Jon Tattrie reports: Software and privacy experts say an embarrassed Nova Scotia government seems to be seeking a scapegoat, following Halifax police’s quick arrest of a 19-year-old man for accessing private documents publicly visible on a provincial website. The teenager is charged with unauthorized use of a computer, which carries a prison term of up to 10 years. “In order to break…
Category: Exposure
Personal information of 1 million potential college applicants ‘exposed inadvertently’
Emily Tate reports that a vendor in the higher education space exposed more than 1 million potential college applicants’ information due to a misconfigured rsync backup: The data — which included names, phone numbers, email addresses, home addresses, high school graduation years and, in a few cases, dates of birth and Social Security numbers —…
Nova Scotia government portal reportedly breached; under investigation
CBC News in Canada reports: Halifax police have detained a person after a breach of the Nova Scotia government’s freedom-of-information website that included access to personal information. More than 7,000 documents were accessed. About four per cent were determined to have “highly sensitive personal information,” according to government officials. They said the number of Nova Scotians affected is “in…
Mistake in Some Google Groups Permissions Left Sensitive Info Accessible to Boston College community
Steven Everett and Connor Murphy report: Until December 2017, Google Groups containing hundreds of University communications and associated documents with restricted, confidential, or otherwise sensitive information had misconfigured permission settings such that anyone who could access the Boston College G Suite—known formally as Google Apps—could view them, a Heights investigation found. The Heights notified the…
Former California State Contractor Sued Over Breach Of HIV Patient Privacy
Anna Gorman reports: A security breach by a private company that contracted with California’s public health department inadvertently allowed unauthorized access to the HIV status of 93 people, according to a lawsuit filed this week in San Francisco County Superior Court. New York-based nonprofit Lambda Legal filed the lawsuit against the contractor, A.J. Boggs &…
DriveHer, ride-sharing app for women, suspends service after data breach exposes personal information
Jaren Kerr reports: The owner of a ride-sharing app created to increase safety and security for women drivers and riders has suspended its services after learning that its user data was vulnerable to a breach. DriveHer, which launched in Toronto in March and has more than 1,000 downloads, was created to both empower women and…