Modernizing Authentication — What It Takes to Transform Secure Access
The Yomiuri Shimbun reports that officials from Japan's Environment Ministry; Health, Labor and Welfare Ministry; Reconstruction Agency; Agriculture, Forestry and Fisheries Ministry; and Land, Infrastructure, Transport and Tourism Ministry mistakenly made private communications public on Google Groups (h/t Softpedia).
The error, according to the Yomiuri Shimbun, occurred because Google Groups' default setting enables public access to all discussions. "Our security awareness was weak," a ministry offical told the newspaper.
Potentially exposed data included patients' medical information, high school students' health checkup records, people registered in an alumni directory, a list of supporters of a political party, and data on middle school students' home environments.
Sixty-six e-mails related to negotiations at the the Minamata Convention on Mercury were also publicly viewable. "It was problematic that the processes around ongoing negotiations could be seen by outsiders," a spokesman for the Environment Ministry told AFP. "We have taken corrective steps."