Collaborate Disseminate
Jagmeet Singh reports: Rapido, a popular ride-hailing platform in India, has fixed a security issue that exposed personal information associated with its users and drivers, TechCrunch has exclusively learned. The flaw, discovered by security researcher… Continue reading No need to hack when it’s leaking: Rapido edition
The hacker and forum owner known as “IntelBroker” announced that he and others breached Cisco systems and obtained source code and other valuable information. In a forum post where they offered “partial Cisco” data, they admit t… Continue reading No need to hack when it’s leaking: Cisco edition
How many patient data breaches can a covered entity have before HHS OCR opens a serious investigation into their compliance with the HIPAA Security Rule? According to DataBreaches’ count, UT Southwestern Medical Center in Texas has disclosed at l… Continue reading UT Southwestern Medical Center has disclosed at least four breaches since July 2023. Is HHS investigating?
Jeremiah Fowler discovered a non-password-protected database that contained more than 4.8 million records belonging to Care1 — a Canadian company offering AI software solutions to support optometrists in delivering enhanced patient care: The publicly e… Continue reading No need to hack when it’s leaking, Canadian edition: Care1
December 9 enforcement action by the Privacy Commission of Hong Kong: Data Breach Incident of the Electrical and Mechanical Services Department (EMSD) The investigation arose from a data breach notification submitted by the EMSD to the PCPD on 1 May 20… Continue reading Hong Kong Privacy Commissioner’s Office Publishes Investigation Findings on the Electrical and Mechanical Services Department Data Breach
The following announcement by HHS OCR stems from an accidental exposure of protected health information online that continued for several years. Inmediata’s incident resulted in a class action lawsuit that was settled for $1.1 million in 2022, an… Continue reading HHS OCR settles charges that Inmediata Health Group exposed 1.6 million patients’ PHI online
Express Employment Professionals (“Express Pros“) describes itself as a leading staffing agency in the U.S., “specializing in matching job seekers with the best jobs for their skills and experience.” Express Pros is the flagship… Continue reading Express Services disclosed a data breach. One month later, they learned they had a second data security problem.
DataBreaches hates reporting on an incident when the entity has not yet secured misconfigured storage, but after four months of futile efforts to get a Canadian clinic to respond to responsible disclosures, maybe publication will help get them off the … Continue reading Bolton Walk-In Clinic in Ontario: lock down your backup already!
Jeremiah Fowler reports finding another exposed database with a lot of personal information. This one may belong to SL Data Services, LLC, though Fowler notes that the folders inside it were named with separate website domains. “It appears that t… Continue reading Over 600,000 Records, Including Background Checks, Vehicle, and Property Records Exposed Online: SL Data Services/Propertyrec
A financial penalty of $10,000 was imposed and directions were issued to HMI Institute of Health Science for failing to put in place reasonable security arrangements to protect the personal data of former students. Case No. DP-2405-C2321 HMI Institute … Continue reading PDPC: Breach of the Protection Obligation by HMI Institute of Health Science