Data breaches in August 2019 |114.6M records leaked

At first glance, August has been a quiet month for data breaches, with a total of 114,686,290 breached records. That’s about 10 percent of the monthly average coming into the month.

But that figure comes from 95 incidents in total, which is the highest number of breaches we’ve had all year.

Let’s take a look at those breaches in full in our slightly tweaked monthly list. After a reader suggestion last month, we’re also listing the UK-specific incidents in bold. Let us know if you like that change or if you have any other suggestions for future months.

Cyber attacks

• New Orleans school becomes latest cyber attack victim in Louisiana ‘crisis’ (unknown
• StockX admits that it was hacked after initially denying rumours (6.8 million)
• Murfreesboro, TX, says its water department payment portal was ‘hacked by Iranian hackers’ (unknown)
• Hackers access personal details of DeKalb, Georgia, students after exploiting web platform vulnerability (unknown)
• Custom t-shirt and merch company CafePress says users’ accounts have been hacked (23 million)
• California-based SuperINN Plus notifies clients of a cyber attack (43,000)
• Australian education provider TAFE NSW hit by phishing scam (30)
• Air New Zealand warns Airpoints members after employee falls for phishing email (100,000)
• Multiple sites affiliated with the University of Florida student government hacked (unknown)
• British Airways e-ticketing flaw exposes passenger’s personal data (unknown)
• Hackers compromise guest record database at Choice Hotel (700,000)
• Florida’s NCH Healthcare System is investigating the damage of phishing scam (unknown)
• European Central Bank says one its websites was hacked (481)
• Iowa-based Virginia Gay Hospital says an employee’s email account was breached (unknown)
• Michigan Medicine notifies patients about phishing campaign that exposed health info (5,500)
• California’s San Dieguito Union High School notifies parents of malware attack (unknown)
• Cyber attack forces websites of four New Zealand medical practices offline (unknown)
• Hackers steal personal data from website of Denmark’s Tivoli Park (1,000)
• Website of Illinois’ Macon County Circuit Clerk defaced by hackers (unknown)
• A phishing campaign has been using infected PDF attachments to target utility providers (unknown)
• Website and email domain of California’s Sonoma Valley Hospital hijacked by ‘pirates’ (unknown)
• Canada’s Alberta Health Services says patients’ health data was compromised in email hack (7,000)
• Chinese hackers stole personal data from Indian healthcare website (6.8 million)
• Internet hosting provider Hostinger resets users’ passwords after security breach (14 million)
• India: Desktop engineer detained after allegedly stealing data from the Revenue Dept. (unknown)
• Emails stolen after employee at NZ’s Capital & Coast District Health Board struck by phishing scam (unknown)
• French police ‘neutralize’ Monero mining virus as it spreads worldwide (850,000)

 

Ransomware

• Ransomware strain targets German organisations, wipes files (unknown)
• Oklahoma-based Broken Arrow school system hit by ransomware (unknown)
• Nashville, TN, company Asurion paid $300k ransom after malware attack (unknown)
• Arizona’s Camp Verde Unified School District hit by ransomware as school year starts (unknown)
• Missouri-based radio station KNEO hit by ransomware (unknown)
• Washington-based Grays Habor Community Hospital and its subsidiary attacked with ransomware (85,000)
• A coordinated ransomware attack hits at least 20 local governments in Texas (unknown)
• California’s Hospice of San Joaquin discloses ransomware attack (unknown)
• New York’s Rockville Centre school district almost $100,000 after ransomware attack (unknown)
• Lake County, IN, in emergency shutdown after ransomware infection (3,000)
• Idaho’s Nampa School District resorts to pen and paper after suspected ransomware attack (unknown)
• Virginia’s New Kent Co. Public Schools hit by ransomware ahead of new term (unknown)
• Ransomware attack targets Connecticut’s Woolcott Public Schools (unknown)

