Felipe Demartini reports (translation): A serious security breach exposed the information of, it is believed, all customers of the iugu services company, which operates in Brazil through financial management and automation systems. Users’ personal, banking and transaction data was available on an unprotected server for at least an hour. The discovery is by security expert…
Category: Exposure
Follow-up: Adventist Health Physician’s Network fined $40,000 for 2018 breach incident
Jeremy Childs reports: Adventist Health Physician’s Network, a hospital in Simi Valley, was fined $40,000 as part of a civil privacy settlement this week, according to the Ventura County District Attorney’s Office. The settlement stems from an incident in October 2018 when private medical files were found inside a storage unit in Simi Valley. The…
No password required: Mobile carrier exposes data for millions of accounts
Dan Goodin reports: Q Link Wireless, a provider of low-cost mobile phone and data services to 2 million US-based customers, has been making sensitive account data available to anyone who knows a valid phone number on the carrier’s network, an analysis of the company’s account management app shows. Read more on The Register. Opinion: I…
Education nonprofit Edraak ignored a student data leak for two months
Zack Whittaker reports: Edraak, an online education nonprofit, exposed the private information of thousands of students after uploading student data to an unprotected cloud storage server, apparently by mistake. The nonprofit, founded by Jordan’s Queen Rania and headquartered in the kingdom’s capital, was set up in 2013 to promote education across the Arab region. The…
Good Luck Explaining to HHS Why Your PHI is in GitHub’s Vault for the Next 1,000 Years
You may see a number of hospitals and covered entities issuing statements this week about a data security incident involving Med-Data (Med-Data, Incorporated). So far, Memorial Hermann, U. of Chicago, Aspirus, and OSF Healthcare have posted notices. Others should be or may be posting soon. Here’s DataBreaches.net’s exclusive report on the incident. Another Day, Another…
NZ: Heath board has contacted 50 people affected by software privacy breach
Sam Sherwood reports: About 50 people affected by a software error that allowed patients’ private information to be seen in the Covid-19 vaccination appointment booking system have been contacted by the Canterbury District Health Board (CDHB). The error meant the details of 714 individuals who had registered were potentially able to be viewed. The details included…