Reid Southwick reports: Alberta’s health authority is apologizing for a major privacy breach after a staffer at Alberta Children’s Hospital inappropriately accessed nearly 250 patient files over a 14-year period. Alberta Health Services noticed the breach during audits of two patient databases, finding the same staff member had accessed personal information of hundreds of patients,…
Huge Data Leak at Largest U.S. Bond Insurer
Brian Krebs writes: On Monday, KrebsOnSecurity notified the Municipal Bond Insurance Association — the nation’s largest bond insurer — that a misconfiguration in a company Web server had exposed countless customer account numbers, balances and other sensitive data. Much of the information had been indexed by search engines, including a page listing administrative credentials that attackers could use to…
Update to AT&T insider breach
Mainstream media has now caught up with the AT&T insider breach I reported on October 3. Reuters reports that 1,600 customers have been notified of the potential compromise of their information.
The growing problem of identity theft and mandatory breach notification
Éloïse Gratton writes: Last spring I was invited to testify and present with Dr. Avner Levin before the Standing Committee on Access to Information, Privacy and Ethics, House of Commons, in the context of their study conducted on the “Growing Problem of Identity Theft and its Economic Impact“. I discussed why there are no real incentives for Canadian businesses…
Why would you let people register their information on your site if you suspect you’ve been hacked?
“WhoComplies” sends along word of his frustrating experience dealing with his child’s apartment complex in California. The complex is owned and operated by Essex Property Trust. Essex is a real estate investment trust (REIT) that acquires, develops, redevelops, and manages 140 multifamily apartment communities in California and Washington. To make monthly rent payments, WhoComplies decided to…
Unencrypted laptop stolen from Community Technology Alliance
Adam Greenberg reports: California-based Community Technology Alliance (CTA) is notifying more than a thousand individuals that their personal information – including Social Security numbers – was on an unencrypted, password protected laptop that was stolen. How many victims? 1,177, Jen Padgett, CEO of CTA, told SCMagazine.com in a Friday email correspondence. What type of personal information? Names and Social…