From the Information Commissioner’s Office, this press release: The Independent Inquiry into Child Sexual Abuse (IICSA) has been fined £200,000 by the Information Commissioner’s Office(ICO) after sending a bulk email that identified possible victims of non-recent child sexual abuse. The Inquiry, set up in 2014 to investigate the extent to which institutions failed to protect…
Telefonica breach exposes personal data of ‘millions’ of customers
Carly Page reports: Spanish operator Telefonica has suffered a security breach that exposed the personal data of millions of customers. The breach allowed anyone to access the billing data of other customers, according to a report at El Espanol, which noted that the incident is similar to a serious failure that hit Spain’s system in July…
Sunspire Health notifying patients after employee email accounts accessed in phishing attack
Joseph Goedert reports: Sunspire Health, a nationwide network of addiction treatment facilities, is notifying an undisclosed number of individuals and offering them credit and identity monitoring services after several employee email accounts were accessed in a phishing attack. While the size of the Sunspire attack is not yet publicly known, the incident soon will be…
Thousands of patient records held for ransom in Ontario home care data breach, attackers claim
Matthew Braga, Lori Ward, Andrew Culbert report: The detailed medical histories and contact information of possibly tens of thousands of home-care patients in Ontario are allegedly being held for ransom by thieves who recently raided the computer systems of a health-care provider. CarePartners, which provides home medical care services on behalf of the Ontario government,…
Thousands of Mega logins dumped online, exposing user files
Zack Whittaker reports: Thousands of credentials for accounts associated with New Zealand-based file storage service Mega have been published online, ZDNet has learned. The text file contains over 15,500 usernames, passwords, and files names, indicating that each account had been improperly accessed and file names scraped. Patrick Wardle, chief research officer and co-founder at Digita…
Pennsylvania birth certificate system hacked; no records stolen
Steve Esack reports: The Pennsylvania Department of Health’s birth certificate system was shut down for nearly a week last month after someone hacked into an internal website but did not take or alter citizens records, a government spokesman said Friday. An investigation is continuing into the hack, said Dan Egan, spokesman for the Office of…