November 2019 was a big month for data breaches, with a confirmed 1,341,147,383 records being exposed in 87 incidents.
However, almost all of those came from one leaked database, the origin of which is unclear as at the time of this writing.
Here is a full list of data breaches in November, showing the 1.34 billion records breached
Cyber Attacks
- Peer-to-peer lender company LendingCrowd reports security incident (unknown)
- Labour Party hit by “sophisticated” cyber attack (unknown)
- Another cyber attack on Labour Party as election nears (unknown)
- James Fisher and Sons says no data was lost in cyber attack (unknown)
- Perth Anaesthetic Group breached as hackers break into database (unknown)
- NordVPN users’ passwords exposed in mass credential-stuffing attacks (2,000)
- Brooklyn Hospital Center couldn’t recover data after malware attack (unknown)
- Indian startup Vedantu confirms breach of customer details (687,000)
- Four employees at Maine-based InterMed P.A fall for phishing scam (33,000)
- Dental Delta of Arizona discloses data breach caused by phishing attack (unknown)
- Connecticut’s Starling Physicians warns patients after phishing scam (unknown)
- University of North Carolina-Chapel Hill School of Medicine notifying patients after 2018 phishing incident (3,716)
- Online forum of cyber security firm ZoneAlarm hacked (unknown)
- California’s Solara Medical Supplies notifies authorities after phishing attack (114,007)
- TX-based Choice Cancer notifies patients about May security incident (unknown)
- Alabama-based CAH Holdings issues vague notice after company email account breached (unknown)
- Australian drug rehab centre Adele House exposes patient data after giving resident access (>200)
- Dublin-based Liver Wellness tells patients that a hacker accessed its email systems (unknown)
- Activist leaks files from Sayari after it demoed its software with US Immigrations and Customs Enforcement (unknown)
- France’s Rouen University Hospital-Charles Nicolle says 6,000 computers affected by malware infection (unknown)
- T-Mobile’s US customers affected by cyber attack (1.1 million)
- Florida Blue members’ personal information at risk following Magellen Health NIA breach (55,000)
- Select Health says patients affected after employee email accounts were compromised (unknown)
- South Korean cryptocurrency exchange Upbit ransacked, crooks steal $48.7M (unknown)
- US-based Ivy Rehab Physical Therapy tells customers their data has been compromised (unknown)
- New Mexico’s Youth Development, Inc. breached in suspected phishing attack (unknown)
- 12-year-old Florida student faces felony charge after hacking school computer to avoid doing schoolwork (unknown)
- OnePlus confirms second data breach in two years (unknown)
- Thousands of Disney+ fans say they’ve been hacked after signing up to new streaming service (>2,000)
Ransomware
- NM-based Las Cruces Public School computers still offline after ransomware (24,710)
- Two major Spanish companies have been hit by ransomware:
- IT consultancy Everis (unknown)
- Radio network Cadena SER (unknown)
- Watertown, CT, school system hit by ransomware (2,765)
- Ransomware at Lincoln County School District, Mississippi, shuts down systems (3,197)
- Hosting provider SmarterASP.NET hit by ransomware attack (440,000)
- Mexico’s Pemex Oil suffers ransomware attack, $4.9M demanded (unknown)
- Texas’s Port Neches-Groves Independent School District hit by ransomware (5,131)
- Louisiana state government’s IT systems hit by ransomware (unknown)
- US-based National Veterinary Associates crippled as 400 facilities hit with ransomware (unknown)
- Missouri-based Saint Francis Healthcare says not all records recovered after ransomware (unknown)
- Louisiana Office of Motor Vehicles closed for multiple days after ransomware attack (unknown)
- Massachusetts’ Chicopee Public School district computers, servers hit with ransomware (7,677)
- New York’s Sag Habor School District affected by ransomware attack (unknown)
- WI-based Virtual Care Provider held to ambitious $14M ransom (unknown)
- US-based security company Allied Universal raided after failing to act on ransomware attack (unknown)
- New Jersey’s Livingston Public Schools ransomware infection delays classes (unknown)
- Southern First Nations Network of Care, a California-based child welfare authority, hit by ransomware (unknown)
- Nebraska’s Great Plains Health infected with ransomware (unknown)
- NYPD pulls its fingerprint database offline after ransomware spreads through connected computers (unknown)
- Marriott notifies California Attorney General’s Office of a third-party incident (unknown)
- Spanish security company Prosegur says it’s been hit by ransomware (unknown)
Data Breaches
- Three UK once again lets people see customers’ account data (unknown)
- University of Herfordshire investigating after classic email gaffe (unknown)
- Sex workers data exposed after VTS Media leaves camgirl website database unprotected (unknown)
- Facebook accidentally shared private group data with partners (unknown)
- California DMV mistakenly gave federal agencies access to Social Security info (3,200)
- Hacker dumps database of infamous IronMarch neo-Nazi forum (3,548)
- Newfoundland and Labrador Medical Care Plan have just noticed missing binder containing patient data (3,300)
- Hurricane Dorian to blame for missing patient files at Bahamas’ Rand Memorial Hospital (unknown)
- US-based retailer Orvis.com leaked hundreds of internal passwords (>200)
- Prank call service users on the wrong end of the joke after data breach (138 million)
- Personnel data from a Dutch fruit wholesaler ended up in criminal file of cocaine investigation (unknown)
- US-based Sunshine Behavioral Health leaves patient files exposed online (90,000)
- BT Security commits Cc/Bcc gaffe in email to information security pros (150)
- Queer Chart, a startup for Stanford’s queer community, exposes user data (unknown)
- Chinese credit rating firm Kaola accused of data breach (unknown)
- WeWork develops exposed contracts and customer data on GitHub (unknown)
- People Data Labs and OxyData.io implicated in massive data breach (1.2 billion)
- French hotel giant Gekko Group leaks 1 TB of client data (unknown)
- Singapore Accountancy Commission accidentally shared sensitive data by email (6,541)
Financial Information
- Nikkei worker tricked into transferring millions into scammer’s bank account (unknown)
- Gaping ‘hole’ in Qualcomm’s Secure Word mobile vault leaked sensitive data (unknown)
- San Angelo, TX, government latest to investigate Click2Gov breach (unknown)
- College Station, TX, warns customers about Click2Gov breach (unknown)
- Macy’s breached as customer payment data stolen (unknown)
- Dothan, Alabama, the latest to report Click2Gov breach (unknown)
- Church’s Chicken restaurant chain probes data security breach at company-owned sites (unknown)
- US Virgin Islands and Power Authority is the latest victim of Click2Gov breach (unknown)
- Norman, Oklahoma, temporarily suspends utility payment portal after Click2Gov breach (unknown)
Malicious insiders and miscellaneous incidents
- The Guidance Center notifies patients are discovering insider wrongdoing (1,235)
- Staffer for Democratic presidential campaign resigns after abusing access rights (unknown)
- Trend Micro employee sold data that fuelled targeted scams (120,000)
- New Zealand’s Financial Markets Authority investigating third-party security incidents (unknown)
- Main Street Clinical Associates hit by looters after an explosion forced employees to evacuate premises (unknown)
- Mount Dora, FL, medical company caught an employee trying to sell patient info (2)
- Las Cruces Public Schools emails employees with Social Security numbers of vendors (unknown)
- Google sacks four employees, accusing them of data security violations (unknown)
- Pennsylvania-based UPMC Susquehanna says an employee spied on colleague’s file (1)
- NSW Labour party HQ reported for possible data breach (unknown)
- Washington University School of Medicine notifies patient of HIPAA breach (unknown)
Source: IT Governance
