Following up on the Hull Royal Infirmary and Castle Hill Hospital incident: Dan Raywood quotes a hospital spokesperson who indicates that the doctor had emailed the data to himself. It seems that while the hospital had controls in place to prevent downloading data, its controls to prevent emailing data were not adequate to prevent this…
Sydney Festival in privacy glitch
Luke Hopewell reports: Organisers behind the annual Sydney Festival have inadvertently committed a privacy breach by sending an email to users that displayed the contents of its mailing list. The email contains the email addresses of around 130 people who registered for a festival mailing list, some from government departments, Sony Music, JP Morgan and…
NSW Privacy Commissioner investigates University of Sydney data breach
Ben Grubb reports: NSW acting privacy commissioner John McAteer today said that his office was “examining” a data breach through which the detailed records of thousands of University of Sydney students past and present were leaked. The records were being stored online where they could be downloaded easily and read via an internet connection. It…
(follow-up) Woman who victimized 50 people pleads guilty to 140 financial fraud charges
Minna Sugimoto reports: A Kailua woman accused of going on shopping sprees after stealing the identities of nearly 50 people pleaded guilty to 140 financial fraud charges Wednesday. With sunglasses hanging from her prison jumpsuit, a former beauty queen took center stage to admit that she led a lavish lifestyle at the expense of nearly…
E-mails containing malware sent to businesses concerning their online job postings
From the Internet Crime Complaint Center (IC3): Recent FBI analysis reveals that cyber criminals engaging in ACH/wire transfer fraud have targeted businesses by responding via e-mail to employment opportunities posted online. Recently, more than $150,000 was stolen from a US business via unauthorized wire transfer as a result of an e-mail the business received that contained malware. The…
Ingenix discovers it may have been exposing health service providers’ SSNs for up to 5 years
This is one of those breaches where I really don’t blame the company, which in this case is Minnesota-based Ingenix. Ingenix provides web-based lookups so that patients can find providers in their area covered by their health plan. The provider data Ingenix uses is provided by the health plans or preferred provider plans themselves. Ingenix…