Healthcare app, college students' data and other leaks

06.08.2020

Back to news

LogBox, South African app for patients, which was developed to ensure safe information exchange between patients and doctors, was breached a month ago. An exposed database was found by a security researcher who saw thousands of account access tokens belonging to the app users. Such news is taking a sharper turn now as the POPIA has recently came into effect.

Patient COVID-19 results keep being sent to wrong addresses by mistake. NHS Orkney faces the third data breach which impacts patients’ privacy. Personal information on staff travelling were dispatched to a journalist, a local business received a number of test results which were not to be mailed there. Another letter has recently popped up in the mail box of a wrong patient.


Learn more about personal data protection


Delhi University might face consequences of a major privacy issue affecting data of each and every DU student. The official website of the university exposed admit cards of the students. The problem is in the gateway password which allows anyone to access records of all those studying at Delhi University college as each college has a single password. An exam roll number, name and this gateway password should be entered to read the student details, making it simple to read also the information about anyone in the college whose name you know as roll numbers are also available from the previous semester. Students’ addresses, phones, emails, course and student type details appeared to be easily accessible.The college code is also a weak spot in the DU security, it repeats the gateway password. Moreover, college codes of Delhi University are publicly available.

Telkomsel employee stole the personal data of a local celebrity – the telco is the state-owned company based in Indonesia. The staffer was working in the office in East Java. He could access the personal information of the company’s clients. The violator made a photo of the person’s data and posted it on Twitter. The accusations were brought under Electronic Information and Transaction (ITE) Law. Telkomsel detected unauthorised access, as Telkomsel’s Grapari office has limited rights to the company’s server, and the violator was an outsourced employee working there.