GDPR Services report 19 Private Data breaches
– Week 24, 2019 –
This is a curated list about last week’s latest news from by our GDPR Services. Be informed about the latest 19 Private Data breaches, identified and reported publicly during Week 24, 2019.
As these Private Data breaches have a severe negative impact on any business and highly serious legal consequences, consider a these GDPR Service packages: on-demand GDPR COMPLIANCE or a recurrent monthly service of GDPR COMPLIANCE ADD-ON together with your dedicated data protection OFFICER package.
on-demand GDPR Services
A Partner You Can Depend on to Help Your Organisation Meet GDPR Compliance. Industry leaders. Award-winning experience. All you need to know, to keep your business safe.
- Norsk Hydro’s Core Profit Plunges 82% After March Cyber Attack, Brazilian Spill
- Aluminum producer Norsk Hydro, the victim of a cyber attack in March that paralyzed its IT systems, posted an 82% drop in first-quarter core profit on Wednesday and said a rise in global uncertainty could impact its markets. The Norwegian company’s underlying operating result fell to 559 million Norwegian crowns ($64.3 million) from 3.15 billion crowns a year ago, while analysts in a Reuters poll on average had expected a profit of 123 million crowns.
- GrabCar fined for unauthorised disclosure of customer data in 120, 000 marketing emails
- Ride-hailing firm GrabCar has been fined $16,000 for the unauthorised disclosure of the names and mobile numbers of 120,747 customers in marketing e-mails. The 2017 incident arose from an e-mail mismatch where the affected customer’s data was disclosed to only one other individual in each case. On Dec 17, 2017, GrabCar sent 399,751 marketing e-mails to a targeted group of customers but 120,747 of these contained the name and mobile number of another customer.
- TalkTalk hacker who blackmailed executives in £77million cyber attack is jailed
- A “cruel and calculating” cyber criminal who took part in a massive TalkTalk hack and blackmailed former chief executive Dido Harding has been locked up for four years. Daniel Kelley, from Llanelli, South Wales, turned to “black hat” hacking when he failed to get the GCSE grades to get on to a computer course. He hacked the college “out of spite” before targeting companies in Canada, Australia and the UK – including the telecommunications giant which has four million customers. Daniel Kelley hacked computers ‘for his own personal gratification’ and blackmailed company bosses, revealing a ‘cruel and calculating side to his character’.
- Philly Courts Still Down After Cyber-Attack
- On June 11, Government Technology reported that the computer networks of the Luzerne County Correctional Facility in Pennsylvania continue to be impacted, leaving inmates unable to order items from the jail commissary. After a May 21, 2019, cyber-attack downed Philadelphia’s online court system for e-filing and docketing services, issues remain throughout the county, according to Government Technology.
- A misconfiguration on the website of Kingman Regional Medical Center posed a security vulnerability to the data of an estimated 1,100 patients
- On April 9, Kingman Regional learned that it may have had a possible security problem with its public website. The issue was found during a regular internal check of the public website, a step that some other providers may not take, says Teri Williams, director of communications and marketing. An outside forensics investigation found the configuration of the website made it possible for one or more unauthorized persons to view information entered into the website by patients. Possibly compromised data included patient names, dates of birth and information related to medical conditions for which patients were requesting services. Patient medical records, Social Security numbers and financial information were not compromised, Williams says.Kingman Regional website configuration exposed patient info
- the Spanish soccer team’s spying on its fan’s location.
- If that scares you, you might want to read the latest reports from the Citizen Lab about the spyware industry and just how prevalent it is. Part of this analysis is examining sneaky or deliberately misleading TOS documents. The Predator in Your Pocket – A Multidisciplinary Assessment of the Stalkerware Application Industry
- U.S. Customs and Border Patrol has had a security breach, thanks to one of its contractors.
- The data was copied from the government network without proper permission. The data contained images of less than 100,000 people’s faces and car license plates passing through one border station. While the station or the contractor wasn’t explicitly named, it appears to originate from Perceptics. U.S. Customs and Border Protection says photos of travelers were taken in a data breach and HACK BRIEF: HACKERS STOLE A BORDER AGENCY DATABASE OF TRAVELER PHOTOS
- Evite had a security breach in February.
- “An unauthorized party had acquired an inactive data storage file associated with our user accounts,” the company stated in a recent notice. The data included user names and passwords, but no financial information. No further details were mentioned. All passwords have been reset. Data Incident
- 2019 is already proving a fruitful year for hackers with millions of records stolen, medical data leaks, and credit card data theft.
