The Serum Institute is a public enterprise within the Danish health ministry. The institute sent two unencrypted CDs with “very comprehensive” data on 5.3 million Danes to the country’s statistics office. However, the CDs ended up at the ChineseVisaApplicationServiceCenter in Copenhagen, which is close to the statistics office, according to the report.
The CDs and the letter contained information on cancer, diabetes and psychiatric diagnoses, in addition to some demographic information of individuals living in Denmark between 2010 and 2012, Reuters reports.
The mistake was reportedly realized when an employee at the Chinese Visa office, which contracts work to a private firm, opened the package, and upon realizing she was not the intended recipient, gave the package to the statistics office, reports CSO.
More articles on data breaches:
Maryland court dismisses CareFirst data breach lawsuit citing insufficient demonstration of injury
Providence notifies 5,400 patients of insider breach
Ultrasound unit thefts breach PHI of 1,100 Kaiser patients