September last year saw one of the year’s longest monthly lists, and that seems to be the case this year, too.
Over the last week, cyber security issues have been brought to the world’s attention by a massive data breach at Yahoo, which resulted in the details of 500 million user accounts being leaked. However, that breach occurred in 2014 and doesn’t make this month’s list.
This month’s list is characterised by a large number of data breaches that were caused by an insider either making a mistake or acting with malicious intent.
An important lesson from this month is that information security extends beyond the digital. No matter how advanced your cyber controls, you are still likely to suffer a breach if you are careless enough to throw sensitive documents into public bins.
While being foolhardy with confidential documents might not leave you as vulnerable as a digital breach, your organisation could still be slapped with a €20 million fine under the terms of the EU General Data Protection Regulation, which comes into force in 2018.
Here are this month’s data breaches and cyber attacks.
Data breach
Florida Bar Association hacked, members’ data leaked
6.6 million plaintext passwords exposed as site gets hacked to the bone
Russian hackers leak Simone Biles and Serena Williams files
Russian internet giant Rambler.ru hacked, leaking 98 million accounts
OneLogin security breach – Secure Notes exposed
Armenian Hackers leak Azerbaijani banking and military data
Alberta College of Paramedics privacy breach puts information of thousands of members at risk
UC San Diego School of Medicine notifying trainees whose SSNs were exposed on the Internet
Napa Valley Dentistry notifies patients after theft of server from storage facility
Dozens of clinics, thousands of patients impacted by third-party data leak
University of Ottawa missing hard drive with data on 900 students
County acknowledges ‘possible security breach’ of courthouse computers
Privacy breach shows names and addresses of military personnel’s families
County health care agency reports breach of patient data
Codman Square Health Center notifies members after breach at NEHEN
KidsPeace announces possible client information breach
Saint Francis investigating security breach
Personal information of La Joya ISD teachers accidentally released
CalOptima notifies members of breach 8 months later
Data breach in Oconee Co. causes employee pay issues
St. Elizabeth Physicians’ email gaffe exposed patient email addresses
Geisinger Health Plan notifies 2800 that processing error exposed their PHI to others
BDSwiss employee data allegedly stolen, investigations pending
Russian hackers release more confidential athlete data; WADA confirms
Trump’s campaign mute about data security #fail
Computer breach could have exposed trauma victims to further anguish
NBTC to probe alleged privacy breach by AIS employee
EurekAlert! goes offline following attack
Laptop stolen from U.S. Healthwork was encrypted but ,alas, the password was with it
VoIPtalk admits to possible data breach
One of Portland’s largest financial firms warns of possible data breach
‘Massive data breach’ at Almelo municipality
eThekwini shuts down e-services after user data leak
Owen Smith tweets login data to 16,000 followers
DHS exposes thousands of individuals’ private information — including feds, golfers and priests
Mat-Su campus hit by data breach
‘Variety’ hacked by OurMine, subscribers inundated with email
Network security breach with Milwaukee VA affiliate
Cyber attack & ransomware
Notice of data incident at Stallcup & Associates, CPAs
Keck Medical Center of USC discloses ransomware attack
Kennesaw State student hacks system, changes grades, steals data
Hacker tries to ransom housing authority data
Maplewood tax firm hacked; data held for ransom
University Gastroenterology notifies patients of ransomware attack
Hackers holding school computers hostage
Cyberattack cripples Appalaches school board, cancer support group
Al Zahra Private Medical Centre hacked
Computer hackers demanded ransom payment from Derriford Hospital
Misfortune cookie: Mr. Chow restaurants website hacked to distribute ransomware
Financial
AF Smith warns customers of data breach fear
China hackers swipe millions in data breach
Someone just lost 324k payment records, complete with CVVs
Abilene police reveal details of restaurant credit card fraud
McDonald’s employee stole about 100 credit card numbers while working drive-thru
Massive unreported security breach, $2 million alleged fraud at NorQuest College
PoS vendor Lightspeed suffers data breach
Other
MarsJoke ransomware targets the government and K-12 educational sector
A single ransomware network has pulled in $121 million
Tesla issues software update after hackers report remote brake hack
Seagate faced with class-action lawsuit following whaling scam
Wells Fargo fined $185 million for phony account fraud – 5,300 employees fired
Fighting back
Romanian national sentenced to three years in prison for role in computer hacking scheme
Kosovo hacker gets 20 years in U.S. for helping Islamic State militants
Teenager to appear in court over alleged hack and data theft
Ex-LV employee in court over data leak
Guilty plea of Krystle Steed for taking over hospital patients’ bank accounts
Trends and traits of data breaches
To help you understand the trends and traits of data breaches, what they are, how and why they occur, and what you can do to avoid suffering a similar fate, take a look at our book of the month: Managing Information Security Breaches – Studies from real life by Michael Krausz.
This thought-provoking guide details how breaches can be treated and the direction you should take if you’ve been affected.
Buy your copy now.
Share now…
If there’s anything that I’ve missed, please let me know by using either the comment box below or tweeting me.
Thank you for putting this list together. Missing (under Fighting Back) is:
16 Sept 2016 – UK court to decide on extradition of ‘hacker’ Lauri Love – https://www.theguardian.com/law/2016/sep/16/lauri-love-uk-court-us-extradition-hacker-accused
Can you please add the figure for approximate number of records stolen for future monthly posts? similar to Junes.
I’ll give it a go! It can be quite difficult to get the number as most companies do well at hiding the number of breached records.
That’s understandable. Thanks!