Post your tech glitches, errors, issues, etc. here.

Anonymous

Mods,

Since you've shown us that you haven't been responsible with our data, I've asked those who found your data breach to keep an eye on you. I directed them to the Fast Company article which states you want our medical data in your system.

https://twitter.com/serenity_soon/status/1523788126795472896?s=21&t=rl57qoZ4jIZcXXBXnWXs6w

serendipity09

I deleted my diagnosis, but there is no delete option for treatments. Is it just me?

exbrnxgrl

I have had my dx and tx lines public since I joined a bit over 10 years ago. I removed them today with a mix of sadness, anger, and frustration.

SarahMaude

I see no excuse for ignoring months of alerts from a data safety audit watch group. It’s inexcusable to ignore our community and our legitimate questions because we are the reason there is a cause for BCO.

That being said, I never thought we had much, if any, data protection. The fact all posts, images, signature lines and community content is visible to us when we aren’t logged in let me know up front that anything I posted was absolutely public to anyone with a web browser. I did believe that profile information that we didn’t designate as public was protected. I’m no longer confident that the IT team at BCO is able to protect anything we input. I’ve withheld some personal data due to this, especially location. Anything personal I share here is not information I’d ever use for authentication. Thinking more about the sensitive nature of this board, I’m now surprised we could access so much without a login. There is a UK forum that I couldn’t even read until I’d asked to join and verified my email address.

This community, even in its smaller and diminished state is good. Every day that the leadership (not the moderators, they are not named principles of the org) fails to communicate their plans to the community is one more lost opportunity to redeem their cause. I’m asking again, leadership, what are your plans and intentions? If you are over your head, who is helping?

Anonymous

Avatars and other pieces of our profiles aren’t visible unless logged in.

I believe there used to be a thread of breast reconstruction pictures that required approval before being able to view. Are those pictures on the server still?

I arrived here because the posts were visible to the public, but I expect some parts of my account to remain private (like my email address).

The way BCO has acted to this data breach is unacceptable. They should squash plans to ask for our medical data.

exbrnxgrl

serenity,

If you're thinking of the picture forum, which was a pinned thread, it no longer exists as it was not really part of bco. It was started by a bco member but was not on the bco site so not on bco’s server.The pinned thread provided a link to that separately operated and maintained picture forum. The bco member stopped administering it and it is no longer active. Here is the thread, closed since 2020:

https://community.breastcancer.org/forum/44/topics/824546?page=16#post_5556922

Anonymous

exbrnxgrl,

That's a relief! I never looked at the thread, but I was afraid of any pictures being downloaded. Thanks!

ceanna

It should be shocking that BCO ignored a security breach for 5 months, but after asking for answers since this fiasco started on March 1 and no one in "leadership" (and I use that term loosely!) even bothering to treat us with respect and give us some answers, it's not all that surprising! I'm ever so glad I never filled out my profile, or recommendations, and clear my cache every time I visit here. BCO has used that information for tracking and collecting data to give a false narrative to their donors, and now, that very information is out in cyberspace because BCO wouldn't/couldn't secure it!! This is totally unacceptable.

CEO Hope Wohl has not said anything on these threads since mid-March and BCO Board chair Jane Hollingsworth has never provided any explanation. How do we hold these people accountable? Now we have to learn about a security breach from a member, not BCO. Thank you again, SerenityStat, for following up on this and knowing what this could mean for members. Please keep us informed.

As I've said from Day 1, this disrespect for community members is unconscionable. BCO, if you ever hope to regain any trust from members and be the leader in breast cancer information you claim to be, you need to come clean, and inform us--truthfully! None of "new website" hype you published back in March, but an accurate portrait of what's going on, not only to your members, but to your unwitting donors.

Be responsible, be accountable, and treat us with respect.

SarahMaude

serenitystat, you are right. Avatars and profiles weren’t/aren’t visible without being logged in. Ever since the reskinning “upgrade” avatars and images have been inconsistently displayed, so I forgot that.

I’m really sad about the lack of communication and transparency from BCO leadership. I know they can do better. This community’s power is the truth we share every day. Community leadership can and should amplify our voices of honesty, determination, and ability to heal from the damage we face from internal and external forces.

If we didn’t care about BCO recovering from these serious failures, we’d leave without saying anything. But we want a safe and secure community where we can help foster health and healing both

nopink2019

BCO provides nothing anymore that we all found helpful and encouraging. I deleted everything in my profile and am just posting to see what shows up. Very discouraged as my treatments are failing and this was the only thing I had for support from tjose who have been there. Last time I hit SUBMIT I lost my post and gave up for a few weeks. Will see how this one goes. Have you bnoticed that the only really active forum is about the disaster this is, nothing to help those w/breast cancer?

nopink2019

Tried to fix diagnosis & treatment. Impossible.

moth

hi nopink, sorry to hear your tx isn't working I'm mad about what's happening here too. Feel free to pm me or I can give you my text or email etc

Hugs

AliceBastable

nopink2019, it looks like you're stuck with treatments showing. I have no idea if they're accurate since that's been an issue for several people. I think it would take TNT to remove mine.

