Lucy Cormack reports: The personal details of almost 200,000 injured workers were mistakenly shared with 587 employers and insurance brokers in a major privacy data breach by embattled state insurer icare last month. A senior source with direct knowledge of the breach said the details of 193,000 employees were contained in spreadsheets that were mistakenly…
Category: Non-U.S.
Pegasus Airlines data breach exposes 6.5TB of flight and crew data
Pegasus Airlines, a Turkish low-cost carrier, has accidentally leaked around 6.5TB of personal information of flight crew, flight data, and source code after misconfiguring an AWS bucket. Read more at Teiss.
Health P.E.I. alerts public of privacy breach after laptop stolen
Shane Ross reports: More than 4,000 patients and 1,200 Health P.E.I. employees are being notified of a privacy breach after an employee’s laptop was stolen in April. In a news release issued Wednesday, Health P.E.I. said the stolen laptop was password protected and information technology staff took steps to secure the information as soon as…
Costa Rica’s public health agency hit by Hive ransomware
Sergiu Gatlan reports: All computer systems on the network of Costa Rica’s public health service (known as Costa Rican Social Security Fund or CCCS) are now offline following a Hive ransomware attack that hit them this morning. Hive, a Ransomware-as-a-Service (RaaS) operation active since at least June 2021, has been behind attacks on over 30 organizations, counting only the victims…
AU: NDIS case management system provider breached
Justin Hendry reports: A security breach of a cloud-based client management system used by National Disability Insurance Scheme (NDIS) service providers has exposed a “large volume” of health and other sensitive data. CTARS, a Sydney-based software and analytics provider for the disability and care sectors, this week revealed an unauthorised third-party had gained access to…
Data breach at Australian pension provider Spirit Super impacts 50k victims following phishing attack
Jessica Haworth reports: A phishing attack at Australian pension provider Spirit Super has resulted in “some personal details being compromised”. The ‘super fund’ confirmed that user data was breached on May 19, 2022 after an employee’s email account was accessed. An investigation into the incident found that there was “unauthorized access to a mailbox containing personal data”…