Data breaches

• Hentai porn site exposes the identity users who thought they were anonymous (1.1 million)
• Virginia school says a third party breached student and administrator data (unknown)
• A misconfigured AWS bucket exposed personal and counselling logs of Indian employees (300,000)
• Illinois school district has discovered a data breach that occurred in November last year (unknown)
• Online clothing retailer Poshmark confirms data breach (unknown)
• Data leak exposes personal data of Chilean residents (14 million)
• E3 website accidentally doxed contact information of journalists (2,000)
• Greenville County, SC, students and alumni affected by data breach (24,000)
• New Mexico-based Presbyterian Healthcare Services notifies patients of data breach (183,000)
• California-based Amarin Pharma identifies patients affected by June data breach (unknown)
• Australia-based Neoclinical breaches patients’ medical histories and other private info (37,000)
• Group dating app 3fun exposes sensitive data amid app vulnerability (1.5 million)
• Maplewood, NJ, provides media notification of malware attack (unknown)
• Riverside County, CA, says data concerning abuse cases stolen from employee’s car (770)
• Finnish tax authority sent citizens’ info to the wrong people (60,000)
• Two more leaks expose Indian citizens’ personal and medical information (+1.1 million)
• FDNY exposes patients’ personal details after losing a hard drive (10,000)
• Tiverton residents furious after confidential medical records dumped in a shed (+24)
• University of Hong Kong ‘sorry’ after laptop containing personal data stolen (3,600)
• Washington-based non-profit LEE has left unprotected database online (3.7 million)
• Northern Nevada’s largest healthcare provider is still looking for missing thumb drive (unknown)
• ‘Chinese Tinder’ has been exposing chats and private photos (10 million)
• Hacker’s site incriminating database published online by rival group (749,161)
• North Dakota students and alumni told their data has been leaked (18,500)
• Indian Army detects cyber security breach in Northern Command officer’s computer (unknown)
• Charleston County, SC, reports breach after employee’s email gaffe (824)
• Researcher identified unsecured databases containing pharmacy and telemarketing information (3 million)
• Major breach found in biometric system used by banks, UK police and defence firms (1 million)
• Australia’s Public Transport Victoria exposed travel history of myki card holders (15,184,336)
• Cincinnati Public Schools inadvertently said busing information to wrong students (7,000)
• Western Connecticut Health Network says box containing medical records broke open in the post (unknown)
• Arizona State University accidentally reveals email addressed of students (4,000)
• Mastercard reports data breach affecting German loyalty programme (93,000)
• Privacy breach at Massachusetts General Hospital’s neurology department (9,900)
• Hackers leaked sensitive government data in Argentina, but ‘nobody cares’ (unknown)
• New Zealand’s Ministry for Culture investigating serious privacy breach (302)
• Malaysia-based Astro has breached customer data yet again (68,000)
• Imperva discloses security incident impacting Cloud firewall users (unknown)

 

Financial information

• NASA astronaut accused of identity theft in first criminal allegation from space (1)
• Digital bank Monzo tells British customers to change their PINS after security error (480,000)
• Silicon Valley tech company Earnin hit by breach that revealed lax security measures (unknown)
• US supermarket chain Hy-Vee announces payment card breach (unknown)
• Australian banks warns customers after fresh PayID data breach (unknown)
• Delaware-based mortgage broker Lyons Companies involves in serious breach (unknown)
• Hackers breach Australians’ bank accounts, steal financial and personal data (98,000)

Malicious insiders and miscellaneous incidents

• Canadian patients horrified after hospital leaves medical records in a plastic bag outside clinic (unknown)
• Ikea apologises to Singapore customers after email gaffe (410)
• AT&T insiders bribed to unlock millions of phones and hack their employer (2 million)
• Two arrested amid Revenu Quebec data leak (23,00)
• Australian police commissioner admits officers inappropriately accessed private medical records (1)
• Employee at Canada’s Child and Family Services caught snooping on patient data (unknown)
• Canada Border Services Agency employee caught leaking police info to family (unknown)
• New Zealand-based medical centre receptionist sacked after sharing patient history (unknown)

In other news…

• Houston County delays start of school year again as it struggles with malware attack
• Student spear phished his teachers and adjusted his class’s grades
• Garda lost sensitive information after it fell off the back of a motorbike as it hit a speed bump
• Australians warned about glitch in education software that allows strangers to contact students
• Police recover $347k stolen during Spotsylvania County phishing scam

Source: IT Governance