Cybersecurity in a Volatile World – CIGI

Thanks to a whopping data breach from an unknown server exposing 419 million data records, our monthly total comes to 531,596,111 breached records.

This brings the total amount of breached records for the year so far to 10,331,579,614.

September may have had fewer incidents than August at only 75, but overall there was a massive 363% increase on records breached.

Cyber attacks

• University of Ghana accommodation registration portal hacked (unknown)
• Cincinnati-based UC Health says multiple accounts compromised in phishing scam (unknown)
• Students in Thailand accused of stealing, selling food discount codes (unknown)
• Hong Kong Stock Exchange says its website was hacked (unknown)
• Oklahoma Highway Patrol reports $4.1 million theft from pension fund (unknown)
• xkcd forum taken offline after personal data leak (562,000)
• US Secret Service investigating after its systems found for sale on the dark web (unknown)
• Students at Marquette University, WI, receive unusual scam email (unknown)
• Malaysia’s Malindo Air confirms that passengers’ data was posted on online forums (30,000,000)
• Hacker destroys Hungarian Development Center’s digital database (unknown)
• Staff and students at Swindon College at risk after cyber attack (unknown)
• Ramsay County, MN, says last year’s email attack was much worse than they thought (118,000)
• Health Ministry of Malaysia investigating data leak of radiology reports (19,992)
• Hacker accesses email account of employee at New Mexico’s Presbyterian Health Plan (56,226)
• Northshore School District hit by cyber attack (unknown)
• Southwestern Ontario hospitals hit by cyber attack (unknown)

Ransomware

• Police investigate after ransomware found on Sherman School, CT, systems (unknown)
• Flagstaff, AZ, school district hit by ransomware (unknown)
• Thousands of Linux servers infected with new Lilocked ransomware (unknown)
• Utah-based Premier Family Medical notifies patients of ransomware attack (320,000)
• Illinois’ Rockford Public Schools District 205 shut down by ransomware (26,980)
• Pennsylvania’s Soudaton Area School District hit with ransomware (unknown)
• Florida school district shuts down email systems amid ransomware attack (unknown)
• Baltimore acknowledges for first time that data was destroyed in ransomware attack (unknown)
• Irish government admits ransomware attack occurred last year (unknown)
• Pennsylvania’s Wallenpaupack Area School District hit by ransomware for second time this year (2,966)
• Gillette hospital targeted in ransomware attack (unknown)
• Government of LaPorte County Indiana suffered ransomware attack (unknown)
• Alabama Mobile County Public Schools impacted by ransomware (unknown)
• Peoples Injury Network Northwest notifies patients of ransomware incident (12,502)
• Guthrie Public Schools hit by ransomware attack (unknown)

Data breaches

• Providence Health Plan customers affected by data breach (122,000)
• Australia’s Attorney-General accidentally shared senior officials’ contact info (+100)
• French cosmetics giant Yves Rocher left customer info on database (2,500,000)
• Thousands of Supermicro serves are exposing BMC ports (unknown)
• Teletext Holidays left audio files of customer purchases unprotected online (212,000)
• Phone numbers linked to Facebook users found online (419,000,000)
• DK-Lok left private emails and communications unsecured online (unknown)
• California-based Andy Frain Services says laptop was stolen from an employee’s car (unknown)
• com says a third party exposed user data but didn’t tell anyone (unknown)
• Minnesota-based Metro Mobility may have breached personal details of people with disabilities (15,000)
• Major security flaw found in website of online furniture store Pepperfry (unknown)
• Charing Cross Gender Identity Clinic accidentally shared patient data in CC email gaffe (1,800)
• Mississippi-based Meridian Community College discloses breach that occurred in January (unknown)
• Breach notification from Alive Hospital, TN, was itself a data breach (unknown)
• Facial recognition app leaks photos of suspects from Indian police database (unknown)
• New Zealand Transport Authority admits to tech error that exposed sensitive data (unknown)
• Boy Scouts’ personal data breached by third party (unknown)
• Researcher discovers that Vancouver Coastal Health broadcasts medical info over unencrypted radio signals (unknown)
• Netanyahu’s party exposed personal details, political affiliations of Israeli voters (4,000,000)
• Australian ticketing start-up Get investigating data leak (159,000)
• UNICEF accidentally leaked personal data of online students (8,000)
• Robstown, TX, Police Department lose evidence, reports in data breach (unknown)
• Population of Ecuador at risk after misconfigured database left unprotected online (16,600,000)
• Personal data of Lumin PDF users shared on hacking forum (24,300,000)
• Gootkit malware crew left their database online without password protection (2,385,472)
• UpGuard secures a storage device containing 1.7 TB of sensitive information (unknown)
• Tesco parking app taken offline after exposing car registration number plates (>20,000,000)
• Indiana Doctor’s clinic had thousands of abandoned medical records (unknown)
• Unshredded NHS records used to weigh down scaffolding at art festival (unknown)
• Polish online retailer issued fine over data breach (2,200,000)
• Vodafone customer account details ‘briefly exposed (3)
• Heyyo dating app leaked users’ personal data (72,000)
• DoorDash confirms breach impacting 4.9 million (4,900,000)

Financial information

• Credit card data from Russell Stover breach shows up on the dark web (unknown)
• LA-based surgical assistant suspected of identity theft scheme at SoCal hospitals (unknown)
• Russian Hacker Pleads Guilty For Involvement In Massive Network Intrusions At U.S. Financial Institutions (unknown)

Malicious insiders and miscellaneous incidents

• Two men accused of harassing NJ police officers by posting hacked info online (50)
• Dutch hospital used medical files as a shopping list, left info in supermarket (unknown)
• Little Rock Plastic Surgery releases statement after internal HIPAA breach (unknown)
• Someone stole the autopsy photos of several patients from Chicago’s Loyola University Medical Center (10)
• People’s Party of Canada candidate accused of stealing voter’s personal data (unknown)
• Computers used to check in Atlanta voters stolen hours before election (4,000,000)
• Crook steals hard disks, RAM from INS Vikrant, India’s first aircraft carrier (unknown)
• Wigan Hospital employee viewed personal information without legitimate reason (2,000)
• Melbourne medical clinic faxes sensitive data to wrong number (10)

In other news…

• Researchers find malware hiding in downloadable student textbooks and essays
• New York’s Orange County school district the latest to delay new term as it recovers from ransomware
• Former student convicted in dark web threats targeting San Francisco school
• Virus Cripples Most City-Owned Computers In Union City
• US Navy hiring new cyber chief to better shield military secrets from Chinese hackers

Source: IT Governance