At a glance.
- UK's ICO opens probe of Barclays' employee monitoring practices.
- ProctorU acknowledges data breach.
- Medical center affected by Blackbaud breach.
Keeping an eye on how Barclays keeps an eye on its employees.
The Information Commissioner's Office (ICO), the UK's principal privacy enforcement agency, has opened an inquiry into how Barclays monitored employee activities. Reuters reports that the ICO confirmed yesterday that it was looking into the financial services firm's use of Sapience, a tool designed to give organizations “insights into [employees'] work patterns” by keeping track of how they use their computers. Earlier this year Barclays said it would use only anonymized data after employees objected to the monitoring. An ICO spokesman framed the issue as a matter of transparency and informed consent. “People expect that they can keep their personal lives private and that they are also entitled to a degree of privacy in the workplace. If organisations wish to monitor their employees, they should be clear about its purpose and that it brings real benefits. Organisations also need to make employees aware of the nature, extent and reasons for any monitoring."
Exam proctoring service confirms data breach.
ProctorU, an online examination proctoring service whose business has achieved greater importance in schools and universities with the rise of distance learning, has acknowledged that it sustained a data breach. BleepingComputer reports that the company has confirmed that on July 27th a database of some 440,000 records was released on a hackers' forum. ProctorU, which says it's investigating, reports that the data were from accounts created in 2014, but BleepingComputer says it's found evidence that accounts from 2012, 2013, 2014, 2015, and 2017 also turned up in the database. A few of the institutions whose email domains showed up in the data were Northern Virginia Community College, UCLA, Princeton, the University of Texas, Harvard, Yale, Syracuse University, Columbia, and the University of California Davis. ProctorU says it believes that credit cards and other financial information were not compromised in the incident. A screenshot BleepingComputer provides suggests the ShinyHunters were the criminal group responsible.
Blackbaud breach claims another victim, this one in healthcare.
Hackensack Meridian Health, which operates a number of hospitals in Bergen County, New Jersey (directly across the Hudson River from New York City), has warned donors that their personal information may have been compromised in the Blackbaud breach. No credit cards or other financial data are believed to have been exposed, Northjersey.com says.