David Brown reports: OCS confirms that confidential store sales data from the provincial cannabis distributor was leaked to the public. Following reports online from cannabis retailers in Ontario in April, the OCS [Ontario Cannabis Store] sent out a letter to retailers and licensed producers confirming that the data leak occurred without the OCS’ permission. Although…
Category: Non-U.S.
Sheffield nurse Paul Grayson sentenced to 12 years for covert filming of hospital patients and staff
A nurse who “grotesquely breached” his position of trust when he covertly made indecent videos of staff and patients at a hospital in Sheffield has been jailed. Some of Paul Grayson’s victims were unconscious and recovery after surgery when he filmed up their gowns at the Royal Hallamshire Hospital. He also installed cameras in the hospital toilets…
NZ: Data breach on AA Traveller website
RNZ reports: AA Traveller said the website was in use between 2003 and 2018 and allowed customers to make travel bookings, enter competitions and take part in surveys. In a statement on its website AA Traveller said it “recently discovered a vulnerability in the application where the AA Traveller information was stored and that an…
IKEA Canada confirms data breach involving personal information of approximately 95,000 customers
Chris Fox reports on an insider-wrongdoing breach that sounds like it was detected and stopped fairly quickly, but not before more than 90,000 customers could have had their data accessed. IKEA says that it has notified Canada’s privacy watchdog following a data breach involving the personal information of approximately 95,000 customers. In a statement provided…
Indian government makes user data collection mandatory for VPNs; Providers debate leaving country
Rahul Verma reports: The Indian government has introduced a new IT policy that requires virtual private network companies (VPNs) to collect extensive customer data and maintain it for five years or more. The directive came from Computer Emergency Response Team, CERT-in. The new policy lists data centers and crypto exchanges under the same provision. The…
India to introduce six-hour data breach notification rule
Stephen Pritchard reports: Organizations in India face a six-hour data breach reporting deadline, following the introduction of new rules by the country’s computer emergency response team, CERT-In. The new rules will apply to critical parts of India’s network and IT infrastructure, including service providers, data centers, government organizations, and corporations. Read more at TheDailySwig.