List of data breaches and cyber attacks in July 2020 ­– 77 million records breached

After mammoth amounts of personal data were leaked in May and June, we’ve seen a reversion to the mean this month. By our count, 77,775,496 records were leaked in 86 incidents.

This includes the Twitter hack on 130 people, including Bill Gates, Barack Obama and Elon Musk, as well as the less flashy but equally concerning attack on dozens of universities and charities across the UK, US and Canada.

You can find our full list of publicly disclosed data breaches from July in this blog. As always, incidents affecting UK organisations are listed in bold.

Meanwhile, you can stay up to date with the latest news by subscribing to our Weekly Round-up or visiting our blog.

Cyber attacks

• Russian hackers suspected in Covid-19 vaccine intellectual property theft (unknown)
• Bitcoin scam leaks personal data of users from across the globe (248,926)
• Hackers obtain COVID-19 patient database in protest at treatment of Indian health workers (80,000)
• Australian MyGov accounts for sale on dark web (3,600)
• Hackers hijack Russia’s Ministry of Foreign Affairs’ Twitter account (1)
• Canadian insurer Heartland Farm Mutual says an employee’s email account breached (unknown)
• Brazilian health insurer Hapvida discloses cyber attack (unknown)
• Vancouver Coastal Health says no data was stolen in cyber attack (unknown)
• Google-backed Indian delivery start-up Dunzo breached in cyber attack (unknown)
• Four military schools in Canada targeted in ‘mysterious’ cyber attack (unknown)
• Hacker claims to have breached threat intelligence platform Data Viper (unknown)
• Celebrity Twitter accounts hacked in coordinated cyber attack (130)
• Iranian spies accidentally leaked videos of themselves (unknown)
• Israeli Water Authority confirmed attacks on two infrastructure facilities (unknown)
• Western Australia government hacked, with COVID-19 communications intercepted (unknown)
• Food delivery service Instacart denies cyber attack large-scale data breach (278,531)
• Spanish infrastructure manager Adif has been hit by a cyber attack (unknown)
• Ongoing Meow attack has nuked more than 1,000 databases without telling anyone why (unknown)
• University of Utah notifying patients after phishing attack (10,000)
• Carter and Hoff Dentistry reports attack on its IT network (7,000)
• US Department of Veterans Affairs Veterans Health Administration notifies those affected by third-party breach (1,501)
• California Health Care Plan warns of data breach (35,883)
• NM-based Four Winds Behavioral Health discloses email attack (500)
• QNAP NAS devices have been infected with the QSnatch malware (62,000)
• Hackers stole GitHub and GitLab OAuth tokens from Git analytics firm Waydev (unknown)
• Crypto wallet firm Ledger learns that user’s personal info was stolen (9,500)
• Las Cruces school meeting zoom-bombed (unknown)
• WV-based Elkins Rehabilitation & Care Center notifies residents and employees of data breach (unknown)
• Data breach as GEDmatch has privacy experts worried (1.4 million)
• TX-based Sheldon Independent School District confirms network breach (unknown)
• Hacker leaks user records from 18 companies for free (51,346,000)*

*Only includes incidents that haven’t previously been disclosed

Ransomware

• Blackbaud attack compromises data from more than 20 universities and charities (unknown)
• Labour Party confirms that it was affected by Blackbaud attack (unknown)
• CNY Works jobseekers Social Security numbers exposed in suspected ransomware attack (56,000)
• Turkish doctor’s office hit by ransomware (10,000)
• French telecommunications company Orange S.A says data was stolen in ransomware attack (20)
• Argentina-based Telecom targeted by ransomware (unknown)
• Cooke County Sheriff’s Office in Texas compromised in ransomware attack (unknown)
• MD-based Lorien Health Services hit by ransomware (21,800)
• Garmin services and production go down after ransomware attack (unknown)
• Athens ISD Board of Trustees has agreed to pay a $50,000 ransom (unknown)
• Canadian managed service provider Pivot Technology Solutions discloses ransomware attack (unknown)

Data breaches

• South East Coast Ambulance employee personal and medical details exposed (unknown)
• NHS Orkney employee sent patient info to the wrong person (1)
• South African medical data app LogBox leaves database unprotected online (unknown)
• Delhi University portal vulnerability exposes students’ personal data (23,034)
• Providence Health Plan in Oregon discloses data breach after coding error (49,511)
• Group of free VPN apps expose user data on publicly accessible database (20 million)
• University of Lethbridge reveals details regarding privacy breach at health centre (1,225)
• Wellington firm LPM Property Management leaks passports and driver’s licences (31,000)
• Heartland Counseling Services announces potential contacts information breach in email gaffe (500)
• Philadelphia-based insurer Independence Blue Cross confirms data breach (2,393)
• Gujarat Technological University students complain of data leak during online tests (28,000)
• Kiwibank investigating ‘significant’ privacy breach (4,200)

Financial information

• Palm Bay, FL, joins list of US cities affected by Click2Gov breach (unknown)
• Vermont Tax Department exposed three years’ worth of tax return info (unknown)

Malicious insiders and malicious incidents

• Employee at Indonesian Telkomsel arrested for allegedly stealing celebrity’s sensitive data (unknown)
• St Kilda Aussie Rules players’ medical files stolen in car smash-and-grab (unknown)
• Canadian pharmacists allegedly paid for access to their clients’ files (unknown)
• X-rays of male genitalia may have been shared online by PA imaging employee (unknown)
• Walmart reports that some patient data may have been stolen by looters during civil unrest (unknown)
• CVS and Walgreens also say that patient data was stolen during looting (21,000)
• 407 Express Toll Route employee used a company computer to access and compile a list of names (60,000)
• Canadian-based Central Health discloses privacy breach (240)
• Cub Pharmacies in Minnesota disclose patient data breach in looting (unknown)

In other news…

• How the cyber insurance industry is responding to ransomware
• No More Ransom: How 4 million victims of ransomware have fought back against hackers
• Tampa teen arrested regarding Twitter hack on the accounts of Obama, Gates, et al