List of data breaches and cyber attacks in May 2016

Well, it’s a big list this month.

The number of data breaches is growing every day – which is hardly surprising. While organisations struggle to keep their and their customers’ data safe, criminal hackers are already selling that data on the dark web.

What’s happened this month?

LinkedIn breach

A major talking point this month was the data breach LinkedIn suffered back in 2012. What was originally announced as a breach that affected 6.7 million members, actually affected 117 million. This was revealed when an unknown individual/group put the data up for sale on the dark web for around $2,200. A sample of the data was verified by a few third parties.

It’s not much of a secret that LinkedIn has handled this breach poorly. In fact, in the time it took LinkedIn to notify me that one of my email addresses was affected, I had written an article about the breach, recorded a podcast on it and enjoyed a weekend.

Organisations can’t be slow in these situations. If your customers are going to be notified of a breach, make sure it’s YOU doing the notifying.

W-2 breaches

There has been a significant increase in breaches affecting W-2 data, which relates to confidential tax information in the US. There are three instances in this month’s list, but these are just the ones that I’ve been able to find – I assume there are many more.

A recent report found that, in Q1 2016, 41 organisations had been successfully targeted for W-2 data. Back in March, the IRS issued a warning to HR departments about an increase in BEC (business email compromise) scams that aim to steal W-2 data.

If you’re aware of any other W-2 breaches that aren’t in this list – please let me know and I’ll get them added.

Data breach

MySpace and Tumblr hit by ‘mega breach’

117 million hacked LinkedIn email addresses and passwords put up for sale

Kiddicare customers at risk after data spills from test server

CA Health & Longevity Institute patients notified of Bizmatics breach

Probable security breach may have compromised thousands of Lewis Palmer students’ data

Email gaffe at clinic exposes patients’ names and email addresses

Email fail at Do Not Call Register, thousands of contacts exposed

Comanche County Memorial Hospital notifies 2,199 patients after contractor’s email gaffe

Another Bizmatics, Inc. client notifies 7.500 patients of hack

Complete Chiropractic & Bodywork Therapies notified 4,082 patients after discovering malware

Eye Associates of Pinellas notifying 87,000 patients of Bizmatics breach 

County council’s data breach shockers: Care papers dumped in bin and personal info leaked to public

Open records request goof exposes personal info of 36,000 Poway USD students and their parents

City College of San Francisco notifies students after employee falls prey to phishing scam

Talentbuddy.co / Talentguide.co Database Exposed, Company Reacts Swiftly

Data breach reported at Katy physicians group

Avention investigating two data breaches involving employee info

Florida Medical Clinic, PA notifies 1,000 patients after Greenway Health error exposed PHI

Teen Dating Site Left Underage Users’ Private Messages Exposed To Anyone

Huge embarrassment over fisting site data breach

Children’s National Medical Center blames former transcription vendor for privacy breach

Breach at vendor’s results in Mayfield Brain & Spine patients receiving emails containing malware

Passwords and Sexual Desires for Dating Site ‘Fling’ hacked and up for sale

5,800 Palm Beach County teachers notified of data security breach

Cyber attack and ransomware

Perez Hilton website visitors hit by two malvertising attacks in same week

Visitors to TV station websites targeted in malvertising attack

Hackers demand ransom payment from Kansas Heart Hospital for files

Commercial Bank of Ceylon website hit by hack attack

Gilbert Public Schools email hacked by junior high school student

Michigan electricity utility downed by ransomware attack

Financial

EPISD employee accounts hacked, money stolen

Payroll vendor employee falls for phishing scam, all clients’ W-2 data involved

1.4 Billion Yen Stolen From 1,400 Japanese ATMs

Ecuador Bank Hacked via Swift

Stanford University continues to investigate breach involving employee W-2 data

“Large number of” Brunswick Corporation employees being notified of W-2 data breach

Barton County Treasurer’s Office falls for email scam

O’Charley’s suffers payment card network compromise, notifies customers

Noodles & Company Probes Breach Claims

Hi-Tec Sports notifies Hi-Tec, Magnum Boots customers of payment card compromise

Union League Club fires employee, investigates customer credit card breach

Fighting back against cyber crime

Teenager charged over Mumsnet hack and DDoS attack

Member Of Large-Scale, $5 Million ATM Skimming Scheme Sentenced To More Than Seven Years In Prison

Other

Database mix-up let some smart doorbell users see video from others’ homes

Reddit Forced to Reset 100,000 Passwords After ‘Uptick’ In Hacked Accounts

Met officers ‘hacked database to leak name of protected witness’


Trends and traits of data breaches

Managing Information Security Breaches - Studies from real life, 2nd EditionTo help you understand the trends and traits of data breaches, what they are, how and why they occur, and what you can do to avoid suffering a similar fate, take a look at our book of the month: Managing Information Security Breaches – Studies from real life by Michael Krausz.

This thought-provoking guide details how breaches can be treated and the direction you should take if you’ve been affected.

Buy your copy now.


Share now…

Share on Twitter Share on Facebook Share on LinkedIn

2 Comments

  1. Dissent 30th May 2016
    • Lewis Morgan 31st May 2016