At a glance.
- Adafruit ex-employee exposes customer data in GitHub repo.
- Canadian military data inadvertently exposed by class-action company.
- US school district hit with ransomware.
US school district hit with ransomware.
Fleetwood Area School District, located in the US state of Pennsylvania, on Friday disclosed that it suffered a ransomware attack last week. WFMZ.com reports that student families and staff experienced technical difficulties on Wednesday, which Superintendent Greg Miller has now explained were the result of the attack. Details are few, but Miller says that fortunately student and financial data were not impacted by the incident because they are stored off-site. The district is cooperating with local law enforcement and the Federal Bureau of Investigation to determine exactly what happened.
Canadian military data inadvertently exposed by class-action company.
Epiq Class Action Services Canada, the company handling a $900 million class-action settlement between the Canadian government and military members who experienced sexual misconduct, has admitted that claimant data was inadvertently compromised. Last month veteran Amy Green received the names, email addresses, and claim numbers of about forty other claimants, and shortly after Epiq admitted it had accidentally sent out "limited information" of ninety-one individuals who had applied for compensation in the settlement. Now a second veteran has come forward stating that she also received the personal data of fellow claimants. The Department of National Defence and lawyer Jonathan Ptak, who represents some of the claimants in the settlement, said Epiq has now admitted to three separate privacy breaches. "We are aware of the two incidents of inadvertent disclosures that affected ninety-one class members which were reported about earlier in February and have just been made aware of an additional inadvertent disclosure involving one class member," Ptak told CBC. Epiq has notified the privacy commissioner and an investigation is underway. "Even as our investigation remains ongoing, we are communicating directly with our clients, notifying claimants we confirm have been affected, and have implemented additional enhancements to existing processes," said Angela Hoidas, Epiq’s vice-president of marketing and communications. Meanwhile, the claimants worry about the security of their personal information. "They just want to pretend like it never happened," said Green. "How many people are affected?”
Adafruit ex-employee exposes customer data in GitHub rep.
Open-source hardware company Adafruit has disclosed that a publicly accessible GitHub contained the private information of some of its customers. The repository belonged to a former Adafruit employee who was using real customer information, instead of fake staging data, for training and data analysis operations. The compromised data includes the names, email addresses, shipping and billing addresses, and order details of customers on or before 2019. Upon detection of the leak, Adafruit worked with the ex-employee to delete the repo and has launched an investigation to determine what data might have been accessed by an intruder. Bleeping Computer notes that, at first, Adafruit said it would not be informing users of the incident. Adafruit's Managing Director Phillip Torrone, and founder Limor "Ladyada" Fried previously stated, "We evaluated the risk and consulted with our privacy lawyers and legal experts, and took the approach that we thought appropriately mitigated any issues while being open and transparent and did not believe emailing directly was helpful in this case.” However, after pushback from the user community, Adafruit has since decided to change its stance. The company apologized and stated, "We appreciate the feedback from the community and our customers, and will be emailing users as part of this disclosure.” Adafruit is also updating its security protocols and employee training to ensure this doesn’t happen again.