Major data incidents and large penalty for data privacy violation
08.06.2023Back to news
The time has come to reveal details on a few major recent data related incidents.
A massive data leak affected Nova Scotia’s healthcare sector. As it was reported, the incident happened because of MOVEit file transfer application vulnerability. Data on at least 100,000 employees was leaked.
As the result of the incident, the following data was stolen:
• Social Insurance numbers
• Banking information.
Recently the FTC ordered Microsoft corporation to pay a large $ 20 mln fine for major incompliance. The company violated personal data regulations and illicitly collected and kept children’s data. As it was stated by the regulator representatives, the company violated COPPA act. Children had to share their personal data, such as email address, phone number and date of birth when registering an account on Microsoft Xbox game service. The prosecution believes that Microsoft collected the children’s data without parental consent and saved this data even in case a parent stopped the creation of an account. Besides the requirement to pay the fine, the corporation was obliged to notify parents and obtain their consent to the activity of accounts created before May 2021 and install new systems to remove children's personal information.
Another incident affected a school in the USA. As it was reported, a local obtained piles of school documents left on the street and notified law enforcements. As it was reported, the documents included: report cards, completed field trip forms, parent phone numbers, and students' personal information. It’s not clear yet, how the documents ended up in the street, however, it should be mentioned, that it’s of crucial importance not to forget to appropriately dispose paper based confidential documents. Indisputably, it’s not allowed to simply throw unshredded document to a trash bin.