I have my annual mammogram and chest-abdomen-pelvis CT coming up in early June. Too bad I no longer have a place to share any fears about the results. Some of us don't have anyone in real life we can talk to, and really rely on the community here as a place to let off steam and get (and give) comfort. Thanks for breaking that bond, BCO bigwigs, you incompetent shits.

Anonymous

ceanna - Can you check your account details? I see your diagnosis and treatment details at the bottom of your post. If you find you can't delete them, there's not much you can do. I tried to remove my location and set it to Private. Still there, but this time it's listed only once.

sarahmaude - The report on the data breach stated they found images with sensitive content that would not be available publicly. These could be pictures of reconstructions shared by PM. I wish I could stay away, but I'm compelled to call out their BS.

nopink - I'm sorry you're not getting the support you need. I don't want to post so much on this thread, but sometimes I do. It takes effort to post here and leaves little to post elsewhere. Sometimes I have to stay away because of the aggravation which is why many others have stopped posting. Moth is a great resource for you. Truthfully, I don't know much about MBC. I'm still learning.

Alice - Yep.

ETA - I’m peeved to use my Twitter account for BCO. I wanted it to be a cancer-free zone where I should’ve posted a picture of a baby aloe plant with the most soothing green leaves.

ceanna

serenitystat, thank you for keeping us informed, and hope you don't grow too weary of helping members here since BCO is not forthcoming. I value your expertise! I'm content with keeping my basic information in my diagnosis and treatment lines if it will help someone. It had been wrong after the March 1 "relaunch," and I tried to correct it then and could not. It has now gone back to the limited information I inputted so I'm okay with that for the time being. I hate to start messing with anything here as it seems to get worse not better!

My question to every member here is what can we do now? BCO--its leadership and board--is not dealing with us honestly and with respect. Their donors. I'm sure, are not informed of this fiasco. Does this web site fiasco and security breach factor into CharityNavigator ratings? How many members here really know that there has been a security breach? BCO sent an email about not being able to post images but said nothing about the breach. Shameful! BCO owes its members better than that!!

HOPE WOHL AND JANE HOLLINGSWORTH, THE BUCK STOPS WITH YOU!!! BE RESPECTFUL AND BE ACCOUNTABLE, AND HONESTLY INFORM YOUR MEMBERS.

Spookiesmom

Maybe those who are on Facebook Twitter or other social media can get the word out that way. I don’t do any of that. Then maybe a national media outlet would pick it up. Bad PR isn’t what they’d want, damage control is hard to do. But could lead to some accountability from BCO. And we’ve seen their piss poor attempts at accountability. National attention would cut into their donor list, they sure don’t want that to happen.

Anonymous

Complaints about the data breach and BCO’s lack of response can be filed in Pennsylvania. Link in text below:

"Pennsylvania regulators need to look into both the lack of security and BreastCancer.org's failure to respond to repeated notifications that they were exposing personal and sensitive information.

If you wish to contact the Pennsylvania Attorney General's Office to file a consumer complaint, you can find information and an online complaint form linked from here.”

Anonymous

Here’s a link to the article on the data breach:

https://www.databreaches.net/breast-cancer-support-organization-leaks-data-despite-multiple-notifications/

ThreeTree

I've said some of this before, but I really had thought BCO was a legitimate, sophisticated, and presumably well managed organization. I'm beginning to get the feeling that I was scammed. I think I fell for the fluff and bluff that this organization seems to engage in. Put a pretty face on everything, put a sheen on anything that's looking bad. They indicated that the image/avatar problem was being looked into as a "just in case", "for your safety" etc. sort of thing, when in reality it was a serious breach that they did nothing about, and apparently will not own, just like the whole greater mess that started on March 1. I originally fell for what appears to be their deceitful methods of doing business.

I am again just so, so very glad that I never posted any of my stats, actual location, etc. I feel so bad for so many who are now having a nightmare experience with that part of the site. My original hesitation wasn't about security at all, because as above, I thought this was a serious, well run site. While I had initially found reviewing all the stats that people posted so helpful in the beginning of my cancer experience (I learned so much from reading them!), I started to worry that for me at least, people's stats were often becoming "them" so to speak, so I held off on posting my own. When I would read a post I would see all those stats, over and above, the substance of what a person was writing about and I started to not like it. Instead of seeing the "person" and what they were saying/contributing on a given topic, I was starting to see the person as their stats. The stats really started getting in the way for me at times.

I was actually thinking of suggesting that they add a feature where a person could choose to show their own stats, or turn them off, at any given time, and likewise, that we could all have a feature that would allow us to see others stats or turn them off at will. Sometimes I just wanted to be able to read and appreciate the substance of another person's post and not then see it in light of their stats. At the same time, I agree with so many others, that the stats can be amazingly helpful at times, and they were a huge part of my initial education when I was first diagnosed and looking for information and help.

I also want to underscore what Beesie said above about how this might just require serious housecleaning at the higher levels of this organization. They all seem to have some sort of a toxic way of working together. I also want to add my agreement re what Ceanna has said above and thank SerentityStat for all of her interest in and work regarding this matter. She may be getting weary, but I for one am very grateful for all of her work on this. Also, like Ceannna, I too have wondered if Charity Navigator is aware of all of what's going on here.

