AFP reports: The personal data of at least 20 million bank and credit card users in South Korea has been leaked, state regulators said Sunday, one of the country’s biggest ever breaches. Many major firms in the South have seen customers’ data leaked in recent years, either by hacking attacks or their own employees. In…
Category: Non-U.S.
UK: Will the ICO hold anyone responsible?
Jon Baines raises some interesting points in his discussion of a UK case where charges against police officers for violating the Data Protection Act were dropped in light of questions about whether they had ever been adequately trained to understand their responsibilities. Jon asks whether that situation should trigger an investigation by the Information Commissioner’s…
KC engineer ‘exposed unencrypted spreadsheet with phone numbers, user IDs, PASSWORDS’
Kelly Fiveash reports: Hull’s dominant telco, KC, is investigating revelations of what appears to be poor handling of the company’s customer data. This comes after a recent sign-up claimed one of its engineers had unwittingly exposed a customer spreadsheet containing the telephone numbers, user IDs and unencrypted passwords of all its subscribers. Read more on…
Tokyo ordered to pay damages to Muslim victims of privacy breach
There’s a follow-up to a breach covered previously on this site involving a data leak from the Metropolitan Police Department in Tokyo. The Tokyo District Court ordered the Tokyo Metropolitan Government to pay 90 million yen (around $860,000) in damages to 17 Muslims for the breach of privacy lawsuit they filed against the city. Around 114 documents were leaked…
Australian police investigating teen who found database flaw
Jeremy Kirk reports: An Australian teenager who notified a public transport agency of a serious database flaw is under police investigation. Joshua Rogers, 16, of Melbourne, found a SQL injection flaw in a database owned by Public Transport Victoria (PTV), which runs the state’s transport system. The flaw allowed access to a database containing 600,000…
ZA: Hacker reveals e-toll website security flaw
Jan Vermeulen reports that a hacker has reported a vulnerability in the SANRAL website that exposes user information: This is due to a page on the South African National Roads Agency Limited (Sanral) website which can be exploited to expose the PIN of any registered e-toll website user. The page is intended to be used…