Statement by Charleston Area Medical Center: We wanted to let you know about a security incident that occurred at Charleston Area Medical Center’s Research Institute, which involved the personal information of some of our patients. On February 8, 2011, we learned that one of our databases containing information about 3655 patients had security vulnerability. The…
Category: Exposure
BC Lotteries online site has fixed privacy glitches, report finds
Chad Skelton reports the follow-up on a breach previously covered on this blog: BC Lotteries did not take adequate steps to protect privacy when it launched its PlayNow.com online gambling site last summer, according to an investigation by B.C. Information and Privacy Commissioner Elizabeth Denham. However, Denham concludes BCLC has since taken steps to address…
OH: Envelopes Display Workers’ Social Security Numbers
A mass mailing has made some very private information public. More than 8,000 state child-care providers have had their social security numbers accidentally exposed, 10TV’s Glenn McEntyre reported on Monday. The providers received letters from Affiliated Computer Services, which is a subsidiary of Xerox. The company was hired by the state of Ohio to manage…
Bank of America website exposes customer accounts, data
Ray Wert reports on Jalopnik that Bank of America’s online banking system experienced a security breach or glitch that enabled logged in users to see other people’s accounts: Someone very close to me called moments ago and told me that when she logged into her Bank of America account earlier this evening she saw, rather…
UK: Around 10,000 CRB background checks land in the wrong inbox
Gwent Police is taking remedial action after the Information Commissioner’s Office (ICO) found it in breach of the Data Protection Act for accidentally emailing results of Criminal Reference Bureau (CRB) checks performed by the force to a member of the public. An email containing a spreadsheet of the results of around 10,000 CRB enquiries was…
UK: Labour forum leaks email addresses
John Leyden reports: Basic design flaws on a Labour party members forum exposed the email addresses of users to harvesting. Surfers who register through the site http://members.labour.org.uk were invited to confirm their membership, and activate their account, by clicking on the link in an email sent to a specified account. The email follows the form…