PLS Financial is notifying customers that a programming error by an unnamed web site operator exposed their personal information to other site users. The programming error, which occurred on July 11, allowed loan applicants to potentially view a restricted part of the site containing names, postal and e-mail addresses, and Social Security numbers. During the…
Category: Exposure
UK: Newcastle Citizen’s Advice Bureau data breach concern
BBC reports: An investigation is under way after the Citizen’s Advice Bureau in Newcastle inadvertently released personal information about some of its clients. About 1,300 files containing names, addresses, debt history and criminal records were accidentally made available on the internet. The Information Commissioner’s Office (ICO) is looking into the incident and a possible data…
NZ hat trick: EQC reports its third breach this year
Rebecca Quilliam reports: The Earthquake Commission has admitted to another breach of privacy after information on up to 260 claimants was sent to the wrong customers. Its chief executive Ian Simpson has launched an inquiry into how the information ended up on a letter that was sent to some clients. One side of the letter…
Bank of Tokyo-Mitsubishi notifies employees after AON Hewitt e-mail gaffe discloses their information
The Bank of Tokyo-Mitsubishi recently notified some employees that their names and Social Security numbers had been erroneously emailed by their vendor AON Hewitt to another client of AON Hewitt. The email error occurred on August 2 and employees were notified on September 3. Although the risk analysis indicated a very low risk of misuse,…
FTC complaint against LabMD could serve as guidance to businesses on data security
The Federal Trade Commission has released a provisionally redacted public version of its complaint against LabMD (PHIprivacy.net’s coverage of LabMD linked here). The complaint provides what could be useful guidance as to what types of practices the FTC considers to be problematic practices under the Act: 10. At all relevant times, respondent engaged in a number of…
Errant e-mail creates security breach at MNsure
Jackie Crosby reports: A MNsure employee accidentally sent an e-mail file to an Apple Valley insurance broker’s office on Thursday that contained Social Security numbers, names, business addresses and other identifying information on more than 2,400 insurance agents. An official at MNsure, the state’s new online health insurance exchange, acknowledged it had mishandled private data. . Read…