Just like child abusers and pedophiles seem to hide in the midst of the ranks of places like youth programs, I also think that some of the biggest financial scammers, fraudsters, and those who care little about the dire straits that others can find themselves in, hide in the midst of places like non-profits and charities. Some of these organizations can become real rackets. I seem to remember that at Susan Komen, her sister who was in charge of the operation, had to step aside do some sort of shady business she was involved in. I have never seen that organization as credible ever since then. I don't even remember the details and it was a long time ago, but in my mind, it forever tainted their reputation.

wrenn

There are many articles available if you google Breastcancer.org data breach.

ceanna

serenitystat, thanks for the reporting link. Is there a way to anonymously report as I don't want to out my full identity?

spookiesmom, I, too, am not on social media, but that's one way to make people and maybe the press aware of this. Hope someone who is on can.

At the very least, BCO should start a thread (this should have been done 5 months ago) explaining the security breach and what they are doing about it. I know companies with security breaches have notified me and offered me access to free identity/credit monitoring for the following year. Hope BCO is planning to tell us asap what they should legally be required to do when they first were notified of the breach.

BCO "leadership" needs to be held accountable and do their job! Why do we hear nothing from them?

ThreeTree

Wrenn - That's interesting. I googled as you suggested.

SerenityStat - One of the articles that comes up in the search is from "ITCanada", so whether the Pennsylvania Attorney General cares about Canada or not in this regard, others sure do!

Wrenn - I've also appreciated so many of your comments about this matter too. It's all just too much for me to post much myself, plus I've been dealing with Covid and it's repercussions (on top of Letrozole side effects) for the last few weeks (not a real bad case, just persistent - had shots, always wear mask, etc., but ...). I just want those who are really "on" this matter to know that some of us on the sidelines are really appreciative for what you are doing and your efforts are not in vain at all.

wrenn

Thank you Threetree. The thing that enrages (and saddens) me most about this nightmare is how it is affecting you and others in active treatment who really count on the support and information here from very intelligent generous women.

I am here out of gratitude for how I was helped when first diagnosed (and oblivious) and during my treatment. I really became attached to these members and was interested in how people were doing. I also liked passing on what I had learned to the newcomers.

SerenityStat is in active treatment and yet is working so hard in this thread to help us all. Beesie and all of the others who have contributed over the years are a huge loss thanks to the insensitivity (or corruption?) of BCO.

People aren't bothering to post glitches here now because nothing is done about it and glitches are getting worse. They are occasionally gaslighted by a mod announcing that they are reporting the glitches to tech etc. but we can all see that this is a sham.

ceanna

wrenn, thanks for the search. The ITCanada article did a concise job of explaining what was included in the breach and what we should know about images. Here's the relevant paragraph:

Another misconfigured bucket of data stored in the cloud has been found. This time it held data and images of people by Breastcancer.org. It's an American non-profit with a website that offers free research to women and men on breast cancer. It also has discussion forums people can subscribe to. In a report released this week researchers at SafetyDetectives found said last year they found an open Amazon S3 bucket holding 150 GB of data with over 350,000 files. Some of the files were user avatars, which are real or sketched pictures forum users can put beside their real or assumed names. Others were images posted with their comments in the forums. However, some digital images have what's called EXIF data that can include general location information, such as where an image was shot. That could lead to the real identities of people being tracked down, say the researchers. Some data also included results of medical tests. In addition to this being a privacy problem the researchers say Breastcancer.org didn't reply to warning messages. Ultimately researchers had to Amazon as well as the U.S.Computer Emergency Response Team to get the data secured. Two lessons from this incident: Organizations must have a combination of policies and IT procedures to ensure sensitive data employees have access to is locked down. And they need procedures for taking seriously email, phone and text complaints about security-related problems.

AliceBastable

Since there hasn't been a word from BCO about the data breach, we know they don't care. Anyone else feeling sucker-punched?

ctmbsikia

It should be very concerning to all that an organization such as this has not informed it's members of a possible security breech. Um, it's against the law. After this web site debacle it could be just a coincidence or is it something more sinister like hiding something. I just shot off a letter to the PA AG's office.

Alice, good luck with your upcoming tests and appointments. I'd tell you about mine but why bother? This may not be a safe place for us to chat.

Kudos to all the members here doing the stout research and asking-well DEMANDING accountability.

wrenn

Glitches thread being pushed off first page.

Who thinks up this silliness? Eesh.

ThreeTree

Wrenn - People could just keep bumping this thread.

Beesie

AliceBastable, yes, I feel sucker punched. I've devoted 16 years of my time to this site. I've always known that the discussion board was the poor step-child that was underfunded and not cared for, but I did my best to add value to the board, thinking that BCO was a quality organization that had integrity. I am sad to admit that I was wrong.

Good luck with your tests!

Anonymous

wrenn, ceanna - Thanks for the IT Canada article. Canada has stricter data privacy rules than US. 😏

ceanna - If you don't want to use the online form to report BCO's data breach, you can email them if you use an anonymous email address, or just send a letter to their physical address. Or you could call their number.