Dear privacy professionals,
Perhaps one day I could write an introduction that is slightly more upbeat, but for now, it seems the privacy world is one where the age-old adage of “no news is good news” certainly holds true.
Bad news continues to dominate the headlines the past few weeks. In Singapore, there was a little-reported breach involving unauthorized access to about 70 HealthHub accounts. The HealthHub service essentially provides a gateway to clinic appointments and medical records of Singapore citizens. While it appears that only the basic tier of the HealthHub service was accessed illegally, as sensitive medical data is protected by two-factor authentication, I find it concerning that this breach comes close on the heels of the massive SingHealth breach. It is perhaps also worth pointing out that both the HealthHub incident and the SingHealth breach occurred under the watch of Integrated Health Information Systems, which runs the IT systems of all public health care operators in Singapore.
Another company that is in the spotlight recently is, of course, Facebook, which is facing increasing scrutiny after the revelation that up to 30 million accounts were compromised in a cyberattack that exploited software flaws to steal access tokens that enable people to automatically log back in to the platform. Like regulators in other parts of the world, privacy authorities in the region, including in Japan and the Philippines (as reported below), are sitting up and taking notice, demanding that Facebook implement additional protection for the affected users and for all users of the platform.
Finally, hot off the press today is the data breach affecting personal data of up to 9.4 million Cathay Pacific passengers, which follows closely behind another recent incident affecting British Airways. Personal data accessed includes passenger name, nationality, date of birth, phone number, email address, residential address, frequent flyer program membership number, customer service remarks and historical travel information. More sensitive information accessed included 860,000 passport numbers and about 245,000 Hong Kong identity card numbers. It is noteworthy that suspicious activity was initially discovered on its network in March, and the unauthorized access was confirmed in early May. It will be interesting to understand why Cathay Pacific took almost six months before announcing the breach publicly.
With that, I will leave you to digest the rest of the articles below. For those of you traveling Down Under for iappANZ’s Summit 1 and 2 Nov., aptly named “Privacy: Handling the seismic shift,” I wish you safe travels and a fruitful conference!
If you want to comment on this post, you need to login.