Regulators last year issued the SEC’s first-ever privacy fine against broker-dealer GunnAllen for failing to protect customer data. But former IT staffers say regulators didn’t seem to know half of this cautionary tale of outsourcing and oversight gone wrong. Mathew J. Schwartz adds some mind-boggling details to the case: Dan Saccavino, a former Revere Group…
Category: Of Note
Follow-up: Telstra cops first TCP warning for privacy breach
Josh Taylor reports: The Australian Communications and Media Authority (ACMA) has issued Telstra a direction to comply with the privacy clause in the Telecommunications Consumer Protection (TCP) code, following a 2011 privacy breach that left the details of 734,000 broadband customers vulnerable. In December last year, Telstra inadvertently exposed customer information online after one of…
Sensitive social service files found on TV set that was former Enfield Council building
John Dunne reports: An urgent investigation has been launched after dozens of confidential social services files were found at an abandoned town hall in London. The documents, including highly sensitive reports on parents turned down for adoption and the case notes on the Victoria Climbié case, were left on shelves and tables on public view…
RiteAid mobile app left customer prescription history vulnerable – customer
Cross-posted PHIprivacy.net: When Michael Ramirez recently used RiteAid’s mobile app to check on a prescription, he never expected to be able to access other customers’ names, addresses, and prescription records. But he was able to, and now Ramirez, a computer scientist working for the Navy’s Space and Naval Warfare Systems Command in Charleston, is going…
IEEE leaks 100,000 members’ usernames and plain-text passwords (update3)
Seen on Slashdot, Radu Dragusin writes: IEEE suffered a data breach which I discovered on September 18. For a few days I was uncertain what to do with the information and the data. Yesterday I let them know, and they fixed (at least partially) the problem. The usernames and passwords kept in plaintext were publicly…
The Apple UDIDs were stolen from us – BlueToad
Kerry Sanders and Bob Sullivan report that Florida publishing firm BlueToad has stated that the database of Apple UDID’s stolen by AntiSec came from its servers. According to Sullivan: Blue Toad is a little-known privately held company, but its technology touches millions of users around the world. It provides private-label digital edition and app-building services…