Anna Cox reports that more than 1 million customers may have had their information exposed for years by an improperly secured city web site: The City of Joburg has apologised for the inconvenience caused by the security glitch that exposed customer rates and services invoices to fraudsters. The e-statement site had to be shut down…
Category: Exposure
Investigators say Bow Valley College failed to protect vital info of nearly 200,000
Here’s a breach from almost one year ago that I had missed until this follow-up report. Michael Franklin reports: An investigator into a possible leak of personal information of nearly 200,000 Bow Valley students has found that the institution had indeed failed to protect that information. However, it also says that the school took reasonable…
AU: AAMI customers use privacy breach to their advantage
Lucy Battersby reports that an email gaffe by auto insurer Australian Associated Motor Insurers (AAMI) has enabled disgruntled consumers to find each other to band together: The blind carbon copy (BCC) button on emails exists for a very good reason. Unfortunately one of AAMI’s managers failed to use it the day she sent a message…
ADP coding error exposed McKesson employees’ SSN and wages (updated to include statement from ADP)
Add McKesson to those affected by a breach involving ADP that was disclosed in June. The breach also affected employees of the city of Houston and US Airways, as reported previously on this blog. On August 9, McKesson notified the New Hampshire Attorney General’s Office that it was sending out notifications to some of their employees…
UK: Council’s data blunder branded ‘sloppy’ by FoI expert
Another case where a FOI (freedom of information) response exposed too much: A data blunder which saw the council release sensitive staff information has been branded ‘sloppy and embarrassing’ by the recipient. Roger Gill originally submitted a Freedom of Information (FoI) request to Horsham District Council after receiving no response to a complaint about Acorn…
Auburn University error exposes donor and alumni information on public server
On June 19, Auburn University in Alabama learned that spreadsheets containing donor and alumni information had been accidentally uploaded to a public server. The spreadsheets contained an undisclosed number of donor and alumni’s names, maiden names, postal and email addresses, telephone numbers, and Social Security numbers. The spreadsheets also contained former students’ years of attendance,…