Data breach

15 Sep 2020
In mid-September, “human error” led Public Health Wales to post the personal data of all 18,000-odd Welsh residents who tested positive for COVID-19 between the end of February and the end of August to a public server, where for about 20 hours it was readily searchable by any visitor to the site
20 May 2020
The outsourcing company Serco, which the UK government has contracted to perform contact tracing, accidentally shared the email addresses of almost 300 of the contact tracers it hired when a staff member sent an introductory email and used CC rather than blind CC. Serco does not intend to refer
01 May 2020
As the first confirmed coronavirus case in Pakistan, Yahyah Jaffery became a pariah after his identity, photograph, and home address were leaked on social media. Similar leaks about dozens of other patients and medical staff followed. The contact tracing system being used for coronavirus was
02 May 2020
A security lapse exposed one of the core databases of the coronavirus self-test symptom checker app launched by India's largest cellphone network, Jio, shortly before the government lockdown began in late March. The database, which had no password protection and contained millions of logs and
11 May 2020
The Indian state of Madhya Pradesh created a COVID-19 dashboard that displayed the names of at least 5,400 quarantined people, their device IDs and names, their OS version, app version codes, current GPS coordinates, and office GPS coordinates. Shortly after the dashboard's existence was posted on
25 Jan 2019
In January 2019 the UK's Information Commissioner's Office announced it was investigating an incident in which the food service company Deliveroo reported that some of its customers had complained they were charged up to £1,000 for orders they had not placed. Customers have used social media to
15 Nov 2018
In November 2018, a report by the consultancy Privacy Company, on behalf of the Dutch Ministry of Justice, found that Microsoft could be breaking European data collection rules because its Office software was collecting large amounts of personal data including email subject lines and snippets of
20 Feb 2019
In February 2019, an anonymous tip-off to Computer Sweden revealed that a database containing recordings of 170,000 hours of calls made to the Vårdguiden 1177 non-emergency healthcare advice line was left without encryption or password protection on an open web server provided by Voice Integrate
31 Jan 2019
In January 2019, researchers reported finding two huge data dumps. Collection #1 contained passwords and usernames relating to nearly 773 million email addresses spread across about 2.7 spreadsheet rows in 12,000 files. Collection #2.5 contained 845GB of data and more than 25 billion records that
27 Nov 2018
In November 2018 the UK Information Commissioner's Office fined Uber's European operation £385,000 for inadequate security that permitted a November 2016 data breach affecting nearly 3 million British users and 82,000 drivers. In the 2016 breach, attackers obtained credentials that allowed them to
28 Dec 2018
A November 2018 breach of a government-funded resettlement agency's database in South Korea allowed hackers, believed to be North Korean state security officials, to copy the personal information belonging to 997 North Koreans living in South Korea. Escaping to South Korea is considered an act of
In January 2019, the security researcher Justin Paine discovered that the California-based voice over IP provider Voipo had left exposed an unprotected database containing tens of gigabytes of call logs, other internal documents, and customer text messages, including password resets and two-factor
14 Dec 2018
In December 2018 Facebook revealed that over a 12-day period in September a software bug may have wrongly allowed about 1,500 third-party apps to access 6.8 million users' photos, including some that people began uploading to the social network but didn't go on to finish posting. EPIC executive
07 Feb 2019
In February 2019, publicity led the gay dating app Jack'd, which claimed to have more than 5 million users and was ranked among the top four gay social apps on both Apple and Android, to close a security flaw that meant that photos users uploaded to share in private chat sessions were accessible to
04 Apr 2019
The Five Star Movement, a populist party, which is currently in power along with the League in Italy initially grew out of Il Blog delle Stelle (formerly Beppe Grillo’s blog). The Five Star Movement was founded by comedian Beppe Grillo, along with Gianroberto Casaleggio, a web strategist in 2009. As
25 Aug 2018
By the time T-Mobile announced in August 2018 that a data breach had compromised customers' names, billing zip codes, email addresses, account numbers, account types, phone numbers, and some hashed passwords, the most crucial of these had become phone numbers. Never intended as identifiers, phone