CHOICE membership

Some more Data Breaches of 2016, 2017, 2018 & 2019


#22

an emergency call centre has been set up to handle customer enquiries, including the Takata recall.

It comes after reports hackers broke into the medical files at Melbourne Heart Group, a tenant at the Cabrini Hospital, and demanded a ransom after scrambling the data of about 15,000 patients.

The Melbourne Heart Group confirmed it had been unable to access patient data for weeks,

What, no backups? :scream:


#23

A few more huge lists of data have found in the public internet. One contains about 2.2 billion accounts/email addresses and has been labeled Collection #2 which is a follow on from the nearly 800 million in Collections #1 (the Collections listings are also growing https://www.troyhunt.com/the-race-to-the-bottom-of-credential-stuffing-lists-and-collections-2-through-5-and-more/).

Another one includes nearly 800 million publicly listed details from an unsecured database that includes/included dates of birth, phone numbers among other information including email addresses of people from a company that is called “Verifications.io” (archived site which is still available). This company provides a service which allows subscribers to upload lists of email addresses to validate them (see https://securitydiscovery.com/800-million-emails-leaked-online-by-email-verification-service/ & now haveIbeenpwned now lists it).

All the privacy policies that businesses have tell us how they will protect our information and then you get failures to adequately secure what they require you to provide…it becomes almost laughable (if it wasn’t so serious).


#24

It seems to have become the default position to obtain your personal information whether websites need it or not. It is impossible to get past the landing page on some websites without registering and providing your details.

We were looking to provide a room for uni student accommodation. We contacted a large Australian organisation that does this to ask if what we had was suitable. They would not provide an answer unless we registered, so we had a look at the online form they had on their website. The questionnaire was quite intrusive, and asked for details they had no need to ever need to know. They also wanted our bank details, drivers licence numbers, etc, etc. And they weren’t using https either.

I rang their local director to discuss this overreach of data collection at just the early inquiry stage. I was told that they would not proceed without this information. So I asked about the security of their data and their facility. The director told me that within their organisation access to the data was restricted on a need to know basis. When I asked whether the data was encrypted, or and what security there was on the data servers, she repeated the previous statement. In other words there was no security and our enquiry about letting the room stopped then and there.

I can understand that at some point it may be necessary for sites to get your details such as if you are actually buying stuff, but I disagree with that data collection as a ‘toll’ you have to pay to just to get onto the site or get a $ price.

I think there is a need to extend data privacy laws to restrict personal information collection by businesses and web sites to a verifiable needs basis.

Perhaps with less unnecessary data collection, there wouldn’t be so many breaches and/or the quantum of data stolen would be significantly smaller?


split this topic #25

A post was split to a new topic: Katmandu significant data breach - credit card details potentially accessed


#26

This one has been transferred to its own thread due to the significance of the breach.


#28

I have encountered a recruitment firm that was extremely intrusive in the amount of information they wanted from me as a job applicant. I told them no, and walked away. They were asking for information before they had any position that suited me!


#29

I had a similar experience - I had to ‘prove who I was’ to establish an account, by giving them information I am sure they had no legal means to verify, like driver licence number etc - this was all so I could do an online combined psych/aptitude test. I questioned them on whether any professionals were involved in the interpretation of the results and was told it’s all done by the software … no thanks …