July was bound to be a bounce-back month, but we couldn’t have expected the frighteningly high total of 2,359,114,047 breached records.
Granted, a big chunk of those come from a single incident – a mammoth breach involving a Chinese smart tech supplier – but as unimaginative football commentators say, ‘they all count’.
Let’s take a look at the full list:
Cyber attacks
- Tennessee-based hospice notifies patients and next of kin of cyber attack(unknown)
- ‘Silence’ hackers steal more than $3 million from banks in Bangladesh, Sri Lanka and Kyrgyzstan (unknown)
- Hackers steal names and Social Security numbers from Maryland Department of Labour (78,000)
- Croatian government targeted by mysterious hackers (unknown)
- Philadelphia Federal Credit Union confirms security breach (unknown)
- State-sponsored hackers breach Greece’s top-level domain registrar (unknown)
- Chinese job recruiting site hacked, with CVs for sale on dark web (160,000)
- Los Angeles Co. Department of Health Services email hacked exposing patient data (14,591)
- ME-based Penobscot Community Health Center says it was affected by AMCA hack (13,000)
- Japanese cryptocurrency exchange Bitpoint loses $32m in cyber attack(unknown)
- Crooks steal Bulgarians personal details and email them to local media (5 million)
- US telecoms company Sprint says it was breached via vulnerability in Samsung website (unknown)
- University of Alabama discovers 10-year-old account breach (1,400)
- Pennsylvania-based software firm and healthcare provider accuse each other of data theft (unknown)
- TX-based Wise Health reports data breach caused by phishing attack (35,899)
- OH-based Edgepark Medical Supplies notifies patients after a ‘password spray attack’ (6,572)
- Computer files at Bahamas’ Ministry of Tourism corrupted by virus (unknown)
- Taiwan’s 1111 Job Bank says online customers details were hacked by “tomholland” (20,000)
- South Carolina’s Midlands Technical College breached by virus (unknown)
- Hackers publish list of Discord credentials they accessed in phishing scam(2,500)
- Hackers breach SyTech, a contractor for Russia’s national intelligence service(unknown)
- Henry Co., GA, networks offline for five days after malware attack (unknown)
- Lancaster University students caught out in phishing attack (unknown)
- Alabama-based school says its systems have been wiped out, but won’t confirm whether ransomware is to blame (unknown)
- Hackers target the City of Concord Anson County and Lincoln County Sheriff’s office in overnight attacks (unknown)
- LAPD officers and applicants stolen by hacker (20,000)
- What’s been taken from your wallet? Capital One says credit card applicants’ data stolen (100 million)
Ransomware
- J’Syracuse? School District blames ransomware for power outage (unknown)
- Georgia court agency hacked in ransomware attack (unknown)
- Key Biscayne becomes third Florida city to be hit by ransomware (unknown)
- LaPorte, Indiana, government pays $132 after its systems crippled by ransomware (unknown)
- Humboldt State University radio station goes silent after ransomware attack(unknown)
- Hackers demand $2 million after infecting NY-based Monroe College with ransomware (unknown)
- Gila Co., AZ, experiences week-long disruption after ransomware attack(unknown)
- New Bedford, MA, and Syracuse, NY, governments also hit by ransomware(unknown)
- Lyon Co., NV, becomes latest US government to be hit by ransomware(unknown)
- Northwest Indian College suffered major file loss in Ryuk ransomware(unknown)
- Libraries in Onondaga Co., NY, hit by ransomware attack (unknown)
- FBI investigating after Collierville, TN, hit by ransomware attack (unknown)
- Tampa-based community radio station WMNF hit by ransomware (unknown)
- QuickBooks Cloud hosting firm iNSYNQ recovering after ransomware attack(unknown)
- Butler Co. Federated Library System working on its online system following a ransomware attack (unknown)
- Maitland, FL, dentist says five months of patient records encrypted by ransomware (unknown)
- New Haven Public School district has ‘restored all critical functions’ after ransomware attack (unknown)
- Mobile, AL-based Springhill Medical Center goes quiet after ransomware attack(unknown)
- Washington-based Grays Harbor Community Hospital still treated patients despite ransomware attack (unknown)
- Synology NAS devices hit by ransomware after brute-force password attacks(unknown)
- Kentucky-based non-profit health centre pays $70,000 after ransomware attack(unknown)
- University of Western Australia alerts former students about potential data theft after laptop theft (100,000)
- Two Puerto Rico hospitals report ransomware attacks (520,000)
- Steel plant Blastech becomes second Mobile-based organisation to be hit by ransomware this month (unknown)
Data breaches
- Chinese smart home vendor Orvibo involved in password dump (2 billion)
- Indian government website is leaking pensioner’s data; official says it won’t be fixed until 31 July (unknown)
- American Land Title Association informed of data breach (600)
- Chinese government leaves unsecured databased on the Internet (58,364,777)
- DNA testing service Vitagene left customer records online for years (3,000)
- K12 Inc. database of student data was left unprotected online (19,000)
- Former Desjardins president falls victim to identity theft after data breach (1)
- Canadian police sent an account of someone’s suicide attempt to the wrong people (1)
- Maryland Department of Education left students’ and teachers’ personal details on unencrypted database (1.6 million)
- Another massive database of victims from Evite data breach discovered (101 million)
- Hospitality tech company Aavgo left an unprotected server online for three weeks (unknown)
- University of Nebraska-Lincoln offering ID protection after laptop was stolen(900)
- Texas-based Clinical Pathology Lab informed that it was affected by AMCA hack(34,500)
- Employee at SC-based Medico Inc. left protected health info on unprotected database (300,000)
- Researchers discover massive data leak in a server belonging to unnamed Chinese company (4.6 million)
- More healthcare providers release details of AMCA data breach (939,050)
- Swedish cryptocurrency exchange QuickBit says it left database publicly available online (300,000)
- Tennessee high school students at risk after data breach at Higher Education Commission vendor (unknown)
- Isle of Man government ‘mislays’ personal data of home care residents (33)
- Browser extensions are causing data breaches at US-based healthcare software companies (unknown)
- Commission investigating Australian police informant accidentally shares her handlers’ personal details with underworld clients (unknown)
- YouHodler misconfiguration exposes crypto loan details onto the web (86 million)
- Security lapse at email marketing company FormGet exposes user-uploaded documents (43,000)
- Unprotected server at Brazilian financial services provider exposes customer data (unknown)
- National Australia Bank notifying customers after data service companies misuse personal data (13,000)
- Family who adopted a child were forced to move home and change names after lawyers accidentally shared personal details with birth parents (3)
- Third-party breach exposes personal data of students at Connecticut school(unknown)
- Vancouver tour company apologises after dumping personal information in recycling bin (unknown)
- Sephora says database of Asian, Australian and New Zealand customers’ personal data was leaked (unknown)
- ‘Procedural error’ as Glasgow council leaked details of low-income families(+30)
Financial information
- Arlington Co. says cyber criminals penetrated its payroll system (unknown)
- MYOB blames glitch after it sends payslips to the wrong people (220)
Malicious insiders and miscellaneous incidents
- Florida Department of Children and Family Services accuses employee of leaking sensitive data (2,000)
- Former employees at India-based Magnasoft Consulting accused of stealing data (unknown)
- Fired IT employee at Baltimore government gains access to sensitive areas(unknown)
- Attackers break into journalist’s home, kills her dogs and steal reporting records(unknown)
Source: IT Governance