GDPR Services report 19 Private Data breaches – Week 24, 2019

GDPR Services report 19 Private Data breaches – Week 24, 2019

GDPR Services report 19 Private Data breaches

– Week 24, 2019 –

This is a curated list about last week’s latest news from by our GDPR Services. Be informed about the latest 19 Private Data breaches, identified and reported publicly during Week 24, 2019.

As these Private Data breaches have a severe negative impact on any business and highly serious legal consequences, consider a these GDPR Service packages: on-demand GDPR COMPLIANCE or a recurrent monthly service of GDPR COMPLIANCE ADD-ON together with your dedicated data protection OFFICER package.

 

on-demand GDPR Services

A Partner You Can Depend on to Help Your Organisation Meet GDPR Compliance. Industry leaders. Award-winning experience. All you need to know, to keep your business safe.



  • GrabCar fined for unauthorised disclosure of customer data in 120, 000 marketing emails
    • Ride-hailing firm GrabCar has been fined $16,000 for the unauthorised disclosure of the names and mobile numbers of 120,747 customers in marketing e-mails. The 2017 incident arose from an e-mail mismatch where the affected customer’s data was disclosed to only one other individual in each case. On Dec 17, 2017, GrabCar sent 399,751 marketing e-mails to a targeted group of customers but 120,747 of these contained the name and mobile number of another customer.


  • Philly Courts Still Down After Cyber-Attack
    • On June 11, Government Technology reported that the computer networks of the Luzerne County Correctional Facility in Pennsylvania continue to be impacted, leaving inmates unable to order items from the jail commissary. After a May 21, 2019, cyber-attack downed Philadelphia’s online court system for e-filing and docketing services, issues remain throughout the county, according to Government Technology.

  • A misconfiguration on the website of Kingman Regional Medical Center posed a security vulnerability to the data of an estimated 1,100 patients
    • On April 9, Kingman Regional learned that it may have had a possible security problem with its public website. The issue was found during a regular internal check of the public website, a step that some other providers may not take, says Teri Williams, director of communications and marketing. An outside forensics investigation found the configuration of the website made it possible for one or more unauthorized persons to view information entered into the website by patients. Possibly compromised data included patient names, dates of birth and information related to medical conditions for which patients were requesting services. Patient medical records, Social Security numbers and financial information were not compromised, Williams says.Kingman Regional website configuration exposed patient info



  • Evite had a security breach in February.
    • “An unauthorized party had acquired an inactive data storage file associated with our user accounts,” the company stated in a recent notice. The data included user names and passwords, but no financial information. No further details were mentioned. All passwords have been reset. Data Incident

  • 2019 is already proving a fruitful year for hackers with millions of records stolen, medical data leaks, and credit card data theft.
    • Read these brief insights about: HIV sufferers, Abused children at risk, 540 million Facebook user records, Georgia Tech, Toyota, Treatment for addiction, 19 million people impacted, but how?, Canva, First American, Hotel security audit logs, Quest Diagnostics, AMCA and Australian National University These are the 12 worst hacks, cyberattacks, and data breaches of 2019 (so far)

  • Personal info of 20M people at risk after massive data breach
    • A massive data breach has put personal information of more than 20 million people at risk. Maryland Attorney General Brian Frosh is urging residents to take steps to protect themselves, saying American Medical Collection Agency’s payment system was compromised on Aug. 1, 2018, and remained vulnerable through March. Personal info of 20M people at risk after massive data breach

 

HELPS YOU TO MEET GDPR REGULATIONS

Compliant and sustainable long-term GDPR operational behaviour. Have a rock-solid foundation for privacy procedures and GDPR mandate compliance.

Discover more trending and viral stories from our GDPR Service. The remaining Private Data breaches made news headlines. All these news related to GDPR Services happened just in the last week.


  • Underwriting agency ProRisk has been hit by a serious cyber attack, forcing a shutdown of systems for several days.
    • Executive Director Hamish McDonald-Nye told insuranceNEWS.com.au today that a phishing attempt seeded malware onto the company’s network at the weekend, and the system was shut down to isolate the issue and protect client data. Mr McDonald-Nye says the incident proves cyber attacks “can happen to anyone”. Underwriting agency hit by cyber attack


  • Noam Rotem and Ran Locar said in a blog post that more than one in four Fortune 500 companies had experienced a data breach in the last decade and thus Tech Data was “part of an elite, but particularly vulnerable, club”.
    • Security researchers from virtual private network firm vpnMentor have found an unsecured server belonging to American multinational tech vendor Data Tech online, containing 264GB of data about its client servers, invoices, SAP integrations and plaintext passwords. Fortune 500 firm Tech Data leaks 264Gb of data online


  • Grand Rapids, Mich.-based Mercy Health began notifying approximately 1,000 patients on May 24 about a data breach that may have exposed patient data, according to mlive.com.
    • Mercy Health discovered that a private server was vulnerable to unauthorized personnel between 2014 and March 25, 2019. The server was used to store patient information and allowed physicians to conduct office check-ins and schedule appointments. Michigan hospital alerts 1,000 patients of data breach

  • US Customs and Border Protection announced Monday photos of travelers and license plates were recently compromised in a data breach.
    • In a statement, CBP said it learned on May 31 that a subcontractor “had transferred copies of license plate images and traveler images collected by CBP to the subcontractor’s company network. The subcontractor’s network was subsequently compromised by a malicious cyber-attack.” Feds say photos of travelers compromised in data breach

  • Over one million accounts were leaked, and a vulnerable encryption algorithm may have been in play.
    • Retro gaming website Emuparadise has been involved in a data breach leading to the exposure of 1.1 million user accounts. The security incident took place on April 1, 2018, but has only recently emerged after information from impacted user accounts was provided to HaveIBeenPwned by dehashed.com. Emuparadise gaming emulator website suffers data breach

  • Opko Health Inc said on Thursday it was notified by its former billing collections vendor about unauthorized access to information on about 422,600 customers, making it the third healthcare company to be affected by the incident.
    • American Medical Collection Agency (AMCA) informed Opko Health that the compromised data may include credit card and bank account information, email addresses and other data such as address, phone number and balance information. However, the company said no social security numbers, bank account passwords or security questions were compromised in the unauthorized activity that occurred between August 1, 2018 and March 30, 2019. Opko Health says over 400,000 customers likely affected by data breach

  • It is aviation’s largest known data breach, with 9.4 million Cathay Pacific passengers impacted, but also puzzling, gathering only 430 credit card numbers, mostly expired and none complete. Cathay says it has not received any reports of data being misused or listed on the “dark web.”
    • Cathay was unequivocally faulted by Hong Kong’s Privacy Commissioner in a report released Thursday that identified two contraventions of law, low regard to data privacy and taking seven months to disclose the 2018 breach. “It is quite clear that contraventions aside, Cathay adopted a lax attitude towards data governance, which fell short of the expectation of its affected passengers and the regulator,” Privacy Commissioner Stephen Kai-yi Wong said in a statement. Cathay was served an enforcement notice. Cathay Pacific Faulted For Data Breach, But Hackers’ Objective Unclear

 


 

data protection OFFICER

Identify high-risk problems. Taking access and rights management into serious consideration is the foundation for a safely guarded online presence throughout your domain.

Do you have any questions about our GDPR Service or related to GDPR Services in general? Leave your thoughts about these Private Data breaches in the comments below!

Related Posts

Leave a comment

Do NOT follow this link or you will be banned from the site!