Mark Ballard reports: Staff working for Her Majesty’s Courts Service have breached security on the government database that stores personal data about everyone in the UK. Also, local authorities sacked 26 employees last year for snooping on personal data stored on the Department for Work and Pensions (DWP) Customer Information System (CIS), which, with 90…
Category: Non-U.S.
UK: Barking and Dagenham data breach put bank details at risk
A data breach cost the council £20,000 to fix after fears that bank details of employees may have been hacked into. Council staff discovered the breach on February 3 and found that the financial system had been cloned into a test server, copying sensitive data. They detected a large amount of hacking activity from overseas…
Two more Dutch data breaches
Karin Spaink summarizes and translates two more breaches: City leaks bank numbers Private data of people who have received a building license in Groningen, is visible via the city’s website. (One needs to apply for such a license when expanding one’s house or building an addendum to it.) Data disclosed are names, addresses, bank numbers,…
Pirate Bay Hack Exposes User Booty
Brian Krebs reports: Security weaknesses in the hugely popular file-sharing Web site thepiratebay.org have exposed the user names, e-mail and Internet addresses of more than 4 million Pirate Bay users, according to information obtained by KrebsOnSecurity.com. An Argentinian hacker named Ch Russo said he and two of his associates discovered multiple SQL injection vulnerabilities that…
UK: ICO finds three councils in breach of Data Protection Act
The Information Commissioner’s Office (ICO) has taken action against the London Borough of Barnet, West Sussex County Council and Buckinghamshire County Council for breaching the Data Protection Act. A systemic lack of staff training on how to handle personal information has led to the loss of sensitive personal information relating to thousands of children. Sally-anne…
IE: Breach notification guidance and code available online
The Breach Notification Guidance and Data Security Breach Code of Practice have been posted to the web site of the Data Protection Commissioner of Ireland.