OneTrust DataGuidance reports: The Turkish data protection authority (‘KVKK’) announced, on 18 August 2020, a data breach suffered by Rezzan Günday (Şimşek Pharmacy). In particular, the KVKK highlighted that the breach resulted from the misconduct of a former employee and involved obtaining the identification numbers of patients and transferring them to another pharmacy without their knowledge in order to provide…
Turkey: KVKK announces Kariyer.net data breach
OneTrust DataGuidance reports: The Turkish data protection authority (‘KVKK’) announced, on 18 August 2020, a data breach suffered by Kariyer.net Elektronik Yayıncılık ve İletişim Hiz. Inc. In particular, the KVKK highlighted that the breach was detected by a consultant serving as a supplier to Kariyer.net on 12 August 2020 and was communicated to an employee of Kariyer.net informing them that a file…
Japan: Mitsukoshi and MI Card announce data breach affecting approximately 19,000 customers
OneTrust Data Guidance reports: Isetan Mitsukoshi Co., Ltd and MI Card Co., Ltd announced, on 5 August 2020, that they had suffered a data breach affecting approximately 19,000 customers as a result of unauthorised access. In particular, MI Card noted that the data breach occurred on the Isetan Mitsukoshi Online Store as well as MI Card’s homepage. In…
AU: HealthEngine ordered to pay $2.9m for ‘misleading conduct’
Matt Woodley reports: The settlement saw HealthEngine admit to providing non-clinical personal information – such as names, dates of birth, phone numbers and email addresses – to nine different third-party private health insurance brokers without properly informing consumers. This arrangement earned the online medical booking platform more than $1.8 million over a period of four…
Ca: London Police snooped on personal health data 10,475 times in 4 months
Colin Butler reports: The London Police Service used a provincial database containing the personal health records of people who tested positive for COVID-19 at one of the highest rates in Ontario, snooping on private medical information 10,475 times between April and July. Law enforcement gained the unprecedented power to access people’s personal medical information when the database…
Uber Exec Allegedly Concealed 2016 Hack With $100K BTC ‘Bug Bounty’ Pay-Off
Turner Wright reports: Joseph Sullivan, a former Chief Security Officer at Uber, allegedly tried to cover up a 2016 hack of sensitive data by funneling a hush money payment of $100,000 in Bitcoin through a bug bounty program. The hackers had obtained the drivers’ license numbers of roughly 600,000 Uber drivers as well as private…