Stolen Laptop Leads Breach Roundup
Patient Info on Laptop; Phone Provider Leaked Account InfoIn this week's breach roundup, a hospital is notifying 30,000 patients over a stolen, unencrypted laptop, and an Australian phone provider breach exposed information on 734,000 customers.
See Also: 2019 Internet Security Threat Report
Stolen Laptop Affects 30,000 Patients
The University of Texas MD Anderson Cancer Center is notifying 30,000 patients of a data breach after an unencrypted laptop was stolen from a faculty member's home. According to a notice posted on MD Anderson's website, the laptop was stolen on April 30. The Houston-based organization was notified about the incident on May 1. The cancer center then contacted outside forensics experts and began an investigation to find out what data was contained on the laptop.
Information that may have been on the laptop includes patient names, medical record numbers, treatments, research information, and in some instances Social Security numbers, the notice explained.
Australian Phone Provider Failed to Protect Accounts
According to the Australian Privacy Commissioner, Australian phone provider Telstra failed to protect the personal information of about 734,000 customers. According to a release posted on the commissioner's website, names, addresses, usernames and passwords were accessible via a link available on the Internet.
"We are most concerned about the length of time - more than eight months - during which a significant number of Telstra customers' personal information was publicly available and accessible," Richard Bean, acting Australian Communications and Media Authority chairman, said in the statement.
ACMA is considering its formal enforcement response.
Israeli E-mails, Passwords Posted
Hundreds of Israeli e-mail addresses and passwords were posted on the website for Anonymous Arab. According to Haaretz, an Israeli newspaper, most of the e-mails are active accounts.
It's unclear which website was breached to obtain the credentials, but according to the article, most of the accounts seem to come from "cosmetics, hairdressing and alternative therapies" sites.
Gaming Company Ubisoft Suffers Privacy Breach
According to the gaming site ZoKnowsGaming.com, Ubisoft, in promoting its upcoming videogame title Watch Dogs, sent an e-mail to registered users of its website with thousands of users' e-mails included in the CC field.
The gaming site explains not everyone on the list received the e-mail addresses in the CC field. Ubisoft has not acknowledged the breach on its website.