Steven Everett and Connor Murphy report: Until December 2017, Google Groups containing hundreds of University communications and associated documents with restricted, confidential, or otherwise sensitive information had misconfigured permission settings such that anyone who could access the Boston College G Suite—known formally as Google Apps—could view them, a Heights investigation found. The Heights notified the…
Category: Exposure
Former California State Contractor Sued Over Breach Of HIV Patient Privacy
Anna Gorman reports: A security breach by a private company that contracted with California’s public health department inadvertently allowed unauthorized access to the HIV status of 93 people, according to a lawsuit filed this week in San Francisco County Superior Court. New York-based nonprofit Lambda Legal filed the lawsuit against the contractor, A.J. Boggs &…
DriveHer, ride-sharing app for women, suspends service after data breach exposes personal information
Jaren Kerr reports: The owner of a ride-sharing app created to increase safety and security for women drivers and riders has suspended its services after learning that its user data was vulnerable to a breach. DriveHer, which launched in Toronto in March and has more than 1,000 downloads, was created to both empower women and…
Virtua Medical Group Agrees to Pay Nearly $418,000, Tighten Data Security to Settle Allegations of Privacy Lapses Concerning Medical Treatment Files of Patients
There’s a follow-up to a breach previously reported on this site in 2016 in which a transcription vendor’s error resulted in the exposure of some Virtua Medical Group’s patients’ protected health information on the internet. It appears that New Jersey has settled charges against VMG over the incident. Of note, the charges are that the VMG…
FINRA, State Regulators Accused of Letting Sensitive Data Go Public
A whistle-blower is accusing some key financial regulators of allowing sensitive broker information to become readily accessible, even as industry watchdogs emphasized the need for companies to protect client data. According to a complaint lodged with the U.S. Securities and Exchange Commission, personal data such as brokerage account numbers provided to an industry-funded regulator have…
Panerabread.com Leaks Millions of Customer Records
Brian Krebs and I were both on the same mission today – to get Panera Breach to secure their customer data. I had been alerted to the situation by a reader who saw a paste explaining it all and revealing some customer data. Brian heard about it earlier from security researcher Dylan Houlihan, who had first…