Sometimes your policies are fine, but a well-meaning employee still manages to violate them. Consider this notification from Children’s Mercy Hospital in Kansas City, Missouri: Kansas City, Mo. – May 19, 2017 – Children’s Mercy’s information security department recently discovered an unauthorized website that contained certain patient information. The information had been collected by one…
Category: Exposure
UK: Fury as Basildon Council is fined £150k after accidentally publishing travellers’ private details online
Charles Thomson reports: Basildon Council has been fined £150,000 for breaching the Data Protection Act, after accidentally publishing a resident’s details on the council website. The council published a planning statement on its website but failed to redact private information before making it public. The private information remained online for six weeks before eventually being…
Ca: ‘Anomaly’ caused OHIP privacy breach
The province plans to resume mailing health card renewal notices more than a month after a printing “anomaly” caused a privacy breach. Incorrectly printed forms resulted in the personal information for thousands of children being mailed to strangers in April. A spokesperson for the Ministry of Government and Consumer Services, Harry Malhi, said in an…
Mallard Creek High School students’ records found blowing across streets
WSOC-TV reports that Charlotte-Mecklenburg Schools’ officials were notified after residents found documents with Mallard Creek High School students’ names, addresses and other personal information blowing in the wind. The district acknowledges the information should have been shredded. Officials said a contractor hauling away the trash didn’t properly secure it, which caused some documents to spill…
TX: 2 Additional Cameron Co. Servers Missing
Steve Soliz reports: Cameron County said they’ve mistakenly sold more computer servers than previously thought. Those servers, filled with personal information, were sold off at auctions. CHANNEL 5 NEWS reported how one of those servers was up for sale at a Brownsville flea market. In a statement, Cameron County Judge Eddie Trevino announced two more…
School district reports breach due to caching problem with HomeLink
We don’t see breach notifications from k-12 districts that often, but here’s one submitted to the California Attorney General’s Office from the Mt. Diablo Unified School District: On April 27, 2017, when parents tried to access their student’s data through the HomeLink Portal, they were able to view information, as described below, of a student…