to access the data: In October 2024, Cisco accidentally left open their…
UT Southwestern Medical Center has disclosed at least four breaches since July 2023. Is HHS investigating?
How many patient data breaches can a covered entity have before HHS OCR opens a serious investigation into their compliance with the HIPAA Security Rule? According to DataBreaches’ count, UT Southwestern Medical Center in Texas has disclosed at least four breaches since July 2023. As a brief recap of the first three: In July 2023,…
No need to hack when it’s leaking, Canadian edition: Care1
Jeremiah Fowler discovered a non-password-protected database that contained more than 4.8 million records belonging to Care1 — a Canadian company offering AI software solutions to support optometrists in delivering enhanced patient care: The publicly exposed database was not password-protected or encrypted. It contained over 4.8 million documents with a total size of 2.2 TB. In a…
Hong Kong Privacy Commissioner’s Office Publishes Investigation Findings on the Electrical and Mechanical Services Department Data Breach
December 9 enforcement action by the Privacy Commission of Hong Kong: Data Breach Incident of the Electrical and Mechanical Services Department (EMSD) The investigation arose from a data breach notification submitted by the EMSD to the PCPD on 1 May 2024, reporting its suspicion that the personal data of members of the public in its possession was…
HHS OCR settles charges that Inmediata Health Group exposed 1.6 million patients’ PHI online
The following announcement by HHS OCR stems from an accidental exposure of protected health information online that continued for several years. Inmediata’s incident resulted in a class action lawsuit that was settled for $1.1 million in 2022, and a settlement with 33 states for $1.14 million in 2023. HHS seems to be the first to…