At first glance, February appears to be a big improvement cyber security-wise compared to the start of the year. The 632,595,960 breached records accounts for about a third of January’s total, and is considerably lower than the figures for this time last year.

Unfortunately, the number of breached records doesn’t tell the full story, as there were a whopping 105 incidents – making February 2020 the second leakiest month we’ve ever recorded.

You can find detailed breakdowns of some of the more notable incidents by subscribing to our Round-ups or by visiting our cheatsheet page where we have a dedicated variety of handy cybersecurity cheatsheets.

Cyber attacks

• Ordinance Survey discovers breach of employee data (1,000)
• South Carolina-based United Health notifies patients of 2019 data breach (36)
• Ashley Madison data breach victims still being hounded by sextortion scammers (unknown)
• San Diego school district investigating after online grading system hacked (unknown)
• Staff and students at St. Louis Community College caught out by phishing scam (5,100)
• Gambling firm Golden Entertainment discloses details of phishing scam (unknown)
• Preschool services provider Educational Enrichment Systems discloses cyber attack (unknown)
• Kobe Steel and satellite provider Pasco Corp disclose cyber attacks (unknown)
• Canada’s Confederation College investigating after malware shuts down online services (unknown)
• Hackers target Iranian telecoms network, knocking out a quarter of all national Internet (unknown)
• MA-based Shields Health Solutions notifies patients of employee email account hack (unknown)
• Internet outage in Vernon, CT, schools as officials investigate cyber attack (unknown)
• Altice USA employees’ data stolen in phishing attack (12,000)
• Puerto Rico government loses $2.6 million in phishing scam (unknown)
• PSL Services in Maine says several employees’ email accounts were compromised (unknown)
• Wake County, NC, learns that third party breached government employee info (1,900)
• Columbus County Schools gives update after systems wiped by cyber attack (5,673)
• NY-based mental health and addiction non-profit East House discloses email breach (unknown)
• The US Defence Information Systems Administration discloses 2019 cyber attack (unknown)
• California’s VibrantCare Rehabilitation notifies patients after email breach (1,655)
• Massive MGM data breach might be a smokescreen for more insidious attack (10.6 million)
• ISS World shuts down its computer systems amid malware attack (unknown)
• Endeavor Energy Resources says it fell victim to a phishing scam (unknown)
• Quebec teachers’ data stolen in password breach (360,000)
• University of Delaware job search platform breached, affecting students and alumni (8,029)
• Student at KY-based Spencer County High School hacks into online learning programme to boost grade (12)
• Dutch low-cost airline Transvania suffers email breach (80,000)
• Oh lord, a breach at Lodi again: two schools reveal data theft (unknown)
• Mexico’s Economy Ministry hit by cyber attack (unknown)
• Hackers are making fraudulent charges on PayPal accounts via Google Pay (unknown)
• San Felipe Del Rio school falls victim to business email compromise scheme (unknown)
• Pacific Specialty Insurance Company notifies plan members of 2019 data breach (unknown)
• Advocate Aurora’s HR system breached in phishing campaign (unknown)
• Rady’s Children Hospital in San Diego notifying patients whose data was accessed via open port on the Internet (unknown)
• Facial recognition firm Clearview AI says entire client list was stolen (unknown)
• Transmit Security notifies customers of a cyber attack (unknown)
• Tennessee Orthopaedic Alliance says unauthorised party accessed an employee’s email account (81,146)
• University of Delaware honors list hacked, with perps sending offensive memes (unknown)
• Munson Healthcare in Michigan notifies patients after email account breach (unknown)
• Total Quality Logistics confirms cyber attack but says it wasn’t ransomware (unknown)

