Dennis Thompson Jr. reports: A thumb drive turned up in Madras containing confidential payroll information for nearly 550 Oregon Department of Corrections employees — a security breach that potentially affects as many as one in 10 DOC employees. A member of the public who came into possession of the flash drive notified the agency on…
UK: Labour forum leaks email addresses
John Leyden reports: Basic design flaws on a Labour party members forum exposed the email addresses of users to harvesting. Surfers who register through the site http://members.labour.org.uk were invited to confirm their membership, and activate their account, by clicking on the link in an email sent to a specified account. The email follows the form…
Starbucks’ iPhone barcode app easily scammed by screengrab
Bill Ray reports: Someone has noticed that the Starbucks’ iPhone application can be copied with a screen grab from a neglected handset, enabling the thief to gorge themselves on free coffee. The payment system relies on reading a bar code from the iPhone’s screen, identifying the customer and debiting their account. But the barcode doesn’t…
UK: NHS research system could breach patient confidentiality
The same issues raised in the U.S. about meaningful use, anonymization and the risk of identification are being raised in the UK, it seems. Kathleen Hall reports: Medical experts have hit out against an NHS computer system which gives researchers access to patient information without their consent. The Secondary Uses Service (SUS) system gives commercial and…
Ca: Breach of privacy penalties raises questions for commissioner
A breach that was first disclosed last week did not affect a huge number of people but has generated a lot of criticism about the disclosure process and how the employee involved in the breach was handled. Norm Park reports on the frustration that the public is not provided more information about the breach and…
Ie: Data breach at RecruitIreland.com
Aoife Carr reports that Gardai are investigating a security breach involving the recruitment website RecruitIreland.com: It is thought that names and e-mail addresses of those registered with the site were accessed for spamming purposes. The site was shut down yesterday afternoon when the breach was noticed….. CVs, usernames and passwords are not thought to have…