On January 30, Brooks Rehabilitation (“Brooks”) in Florida disclosed that in December, they discovered tracking technology vendors that provide services to Brooks were able to view/access individually identifiable health information (IIHI) provided when a website user provided contact information or feedback via a Brooks website. The data transmitted could have included information such as name;…
Category: Exposure
Indian social media app Slick exposed childrens’ user data
Jagmeet Singh reports: Emerging Indian social media app Slick left an internal database containing users’ personal information, including data of school-going children, publicly exposed to the internet for months. Since at least December 11, a database containing full names, mobile numbers, dates of birth, and profile pictures of Slick users was left online without a password. Read…
Penang government data leaked online
Predeep Nambiar reports: Over 600,000 “rows of private data” from the Penang government’s official website have allegedly been stolen and uploaded onto the internet. The data was uploaded to a forum known as BreachForums by a user with the handle “LeakBase” on Jan 18, who said it was available for download. Read more at Free…
The Center for Autism and Related Disorders notifies patients after vendor’s error caused HIPAA breach
The Center for Autism and Related Disorders (“CARD”) has locations throughout the U.S. On January 24, it experienced a reportable breach when “as part of a recent update to its patient billing systems, the third-party vendor responsible for generating patient invoices incorrectly made a computer error which resulted in certain caregivers receiving an invoice for…
Derriford Hospital admits data breach as patient sent list of complaints against hospital
William Telford reports: Health chiefs have admitted a data breach after a patient received a list of people who had made complaints against Plymouth’s Derriford Hospital. Retired horse breeder Jeanette Anderson was stunned when an email from the hospital contained confidential details of complainants including, she said, bereaved families. University Hospitals Plymouth NHS Trust has…
Russian e-commerce giant exposed buyers’ delivery addresses
Jurgita Lapienytė reports: A leading electrical engineering company in Russia, Elevel, has exposed its customers’ personally identifiable information (PII,) including full names and addresses. Founded in 1991, Elevel (previously Eleko) positions itself as the leading Russian electrical engineering company that runs both an e-commerce business and wholesale stores. On January 24, the Cybernews research team…