List of data breaches and cyber attacks in April 2020: 216 million records breached

With only 49 reported data breaches and cyber attacks this month, you might have thought April was a calm month in the cyber security department.

Of course, that couldn’t be further from the truth, with organisations being turned upside down amid the coronavirus pandemic and cyber criminals thriving on the uncertainty.

So how can we account for dip in reported data breaches? It’s simple: many organisations have been shuttered – or operating in a more limited way – during the pandemic and either aren’t performing actions that could jeopardise their security or haven’t detected an incident.

Among organisations that have remained open, the threat is more severe than ever. You can take a look at every reported incident that accounts for April’s 216,141,421 breached records here.

As always, incidents affecting UK organisations are listed in bold. Meanwhile, you can stay up to date with the latest news by subscribing to our Weekly Round-up or visiting our blog.

Cyber attacks

• Warwick University hid cyber attack from affected staff and students (unknown)
• Italian email provider confirms hack after users’ data found for sale on dark web (600,000)
• Nepalese Internet service provider Vianet suspects that it was hacked (170,000)
• Cyber criminals steal Pakistani mobile users’ personal data (115 million)
• San Francisco Airport discloses data breach after two of its websites were hacked (unknown)
• Lafayette Regional Rehabilitation Hospital suffers second data breach in two weeks (unknown)
• Saint Francis Ministries discloses cyber attack that occurred last year (unknown)
• Zoom accounts sold on the dark web (500,000)
• Maryland-based Doctors Community Medical Center notifies patients of phishing scam (unknown)
• Online marketplace Quidd breached as users’ data goes on sale on the dark web (4 million)
• New York State investigating cyber attack that compromised government systems (unknown)
• Aurora Medical Center Bay Area, WI, hit by phishing scam (unknown)
• Canadian accounting firm MNP forced offline amid cyber attack (unknown)
• UniCredit SpA employee data put up for sale on the dark web (3,000)
• Cyber attack on Illinois Valley Community College disrupts systems (unknown)
• Million-dollar online whisky auction postponed after cyber attack (unknown)
• Parkview Medical Center in Pueblo, Colorado targeted in cyber attack(unknown)
• US Chegg notifies employees of cyber attack targeting Social Security numbers (700)

Ransomware

• Cyber crooks hold Zaha Hadid Architects to ransom (unknown)
• COVID-19 research facility 10x Genomics hit by ransomware (unknown)
• Brandywine Urology Consultants in Delaware notifies patients of ransomware attack (131,825)
• Brandywine Counseling and Community Services also hit by ransomware (unknown)
• Two Manitoba law firms locked out of their systems after ransomware infection (unknown)
• Portuguese multinational energy giant Energias de Portugal hit by ransomware (unknown)
• Ransomware attack temporarily knocks out Olean, PA, city systems (unknown)
• Torrance, CA, systems taken offline in ransomware attack (unknown)
• Danish Agro targeted by ransomware (unknown)
• Confidential docs belonging to aerospace firms stolen by cyber criminals (unknown)
• Milwaukee-based ‘smart’ parking company CivicSmart hit by ransomware (unknown)

Data breaches

• IT company leaks personal details of Maltese voters (337,384)
• Wisconsin-based healthcare provider Eversana discloses 2019 data breach (unknown)
• Marketing automation platform Maropost leaks massive database of customer records (95 million)
• Canadian passengers from virus-stricken Zaandam cruise ship hit by government privacy breach (247)
• Thunder Bay Regional Health Sciences Centre publishes employee data (unknown)
• Oakland County accidentally posts COVID-19 patient data on its website (unknown)
• Southern Ute Indian Tribe says US government leaked confidential information (unknown)
• Indian government investigating after stranded citizens’ data leaked (900)
• Prime Communications sends sensitive data to former employee in email gaffe (unknown)

Financial information

• Applications Software Technology LLC notifies employees of W-2 data breach (unknown)
• PrimoHoagies notifies customers after it learns of months-long data breach (unknown)
• Chartered Institute for Securities and Investments leaves members vulnerable to fraud (unknown)
• South Korean and US banks implicated in data breach after customers’ payment card details put up for sale on dark web (397,365)
• UseNext says security flaw in partner company exposes customers to fraud (unknown)
• PaperlessPay Corporation hack leaves customers vulnerable to tax refund fraud (unknown)

Malicious insiders and miscellaneous incidents

• The UK government met on Zoom and accidentally posted the meeting ID (unknown)
• Authorities raid Calif. home filled with patient records, opioids stolen from doctor’s office (unknown)
• Michigan-based Mercy Health fires nurse for violating privacy of multiple patients (unknown)
• MO-based Poplar Bluff Regional Medical Center notifies patients after tornado hits secure records service provider (unknown)

In other news…

• Virgin Media facing lawsuit over exposed personal data
• Morrisons not liable for 2014 data breach, Supreme Court rules
• Microsoft working with healthcare providers to tackle COVID-19 ransomware
• Security researcher discloses four IBM zero-days after company refused to patch