Updated May 18: See the Salesforce statement issued May 17 that says confirming that there was no data loss or breach involving the first incident described below. Yomiuri Shimbun reports: A failure in a cloud computing system provided by U.S.-based IT company Salesforce.com Inc. paralyzed COVID-19 vaccination reservation systems operated by local governments across Japan…
Category: Exposure
UK: NHS vaccination website leaks people’s medical data
Joel Khalili reports: A gaping security hole has been discovered in the NHS vaccination booking website, which can be easily exploited to find out whether someone has received a jab. The problem relates to the way the website treats different users, depending on how far along they are in the vaccination process. Read more on…
Ca: Brreach possibly affects 100s of Yukon gov’t workers: Department of Finance.
Julien Gignac reports: Roughly 400 Yukon government employees may have been affected by a recent privacy breach, according to a spokesperson at the Department of Finance. […] According to a government-issued notice obtained by CBC, a problem occurred during the processing of T4 and T4A slips that may have caused information such as Social Insurance…
MN: RCTC students birthdates released in data breach
Erich Fisher reports that Rochester Community Technical College discovered it had twice made errors in responding to semi-annual public records requests from LexisNexis: A data breach at Rochester Community Technical College was identified and remedied on March 31 after it was discovered that a third-party company had received the birthdates of 5,392 students. No other…
Peloton’s leaky API let anyone grab rider’s private account data
Zack Whittaker reports: Halfway through my Monday afternoon workout last week, I got a message from a security researcher with a screenshot of my Peloton account data. My Peloton profile is set to private and my friend’s list is deliberately zero, so nobody can view my profile, age, city, or workout history. But a bug allowed…
Ph: 345,000 sensitive legal documents from the PH government have been exposed online
Vittoria Elliott reports: For at least two months, some 345,000 sensitive court documents from the Office of the Solicitor General of the Philippines related to ongoing legal cases were made publicly available online and could have been accessed by anyone who knew where to look, according to the UK security company TurgenSec, which identified the data…