Daily Digest (5/25)

Ohio Data Breach Exposes Pandemic Jobless Aid Applicants; UK Contractor Shares Emails of 300 Contract-Tracers in Breach; Apple-Google COVID App Technology Draws Interest From 23 Nations; Ex-Apple Whistleblower Calls for EU Probe of Privacy Policies. Click “Read more” below.

Ohio Data Breach Exposes Pandemic Jobless Aid Applicants

Applicants to the Ohio Pandemic Unemployment Assistance (PUA) Program found their personal data exposed because of a breach at the state Department of Job and Family Services.

The information included names, Social Security numbers and home addresses, InfoSecurity Magazine reports. The data was also exposed to other applicants.

More than 161,000 residents have sought jobless assistance in the wake of COVID-19. ODJFS did not say how many claimants were affected by the data breach. 

Deloitte Consulting discovered the breach on May 15. Deloitte is the technology vendor for PUA systems in Ohio and several other states. 

The firm sent PUA claimants a breach-notification email on May 20, state officials said, indicating that the breach was fixed within an hour of discovery. 

“A unique circumstance enabled about two dozen Pandemic Unemployment Assistance claimants to inadvertently access a restricted page when logged into the state’s PUA website,” Deloitte told InfoSecurity in a statement.

Source (external link):

InfoSecurity: Data Breach Afflicts Ohio’s Unemployment Office

UK Contractor Shares Emails of 300 Contract-Tracers in Breach

The U.K. outsourcing firm Serco has apologized after accidentally sharing the email addresses of nearly 300 people working as contact-tracers.

The company is training staff to trace cases of Covid-19 for the U.K. government, BBC News reports.

The error occurred when Serco emailed new staffers training information.

Serco also said it would review its processes “to make sure that this does not happen again.”

U.K. Health Secretary Matt Hancock said 21,000 contact tracers had been hired, some of whom are healthcare professionals, to help gather information in the effort to slow the spread of COVID-19.

Serco is among the companies hiring, training and operating the 15,000 contact-tracers who lack clinical training, BBC News reports.

Source (external link):

BBC: Coronavirus: Serco apologises for sharing contact tracers’ email addresses

Apple-Google COVID App Technology Draws Interest From 23 Nations

Authorities in 23 countries across five continents have sought access to contact-tracing technology from Apple Inc. and Google, the companies said last week as they released the initial version of their system.

However, authorities would need to stop requiring cellphone numbers from users under the companies’ rules, Reuters reports.

Apple and Google have barred authorities from using their technology collected by GPS location data or by requiring users to enter personal data.

But some governments have struck out on their own, contending that their apps would be more effective if they could track users’ locations to identify hot spots for virus transmission and notify them about possible exposure through calls or texts, rather than a generic push notification.

Source (external link):

Reuters: Apple-Google contact tracing tech draws interest in 23 countries, some hedge bets

Ex-Apple Whistleblower Calls for EU Probe of Privacy Policies

A former Apple Inc. employee has written EU data-protection authorities, asking for an investigation into the company for potential privacy violations.

Thomas le Bonniec was one of Apple’s contractors involved in the Siri monitoring program, Business Insider reports.

He raised concerns about how Apple “keeps ignoring and violating fundamental rights and continues their massive collection of data” — and then asked for appropriate enforcement action for alleged privacy shortcomings.

Source (external link):

Business Insider: Apple whistleblower blasts company over ‘violating fundamental rights’

— By DPN Staff