Bad time for data breahces.
Vodafone (Australia) has reported what appears to be an insider breach, terminating an undisclosed number of staff after weekend reports that unauthorised parties obtained log-in details to the telco’s customer database. Criminal groups were reportedly paying for Vodafone customer information, while other people used the database to “check their spouses’ communications”, according to the initial news reports. Police have been brought into the investigation. http://www.itnews.com.au/News/244672,vodafone-sacks-staff-over-alleged-security-breach.aspx
Freedom of Information requests sent by the Yorkshire Post to public organisations revealed a number of serious data breaches, including a doctor accessing a colleague’s medical records at a hospital, a cleaner at a Rotherham hospital viewing a friend’s private medical files, and a receptionist at a hospital in Sheffield, who collected patients’ personal contact records and used them for a second job as a market researcher. http://www.kable.co.uk/yorkshire-nhs-police-personal-data-breaches-12jan11
Oh those pesky insiders. When will they learn?
Also, over the last 2 months, 3 American universities have been cleaning up after data breaches. The largest at Ohio State University affects 760,000 people. The University of Wisconsin-Madison’s involved 60,000 people, and a St. Louis University breach affected staff members. During a “routine” IT security review, Ohio State discovered that unauthorized people had logged onto a server that contained information on current and former faculty, students and staff, applicants, and others with university ties. http://campustechnology.com/articles/2011/01/12/3-universities-knocked-by-security-breaches.aspx