It was a familiarly bad cyber security story in June, with 92 security incidents and at least 7,021,195,399 breached records.
That figure was boosted significantly by KeepNet Labs finally bowing to pressure and admitting that a third party did in fact briefly expose five billion records online.
The only saving grace for the organisation – which didn’t do itself any favours by initially denying the story and threatening to sue people who reported on it – is that the leaked database comprised a list of records from past data breaches.
As such, affected individuals should already have been aware that their data had been compromised and taken the necessary steps to mitigate the damage.
Meanwhile, you can stay up to date with the latest news by subscribing to our Weekly Round-up or visiting our blog.
Cyber attacks
- Probe launched amid fears that patient files at Hockley GP surgery hacked (8,839)
- Avon’s UK website offline a week after suffering cyber attack (unknown)
- Hacker leaks database of dark web service provider Daniel’s Hosting (10,876)
- Nigerian and Beninese universities compromised after failing to address vulnerabilities (unknown)
- Amtrak resets user passwords after Guest Rewards data breach (unknown)
- Duluth student alerted school district about security breach (unknown)
- Kentucky Employees’ Health Plan hit by a pair of cyber attacks (1,013)
- Chartered Professional Accountants of Canada says hackers breached its website (329,000)
- University of Utah Health notifies patients of phishing attack (unknown)
- San Francisco Employees’ Retirement System says a contractor was breached (unknown)
- Hacker breaches Philippines’ San Beda University student portal (unknown)
- Everett & Hurite Ophthalmic Association discloses incident involving protected health info (34,113)
- Phishing scam targets German coronavirus task force (100+)
- Honda probes suspected cyber attack after discovering network glitch (unknown)
- Florence, AL, government hit by cyber attack (unknown)
- Austrian Internet service provider A1 Telekom struck by malware (unknown)
- University of Missouri Health Care discloses 2019 security incident (unknown)
- Fla.-based Cano Health notifies patients of breach that began two years ago (unknown)
- Privnote.com impersonated in year-long phishing attack (unknown)
- Portal for Philippines’ Far Eastern University hacked (1,000)
- China launches cyber attacks on government websites and banks following India massacre (unknown)
- Cyber attack on Mid-Michigan College endangers personal data of staff and students (16,000)
- ‘BlueLeaks’ exposes files from hundreds of police departments (unknown)
- CHI St. Luke’s Health Memorial Lufkin notifies patients of April security incident (unknown)
- Australian government bombarded by cyber attacks (unknown)
- Data stolen from Silicon Valley consulting firm offered for sale on hacker forum (unknown)
- Tait Towers Manufacturing discloses security incident affecting employee data (unknown)
- Social media influencers’ and users’ data compromised following Preen.Me hack (350,000)
- Jamesville-DeWitt High School students said obscene messages as email listserv breached (unknown)
- Hackers breach E27, want “donation” to reveal vulnerabilities (unknown)
- The Maine Information and Analysis Center breached in ‘Blue Leaks’ hack (unknown)
- Brazilian federal police investigate data leak of government officials (unknown)
- South Africa’s Life Healthcare investigating cyber attack (unknown)
Ransomware
- UK electric firm Elexon hit by ransomware (unknown)
- Bernards Township, NJ, resuming operations after ransomware attack (unknown)
- International IT firm Excis targeted by ransomware (unknown)
- Agromart’s data up for auction after being stolen in ransomware attack (unknown)
- Ransomware gang says it breached one of NASA’s IT contractors (unknown)
- Columbia College Chicago and the University of California crippled by ransomware (unknown)
- IT services giant Conduent suffers ransomware attack (unknown)
- Australian activewear retailer In Sport infected with ransomware (unknown)
- Ransomware attack on Knoxville, TN, shutters parts of the city website (unknown)
- New Zealand brewery Lion says it has been hit by ransomware (unknown)
- Electric Waveform Lab reports ransomware incident (unknown)
- Col.-based Rangely District Hospital notifying those affected by ransomware attack (unknown)
- ‘Vendetta’ hackers are posing as Taiwan’s CDC in data-theft campaign (unknown)
- Keizer, Oregon, computers hacked and ransomed for $48,000 (unknown)
- Care New England website shut down in suspected ransomware attack (unknown)
- Cebu Normal University suspends subdomain after anonymous website hack (unknown)
- Pennsylvania health system Crozer-Keystone Health System hit by NetWalker ransomware (unknown)
- ConnectWise partners hit by ransomware via Automate flaw (unknown)
- Alabama’s Tallapoosa County Probate Office shut down by ransomware (unknown)
- Florida Orthopedic Institute hit by ransomware (unknown)
- Texas Courts and the Texas Department of Transportation hit with new ransomware (unknown)
Data breaches
- Babylon Health app lets patients see other people’s video consultations (unknown)
- Just Eat customers’ details dumped in Cleveleys alley as data watchdog warns of GDPR breach (unknown)
- Inventory Hive website vulnerability exposes users’ personal data (100,000+)
- Months later, KeepNet Labs issues a statement about leak discovered by researcher (5 billion)
- CMS Joomla posts unencrypted database of user passwords online (2,700)
- India’s BHIM payment app exposed personal data on database (7 million)
- Manitoba Agricultural Services Corporation is notifying clients of a privacy breach(134)
- 150+ US school districts compromised by Aeries software breach (unknown)
- Cal.-based Castro Valley notifies patients after security incident (unknown)
- Chilean Transparency Council announces breach of sensitive health data (unknown)
- COVID-19 patients at Thiruvarur Medical College and Hospital leaked online (2)
- WhatsApp bug leads to users’ information spilling online (29,000)
- Nintendo customers must share responsibility for large-scale data breach (300,000)
- Pakistan’s COVID-19 track and trace app reportedly leaked users’ data (12,472)
- Indian Blood Donors website leaked people’s health and credential information (unknown)
- 845GB of racy dating app records exposed to entire internet via leaky AWS buckets (unknown)
- KIPP SoCal notifies parents after learning of GitHub breach (unknown)
- Oracle’s BlueKai, which tracks you across the web, leaks data (2+ billion)
- Twitter says some business users had their private data exposed (unknown)
- Unauthorised disclosure of COVID-19 patients’ identities continues in Philippines (150)
- OneClass e-learning vulnerability exposes university students’ data (1 million)
- National Highway Authority of India attacked by malware (unknown)
Financial information
- Fitness Depot breached after ISP fails to activate antivirus (unknown)
- Korean money transfer platform Viva Republica targeted by criminal hackers (unknown)
- South Africa’s Postbank replacing people’s cards after security breach (12 million)
- Retailers Intersport and Claire’s suffer payment card skimming attack (unknown)
Malicious insiders and miscellaneous incidents
- Indiana covered entities discover that third parties dumped records improperly (unknown)
- Canadian cryptocurrency firm Coinsquare discloses ex-employee stole data (unknown)
- Dev ERP Solution accuses employees of stealing sensitive data (unknown)
- Landmark Hospital of Athens in Georgia suspends employees accused of tampering with medical data (unknown)
- Patient privacy breach at Chatham-Kent Health Alliance (40)
- St. Louis mayor slammed for broadcasting names, addresses of ‘defund the police’ supporters (unknown)
In other news…
- People are worth $1,285 on the dark web, new study finds
- Bulgarian cyber criminal jailed after stealing bank account data
- Germany seeks EU sanctions for 2015 cyber attack on its parliament
- Hungerford man avoids jail for hacking video game hosting site
- Italian company exposed as a front for malware operations