Ransomware

• Belvedere, IL, locked out of government systems after ransomware attack (25,181)
• Racine, WI, says it won’t pay up after being infected with ransomware (77,542)
• Maastricht University pays US$220,000 ransom after Christmas Eve infection (unknown)
• Pennsylvania’s Allegheny Intermediate Unit investigates malware attack (unknown)
• target=”_blank” rel=”noopener”North Miami Beach hit by ransomware (44,124)
• Grundy County Courthouse, MO, says its systems were shut down by malware (unknown)
• MT-based Havre Public Schools struck by ransomware (550)
• Mississippi legal service provider discloses Christmas Eve ransomware attack (unknown)
• MA-based Pediatric Physicians’ Organization at Children hit by ransomware (500)
• Nacogdoches ISD consults city of Garrison after recent ransomware attack (878)
• Port Lavaca City Hall, TX, says it won’t pay $200k ransom from Ryuk attack (12,212)
• Redcar and Cleveland Borough Council reeling after suspected ransomware attack (135,000)
• Toll admits some customers still affected nearly three weeks after ransomware attack (unknown)
• Central Kansas Orthopaedic Group recovers from ransomware without paying demand (17,214)
• Albany-based accounting firm BST hit by Maze ransomware (unknown)
• Maroof International Hospital Islamabad infected in massive ransomware attack (unknown)
• Butler County Community College recovering from ransomware attack (3,800)
• South Adams Schools in Indiana hit with ransomware (347)
• Wayne, Nebraska, investigating after ransomware attack (unknown)
• FBI investigating after suspected ransomware attack on Jackson Public Schools (unknown)
• Students at IIT Madras fear for their personal data amid ransomware attack (unknown)
• Washington’s Moses Lake School District offline for two weeks after receiving ransomware-laden phishing email (7,000)
• Grayson County, Texas, systems offline due to ransomware attack (unknown)
• Gadsden ISD, New Mexico, hit by ransomware for second time in a year (unknown)
• NY-based Jordan Health shuts down its systems after being infected with ransomware (unknown)

Data breaches

• Crew and Concierge Limited leaves database containing personal data online (17,379)
• Financial Conduct Authority error exposes customer data (1,600)
• Samsung website error exposes UK customer data (150)
• RideLondon organisers apologise after ballot result mix-up (unknown)
• Rotherwood Healthcare left database publicly available online (10,000)
• Arizona Department of Education exposes parents’ scholarship accounts (7,000)
• Australia’s Yarra Trams email gaffe exposes commuters’ sensitive data (91)
• Indian marketing firm Pabbly leaves six years’ worth of personal data on a public database (51.2 million)
• Indiana University deployed a tool that enabled people to see students’ grades (100,000)
• Doctor at Bakersfield hospital accused of transferring sensitive data out of premises (+2,000)
• Massive data dump of Indian debit and credit cards for sale on dark web (400,000)
• Lukid Party accidentally shares entire Israeli national voter registry (6,453,254)
• Estee Lauder leaves database publicly available online (440,336,852)
• South Africa-based Nedbank says third party exposed sensitive customer data (1.7 million)
• Canadian House of Commons figures show systemic underreporting of data breaches (144,000)
• French plastic surgery NextMotion exposes patient photos on leaky database (unknown)
• Monroe County Hospital & Clinics notifies affected patients after email system breach (7,500)
• Canadian government emails Phoenix pay system victims’ data to the wrong people (69,000)
• Market analysis firm Tetrad accidentally dumps customer data online (120 million)
• Celeb shout-out app Cameo exposes private videos and user data (unknown)
• SlickWraps embroiled in data breach disaster (unknown)
• The Queen’s Medical Center and Queen’s North Hawaii Community employee sent data to the wrong email address (2,852)
• Community collaboration platform Rallyhood exposes a decade’s worth of data (unknown)
• KidsGuard spyware app has been secretly installed on thousands of phones (+2,000)

Financial information

• East Virginia Medical School investigating after phishing scam targets bank details (unknown)
• Hackers compromise Carson City residents’ bank details as Click2Gov incidents continue (unknown)
• Rutter’s stores in Pennsylvania and West Virginia affected by data breach (unknown)
• Relation Insurance discloses security incident six months after discovering it (unknown)
• Idaho Central Credit Union reports two data breaches (unknown)
• Cryptocurrency firm IOTA Foundation shuts down its network amid cyber attack (unknown)
• Charleston Lube Partners discloses payment card data breach (unknown)
• (+2,000)

Malicious insiders and miscellaneous incidents

• Patient records found strewn on the street near Craigavon Hospital (18)
• Patient files at Ashby hospital stolen from doctor’s car (24)
• Pennsylvania woman charged after stealing medical files from employer (unknown)
• Thieves steal computer belonging to medical transportation company (650,000)
• Johannesburg-based Yeoville Clinic says someone stole computers containing patient data (11,000)
• Former employers of Fifth Third Bank suspected of stealing sensitive data (unknown)
• DeKalb County police officers resign amid accusations that they sold accident reports
• Employee at Canada-based Ste-Justine hospital fired after sharing patient files (344)
• Patient records from mental health clinic found dumped in alleyway (unknown)

In other news…

• Former healthcare worker faces hundreds of charges after illegally accessing confidential medical records
• Russian court fines Facebook $63,000 for data protection violations
• Two ransomware victims face potential class action lawsuits
• Criminal Assets Bureau nabs Bitcoin credentials of drug dealer storing millions in cryptocurrency
• How a hacker’s mom broke into a prison – and the warden’s computer

Source: IT Governance