Allie Coyne reports: Travel agency Flight Centre is under investigation by the country’s privacy regulator after accidentally releasing personal information of an undisclosed number of its customers to third-party suppliers. The firm confirmed last month that “human error” was behind the data breach. It has not said how many customers were affected, nor what personal…
Category: Subcontractor
UK: Anonymous hacker claims to have stolen the NHS medical records of 1.2million Brits
Shaun Wooler reports: A computer geek with alleged links to global hacking group Anonymous has stolen patient data from an NHS appointment booking system. The crook breached a private contractor’s security to access a database containing confidential records on up to 1.2million people. SwiftQueue is paid by eight NHS trusts to manage a website, through…
US Voting Machine Supplier Leaks 1.8 Million Chicago Voter Records
Dell Cameron reports: A leading US supplier of voting machines confirmed on Thursday that it exposed the personal information of more than 1.8 million Illinois residents. State authorities and the Federal Bureau of Investigation were alerted this week to a major data leak exposing the names, addresses, dates of birth, partial Social Security numbers, and…
Surgical Dermatology Group notifies patients after TekLinks hacked
From their web site: On June 7, 2017, Surgical Dermatology Group in Birmingham, Alabama (“SDG”) received notice from its cloud hosting and server management provider, TekLinks, Inc., of a security breach at its Birmingham facility that hosts our server. We immediately initiated an investigation and learned that external hackers had gained access to our server…
AU: Blood Service escapes penalties in data breach investigation
Allie Coyne reports: The Australian Red Cross Blood Service and its website contractor have escaped penalties from the country’s privacy watchdog over a 2016 data breach that exposed the data of 550,000 donors. In late October last year the Blood Service revealed its website partner Precedent had inadvertently exposed a 1.74GB database backup containing 1.28 million…
CNIL Fines Rental Car Company for Data Security Failure Attributable to Third-Party Service Provider
Hunton & Williams explain: On July 27, 2017, the French Data Protection Authority (“CNIL”) imposed a fine of €40,000 on a French affiliate of the rental car company, The Hertz Corporation, for failure to ensure the security of website users’ personal data. On October 15, 2016, the CNIL was informed of the existence of a…