Ryerson University today initiated a plan to notify individuals whose personal information may have been exposed due to an isolated software error discovered in the University’s Student Administration System (SAS) which went live with an upgrade on November 17, 2008. Ryerson became aware of the incident when three students voluntarily contacted the University and provided…
Category: Non-U.S.
UK: Customers’ personal data sent to stranger
Ian Robson reports: A finance company has admitted sending confidential information about customers, including their bank account numbers, to a stranger. Fiat Financial Services had sent a credit agreement to motorist Darren Wright after he bought a car. But they also posted the private details of five other customers who had applied for a loan….
StayFriends members’ personal info exposed by SQL injection
The same individual, “unu,” who has been exposing other web sites vulnerable to SQL injection, has issued some screen shots showing how the German site, StayFriends, left its over 7 million users’ personal information vulnerable to exposure or access. According to the account of the hack, the exposure involved names, email addresses, passwords, some credit…
UK: Dental patient fraud pair jailed
A woman and her stepfather have been given jail terms for defrauding nearly £20,000 from patients at two dental practices in Glasgow. Receptionist Adele Ballantyne, 22, copied credit and debit card details and passed them to John Hill, 32, who then ordered goods for resale. Ballantyne was jailed for 12 months and Hill was sentenced…
More p2p fiascos
Rian from RedTeam Protection, a division of Tony Josephs and Sons Investigations Inc., just sent me another batch of p2p cockups that exposed personal — and in some cases — sensitive medical — information. In each case, RedTeam advised the entity and/or helped ensure removal of the filesharing application. Some of these breaches are more…
UK: ICO takes enforcement action against Hastings and Rother PCT for data loss
From the press release (pdf) from the Information Commissioner’s Office (ICO): The Information Commissioner’s Office (ICO) has taken enforcement action against Hastings and Rother Primary Care Trust (PCT) following a breach of the Data Protection Act. This is the eighth time the ICO has taken enforcement action against an NHS organisation for breaching the Data…