We would’ve been talking about an extraordinarily low number of breached records this month if it hadn’t been for a string of incidents in India, another Facebook gaffe and a massive blunder in China, in which a series of companies exposed almost 600 million citizens’ CVs.
Still, April 2019 saw a not completely disastrous 1,334,488,724 breached records. That’s better than last month, bringing the annual total to 5.64 billion and reducing the monthly average to 1.46 billion.
Here’s the list in full:
Cyber attacks
- Criminal accesses personal data of faculty staff and students at Georgia Tech(1.3 million)
- Bangladesh Oil, Gas and Mineral Corporation’s website hacked hours after recovering from previous attack (unknown)
- Australian Signals Directorate confirms data was stolen in parliament IT breach(unknown)
- Massachusetts hospital caught in phishing scam (12,000)
- Hacker breached Minnesota state agency email (11,000)
- South Carolina’s Palmetto Health discloses phishing attack dating back to 2018(23,811)
- Phishing scam exposes personal data at Florida’s Clearway Pain Solutions Institute (35,000)
- Customer data stolen as website of Japanese luxury railway hit by cyber attack(8,000)
- Dakota County, MN, discloses breach after an employee’s email is hacked(1,000)
- Blue Cross of Idaho notifies members of privacy breach after thwarting financial fraud (5,600)
- Texas’s Questcare Medical Services investigating business email compromise attack (unknown)
- Ontario’s Stratford City Hall recovers from cyber attack (unknown)
- IT outsourcing and consulting giant Wipro hacked (unknown)
- Texas-based Metrocare Services discloses second breach in five months (5,290)
- California-based Centrelake Medical Group notifies patients of security incident(unknown)
- North Carolina’s Klaussner Furniture Industries notifies employees of security incident (9,352)
- Customers at US fast food retailer Chipotle say their accounts have been hacked (unknown)
- Minnesota’s Riverplace Counseling Center notifies patients after malware infection (11,639)
- Hacktivists attack UK police sites to protest arrest of Julian Assange (unknown)
- Texas-based EmCare says patient and employee data has been hacked (60,000)
- Idaho-based bodybuilding.com discloses employee-related data breach(unknown)
- Illinois dental insurer notifies members after phishing attack (unknown)
- Attackers breached Docker Hub, grabbed keys and tokens (190,000)
- Atlanta’s Woodruff Arts Center shuts down network amid security breach(unknown)
- University of Alaska discloses data breach that occurred more than a year ago(unknown)
- Magecart hackers steal data from Atlanta Hawks’ online shop (unknown)
Ransomware
- Genesee County, MI, government suffers ‘aggressive’ ransomware attack(unknown)
- Ransomware attack affects Women’s Health Care Group of PA (300,000)
- Greenville, NC, government’s systems knocked out by ransomware (unknown)
- Ransomware attack hits Garfield County, UT (unknown)
- Augusta, ME, hit by ransomware, forcing City Center to close (unknown)
- New Jersey-based paediatric orthopaedic surgeon hit by ransomware (unknown)
- Ransomware at Florida’s Stuart City Hall “more than likely” caused by phishing(unknown)
- Massachusetts-based medical billing services notifies patients of ransomware attack (unknown)
- Idaho’s Sugar-Salem School District 322 hit by ransomware during ISAT testing(unknown)
- Ransomware disables Cleveland airport’s email systems, information screens(unknown)
Data breaches
- Indian government leaves healthcare database exposed on web (12.5 million)
- West Yorkshire council data leak leaves couple who adopted abused children living in fear (2)
- History repeats itself as Facebook third-party apps expose users’ personal data(540 million)
- Canadian pension firm loses microfiche containing personal data (unknown)
- Crook swipes Winnipeg Regional Health Authority employee’s bag; patients’ records taken (75)
- VoterVoice exposes database containing ‘treasure trove’ of personal data(300,000)
- Ohio government accidentally leaks information of those seeking job, family services and health aid (993)
- Chinese companies responsible for massive data breach of CVs (590 million)
- Texas’s Weslaco Regional Rehabilitation Hospital discloses data breach(unknown)
- Russian hospital dumps medical waste, sensitive data in landfill site (unknown)
- UK’s Home Office sorry for EU citizen data breach (240)
- Pennsylvania’s Community College of Allegheny County discloses data breach(unknown)
- Patients at Toledo, OH, rehab hospital subject to data breach (unknown)
- Washington state-based RS Medical discloses incident that may have compromised patient information (unknown)
- Athens, OH, rehabilitation centre notifies patients after unauthorised access to network (20,485)
- Sensitive data found on hard disks may be India’s largest ever data breach (78 million)
- California-based LD Evans says it has only just learned about 2018’s Citrix vulnerability (631)
- India’s JustDial service is breaching users’ personal data in real time (100 million)
- Drug addicts’ personal data found in rehab centres’ unexposed databases (4.91 million)
- Researcher uncovers exposed personal data from Iranian ride-hailing app(6,772,269)
- Pennsylvania-based Partners for Quality discloses data breach (3,673)
- US health provider Inmediata discovers patients’ information was exposed on the web (unknown)
- ‘Horrendous’ privacy breach at Australia’s Centrelink sees clients’ names published on Facebook (unknown)
- Personal data of employees at Lauderdale County, MS, emailed to colleagues(100)
- US consumer commission warns of data breach affecting safety information(unknown)
Financial information
- Almost $500,000 swiped in Tallahassee, FL, payroll hack (unknown)
- AeroGrow says hackers stole months of credit card data (unknown)
- Florida-based United Way of the Big Bend says tax payers’ info was stolen (64)
- KPMG faces fine of up to $1.6 million after leaking payroll data (41)
Malicious insiders and miscellaneous incidents
- Former IT aide to New Hampshire senator caught keylogging (unknown)
- Employee at Cleveland’s University Hospital accidentally shared patients’ health info (840)
- University of Toledo counsellor fired after allegedly disclosing a student’s PTSD(1)
- Maine’s Acadia Hospital mistakenly release confidential information of Suboxone patients (300)
- Employee at California’s St. Boniface Hospital “inappropriately” viewed patient records (38)
In other news…
- USB stick containing sensitive data (and the movie Gone Girl) discovered during manslaughter trial (6,385)
- Barking resident jailed for blackmailing porn watchers (unknown)
- Source code of Iranian cyber-espionage tools leaked on Telegram (unknown)
- Supply chain hackers snuck malware into video games (unknown)
Source: IT Governanace