Mario Casayuran reports: Minority Senator Francis N. Pangilinan raised on Wednesday espionage and data privacy questions on the entry of third telecommunications company (telco), Dito Telecommunity Corporation, a consortium which includes a China-owned company, into the Philippine communications industry after it was a given a tentative agreement to install towers inside Philippine military camps. Read…
Ca: No answers on Fort Simpson dump breach until 2020 due to privacy breach backlog
Hilary Bird reports: Almost a year after boxes of personal medical records were found at the Fort Simpson dump, the Northwest Territories Information and Privacy Commissioner hasn’t had time to investigate the breach. A spokesperson for Elaine Keenan-Bengts’ office says that because of a backlog, the commissioner won’t be able to look into the incident…
UK Info Commish quietly urged court to swat away 100k Morrisons data breach sueball
Gareth Corfield reports: The UK’s Information Commissioner urged the Court of Appeal to side with Morrisons in the supermarket’s battle to avoid liability for the theft and leaking of nearly 100,000 employees’ payroll details – despite not having read the employees’ legal arguments. A letter (PDF) sent to the Court of Appeal in May 2018…
Prank Call Service PrankDial Exposed 138 Million Records Online
Jeremiah Fowler reports: On October 28th I discovered a non-password protected database that contained millions of log files. Upon further research, the records all contained information that identified PrankDial.com as the owner of the data. I immediately sent a responsible disclosure notice and the database was closed for public access shortly after. According to their…
Analyzing Careless Users, An Often Overlooked Threat
Many have written about how to mitigate the risks posed by malicious insiders. But what about the vulnerabilities associated with Careless Users? What actions can healthcare organizations take to better prevent a breach caused by internal negligence? The Clearwater CyberIntelligence® Institute analyzed the Critical and High risks found in Clearwater’s IRM|Analysis™ database, specifically focusing on…
The University of North Carolina- Chapel Hill School of Medicine Notifying Patients After 2018 Phishing Incident
Some readers may have trouble accessing a notice from the School of Medicine at the University of North Carolina — Chapel Hill due to an issue with Chrome, so I’m embedding the whole notification below. TL;DR version: some employees fell for a phishing attack and their email accounts may have been accessed between May 17,…