List of data breaches and cyber attacks in May 2019 – 1.39 billion records leaked

The cyber security story for May 2019 is much the same as it was last month, with one mammoth breach raising the monthly total.

The offender this time is the First American Financial Corp., which breached sixteen years’ worth of insurance data. That incident accounted for more than 60% of all of May’s breached records.

In total, at least 1,389,463,242 records were compromised. That brings the annual running total to 7.28 billion and reduces the monthly average to 1.44 billion.

Cyber attacks

• US energy companies report denial of service conditions (unknown)
• Telangana power supplier website hit by a cyber attack (unknown)
• Rivalry between Bay Area lunch companies ends in a cyber attack (200+)
• Hackers steal card data from 201 online campus stores in US and Canada(unknown)
• Austrian construction group hit by cyber attack (unknown)
• Airbnb customers say their accounts have been hacked (unknown)
• Binance breached as hackers steal £38 million in bitcoin (unknown)
• Michigan-based health clinic says an employee’s account was compromised(1,000)
• Student at NY-based school arrested, charged with hacking former superintendent’s account (unknown)
• NY-based Episcopal Health Service notifies patients of data breach (unknown)
• US Virgin Islands-based FirstBank cancelling debit cards amid fears that accounts have been compromised (50)
• Affiliate of NBA’s Indiana Pacers says it has fallen victim to a phishing scam(unknown)
• Oregon Health Authority sends speedy notification after phishing attack(unknown)
• Paterson, NJ, public schools hit by cyber attack (23,103)
• Equitas Health says two employees’ email accounts were compromised (569)
• Hackers breach Uniqlo’s online store, access customers’ details (460,000)
• Singapore Red Cross’s website hacked, blood donors’ details compromised(4,000)
• Cancer Treatment Centers of America notifies patients of phishing attack(unknown)
• Salesforce customers faced 15-hour delay as org investigates security incident(unknown)
• Stack Overflow says cyber attack compromised customers’ data (unknown)
• Oregon Construction Contractors Board confirms data breach (8,013)
• More than 12,000 MongoDB databases deleted by Unistellar attackers(unknown)
• Database containing Instagram influencers’ contact details found online (49 million)
• Sunderland City Council launches investigation after library users’ personal data hacked (45)
• Third-party mailbox used by Computacenter employees hit by phishing scam(unknown)
• Graphic design firm Canva hit by massive data breach (139 million)
• Hackers break into database of Dutch letting agent and steal identity card scans(200+)
• Tampa-based Checkers Drive-In Restaurants notifies guests about malware attack (unknown)

Ransomware

• Hackers breach the Philippines United Student Financial System for Tertiary Education (unknown)
• A hacker is wiping Git repositories and asking for a ransom (unknown)
• New York newspaper firm faces another Ryuk attack (unknown)
• Connecticut school district thwarts ransomware attack (unknown)
• American Baptist Homes of the Midwest hit by ransomware (unknown)
• Kentucky library closes due to ransomware attack (unknown)
• City of Baltimore hit by second ransomware attack in a year (unknown)
• Illinois-based Augustana College reports ransomware attack (unknown)
• Southeastern Council on Alcoholism and Drug Dependence notifies patients of ransomware attack (25,148)
• Oklahoma City Public Schools confirm that they have been hit by ransomware(unknown)
• Louisville Regional Airport Authority hit by ransomware (unknown)

Data breaches

• Popular US recruitment site Ladders exposes users’ data in security lapse (13.7 million)
• Seattle University laptop containing Social Security numbers lost (2,000)
• UK government commits email privacy blunder (300)
• Vulnerability in Tommy Hilfiger Japan database expose customers’ data (1 million)
• Louisiana’s Madison Parish Hospital notifies patients of a security incident(1,436)
• Hong Kong government dental clinic loses patients’ personal data (383)
• Man finds medical records from Cork University Hospital on city street(unknown)
• Cork University Hospital accuses man who found medical record on city street of data breach (unknown)
• Children’s personal data found at dump in Yellowknife, Canada (191)
• Virginia hospital loses patient’s personal data… twice (1)
• Data leak at Canada’s fourth phone network exposed customer data (5 million)
• Database containing Indian personal records exposed and hijacked(275,265,298)
• School exam vendor exposes students’ personal data (525,000)
• Data breach at CT-based Greenwich school poses ‘clear and present danger’(unknown)
• DVLA sends motorists’ sensitive data to the wrong address (2,000)
• Almost everyone in Panama has had their personal data exposed (3,427,396)
• Oklahoma Dept of Securities notifies those affected by 2018 data breach (2 million+)
• Data breach exposes passport info of Russian officials and citizens (360,000)
• Burger King online store for children exposes customers’ info (37,900)
• Unsecured survey database exposes respondents’ personal details (8 million)
• TeamViewer confirms undisclosed data breach from 2016 (unknown)
• Redtail CRM data breach might have exposed client info (unknown)

Financial information

• Ongoing attack stealing credit cards from more than 100 shopping sites(unknown)
• Houston-based hospital employee used patients’ financial records to pay his rent (unknown)
• Condé Nast notifies Wired subscribers of data breach affecting payment details(1,100)
• Freedom Mobile users’ personal data found on unsecured database (1.5 million)
• Employees at Indian financial company arrested after selling credit card details of police and army officers (50,000)
• The Shubert Organization, owner of 17 Broadway theatres, suffers data breach(unknown)
• First American Financial Corp. leaked sixteen years’ worth of title insurance records (885 million)

Malicious insiders and miscellaneous incidents

• Dell laptops and computers vulnerable to remote hijacks (unknown)
• American Indian Health & Services reports email misuse (unknown)
• TX-based UMC says two employees mishandled patient data (unknown)
• NY-based Independent Health emailed health information to the wrong addresses (7,600)
• A Leicestershire council says it accidentally published residents’ personal details online (134)
• Indonesian banks sold customers’ personal data to credit card salespeople(unknown)
• Canadian government employees gain unauthorised access to info of Brampton residents (13,000)
• Employees at India’s Speciality Polyfilm arrested for stealing sensitive information (unknown)
• Laptop containing children’s health data stolen from Canadian medical centre(225)
• Cincinnati-based TriHealth accidentally sent personal data to a student mentee(2,000)

In other news…

• Tesla tells employees to stop leaking sensitive data (unknown)
• Scottish National Party faces fine after mailing list error (20,000+)
• Florida teens hack school system to email students about ‘mandatory penis inspection’ (unknown)
• Top-tier Russian hacking collective claims breaches of three major anti-virus companies (unknown)
• WhatsApp users urged to update app after serious security vulnerability discovered (unknown)
• Linksys routers are leaking customers’ personal details (25,000)
• Researcher discovers vulnerability in travel distribution company Amadeus(unknown)

Source: IT Governance