Privacy Advisor

Breach Headlines Abound As Incidents Reported, Actions Announced

December 3, 2013

By Jennifer L. Saunders, CIPP/US

Across the globe, reports of data breaches—and the outcomes of past data loss incidents—continue to make headlines.

In the U.S., the University of Washington Medical Center and its Harborview Medical Center have experienced a breach exposing 90,000 patients' personal information, including Social Security numbers, and a breach at Arizona’s Maricopa County Community College District has cost the district millions. The district “is notifying nearly 2.5 million students, former students, employees and vendors that hackers may have compromised their personal information in a data breach” through a weak computer defense system, SC Magazine reports.

Over the weekend, Vodafone Iceland’s “website was attacked and customer data information, including SMS messages, were leaked to the public,” according to a ZDNet report, with the website “defaced by attackers and subsequently taken offline” on November 30.

The next day, the company confirmed via its Facebook page that “confidential customer data had, in fact, been accessed by the attackers,” the report states, noting a Turkish hacktivist group has claimed responsibility.

In New Zealand, the Office of the Privacy Commissioner’s annual report has indicated that number of data breach notifications there has “more than doubled in the year ended 30 June 2013 to 107, with three quarters of the breaches notified coming from the public sector,” ZDNet reports, noting the while the most common breach is “the sending of physical information to the wrong person … electronic data breaches of various kinds are now much more common overall than physical breaches.”

The Australian Broadcasting Corporation (ABC) has referred an investigation into salary disclosures to the Office of the Privacy Commissioner, The Australian has reported. ABC Managing Director Mark Scott said an internal investigation revealed an e-mail was "inadvertently sent to the office of a South Australian Member of Parliament in October last year in response to a request under the Freedom of Information Act … The ABC is notifying the privacy commissioner of the matter and the steps being taken in response."

Meanwhile, in the UK, Cardiff Council in Wales accidentally sent 80,000 residents’ voting data to incorrect addresses across the city, and The Royal Borough has signed an undertaking with the UK Information Commissioner’s Office after it erroneously published a spreadsheet with details on 257 employees to its intranet.

In other breach outcomes, Symantec “once again succeeded in persuading a California judge to toss a proposed class action accusing it of hiding a software vulnerability that left its customers open to cyberattacks,” Law360 reports, while in Ireland, the Office of the Data Protection Commissioner is requiring Eircom, Vodafone, 02 and Meteor to pay “a combined €48,000 in fines and charitable donations after admitting to a litany of legal breaches,” Irish Independent reports.

Read more by Jen Saunders:
Roundup: October Shaping Up To Be the Month of Innumerable Breaches
Clapper Offers NSA Explanations; Criticism, Concerns Abound
Roundup: NSA, UK Fallout Persists
NSA and Legislative Breach Implications, New Breach Announcements: A Roundup