The City College of San Francisco is notifying some students after an employee responded to a phishing scam. As the college explains in a letter from Jay Field, Chief Technology Officer: On April 15, 2016, we learned that an employee had responded to a “phishing” email thinking that it was a legitimate request. When we learned of this, we…
Imperial Valley Family Care Medical Group notifies patients after office burglary
From a notice on Imperial Valley Family Care Medical Group‘s web site, dated May 11, 2016: We are providing this public notice to you as part of Imperial Valley Family Care Medical Group’s commitment to patient privacy. We take patient privacy very seriously, and it is important to us that you are made fully aware of…
Ca: Snooping privacy breach at Joseph Brant Hospital leaves more questions than answers
Joanna Frketich reports: Oliver Rodd was in crisis in the emergency department when a nurse at Joseph Brant Hospital snooped in his electronic patient record. The snooper was on the surgical floor where his girlfriend worked, looking at private information containing details about the 57-year-old Burlington man’s anxiety, depression and suicidal thoughts. “Somebody hacked into…
Privacy commissioner closes door on Corner Brook privacy breach
Mistakes happen, and not every incident should result in a regulator investigation or smackdown. Cory Hurly provides a useful example of that: Given there was no complaint from anybody potentially impacted by an inadvertent release of documents on the City of Corner Brook’s website, the Office of the Privacy Commissioner has all but closed the file. Sean Murray,…
Talentbuddy.co / Talentguide.co Database Exposed, Company Reacts Swiftly
Another day, another misconfigured MongoDB database installation. This one, uncovered by RiskBased Security, involved Udemy‘s Talentbuddy.co. RBS writes: In total, there have been 38,791 users accounts from the talentbuddy.co website and a further 22,761 users from the Talentguide.co website exposed, with usernames, email addresses, passwords, Linkedin profile information, and other site-related information such as registration dates,…
Nulled.io crime forum breach could cause a world of pain for members
Dan Goodin reports: A website that openly facilitated the brokering of compromised passwords, stolen bitcoins, and other sensitive data has been hacked, exposing login data, IP addresses, e-mail addresses, purchase histories, and private messages for some 500,000 members. Nulled.io, a hacker forum that used the tagline “expect the unexpected,” was compromised earlier this month in…