Ng Kang-Chung reports: A report by the Privacy Commissioner found the electoral office failed to take adequate steps to protect the personal data of Hong Kong’s 3.78 million voters stored in one of two laptop computers that were stolen during the chief executive election in March. Read more on South China Morning Post. Kang-Chung provides…
Category: Government Sector
UK: Gloucester City Council fined by ICO for not updating OpenSSL promptly, which permitted Heartbleed exploitation by Anonymous
The Information Commissioner’s Office (ICO) has fined Gloucester City Council £100,000 after a cyber attacker accessed council employees’ sensitive personal information. The attacker took advantage of a weakness in the council’s website in July 2014, which led to over 30,000 emails being downloaded from council mailboxes. The messages contained financial and sensitive information about council…
NJ: Township of Springfield notifies individuals after discovering hack
The Township of Springfield in New Jersey is mailing out breach notification letters after finding suspicious activity on their police department management server. The unauthorized access occurred between February 22 and March 9, 2017, “when the threat was eliminated.” Information on the server may have included full name, driver’s license or state card identification number, birth date, address, and…
Mississippi Division of Medicaid notifies more than 5,000 after discovering data were not securely transmitted for more than three years
The Mississippi Division of Medicaid (DOM) is informing approximately 5,220 individuals of the potential exposure of their protected health information (PHI). On April 7, 2017, DOM officials became aware of an issue with the online service the agency used to create forms posted to DOM’s website (http://medicaid.ms.gov). Once an online form was submitted the information…
Computer stolen at the Hall of Justice puts some at risk for identity theft
WDRB reports: A computer stolen at the Louisville Hall of Justice puts some people at risk of identity theft. The computer used by two Assistant County Attorneys was taken from a publicly accessible conference room. Louisville Metro launched an internal investigation, after the theft was reported. With the help of an outside forensic expert, the…
Nearly 2,500 North Dakotans face a privacy breach
The North Dakota Department of Human Services is notifying 2,452 Medicaid program recipients or their guardians/personal representatives about a breach of the recipients’ protected health information. The department is mailing letters to affected individuals and has posted a notice to its website to apologize, provide details about the breach, and offer credit/identity theft monitoring services….