- Read these brief insights about: HIV sufferers, Abused children at risk, 540 million Facebook user records, Georgia Tech, Toyota, Treatment for addiction, 19 million people impacted, but how?, Canva, First American, Hotel security audit logs, Quest Diagnostics, AMCA and Australian National University These are the 12 worst hacks, cyberattacks, and data breaches of 2019 (so far)
- Personal info of 20M people at risk after massive data breach
- A massive data breach has put personal information of more than 20 million people at risk. Maryland Attorney General Brian Frosh is urging residents to take steps to protect themselves, saying American Medical Collection Agency’s payment system was compromised on Aug. 1, 2018, and remained vulnerable through March. Personal info of 20M people at risk after massive data breach
HELPS YOU TO MEET GDPR REGULATIONS
Compliant and sustainable long-term GDPR operational behaviour. Have a rock-solid foundation for privacy procedures and GDPR mandate compliance.
Discover more trending and viral stories from our GDPR Service. The remaining Private Data breaches made news headlines. All these news related to GDPR Services happened just in the last week.
- Underwriting agency ProRisk has been hit by a serious cyber attack, forcing a shutdown of systems for several days.
- Executive Director Hamish McDonald-Nye told insuranceNEWS.com.au today that a phishing attempt seeded malware onto the company’s network at the weekend, and the system was shut down to isolate the issue and protect client data. Mr McDonald-Nye says the incident proves cyber attacks “can happen to anyone”. Underwriting agency hit by cyber attack
- Cetera latest to be hit with data breach of personal information
- Cetera Financial Group is the latest in a growing number of financial advice firms to be hit with a data breach, putting information for about 2,000 clients at risk. The firm confirmed the number of clients whose information was potentially compromised more than two months ago. Company is offering clients complimentary, two-year membership to an identity theft protection and credit monitoring service
- Noam Rotem and Ran Locar said in a blog post that more than one in four Fortune 500 companies had experienced a data breach in the last decade and thus Tech Data was “part of an elite, but particularly vulnerable, club”.
- Security researchers from virtual private network firm vpnMentor have found an unsecured server belonging to American multinational tech vendor Data Tech online, containing 264GB of data about its client servers, invoices, SAP integrations and plaintext passwords. Fortune 500 firm Tech Data leaks 264Gb of data online
- Cyber-attack causes aircraft parts maker to close indefinitely
- According to Data News, Asco has shut down its base in Zaventem, as well as operations in other countries, following a breach of security. About 1,000 people are currently on technical unemployment until the company resumes operations. Asco is originally a Belgian company, but was taken over last year by US company Spirit AeroSystems, with the merger being approved by the EU competition authorities in March. The company now has a presence in the US and Canada, and in Germany as well as Belgium. Asco, a Zaventem-based manufacturer of aircraft parts, has confirmed news that it has shut down operations following a cyber-attack on the company’s servers.
- Grand Rapids, Mich.-based Mercy Health began notifying approximately 1,000 patients on May 24 about a data breach that may have exposed patient data, according to mlive.com.
- Mercy Health discovered that a private server was vulnerable to unauthorized personnel between 2014 and March 25, 2019. The server was used to store patient information and allowed physicians to conduct office check-ins and schedule appointments. Michigan hospital alerts 1,000 patients of data breach
- US Customs and Border Protection announced Monday photos of travelers and license plates were recently compromised in a data breach.
- In a statement, CBP said it learned on May 31 that a subcontractor “had transferred copies of license plate images and traveler images collected by CBP to the subcontractor’s company network. The subcontractor’s network was subsequently compromised by a malicious cyber-attack.” Feds say photos of travelers compromised in data breach
- Over one million accounts were leaked, and a vulnerable encryption algorithm may have been in play.
- Retro gaming website Emuparadise has been involved in a data breach leading to the exposure of 1.1 million user accounts. The security incident took place on April 1, 2018, but has only recently emerged after information from impacted user accounts was provided to HaveIBeenPwned by dehashed.com. Emuparadise gaming emulator website suffers data breach
- Opko Health Inc said on Thursday it was notified by its former billing collections vendor about unauthorized access to information on about 422,600 customers, making it the third healthcare company to be affected by the incident.
- American Medical Collection Agency (AMCA) informed Opko Health that the compromised data may include credit card and bank account information, email addresses and other data such as address, phone number and balance information. However, the company said no social security numbers, bank account passwords or security questions were compromised in the unauthorized activity that occurred between August 1, 2018 and March 30, 2019. Opko Health says over 400,000 customers likely affected by data breach
- It is aviation’s largest known data breach, with 9.4 million Cathay Pacific passengers impacted, but also puzzling, gathering only 430 credit card numbers, mostly expired and none complete. Cathay says it has not received any reports of data being misused or listed on the “dark web.”
- Cathay was unequivocally faulted by Hong Kong’s Privacy Commissioner in a report released Thursday that identified two contraventions of law, low regard to data privacy and taking seven months to disclose the 2018 breach. “It is quite clear that contraventions aside, Cathay adopted a lax attitude towards data governance, which fell short of the expectation of its affected passengers and the regulator,” Privacy Commissioner Stephen Kai-yi Wong said in a statement. Cathay was served an enforcement notice. Cathay Pacific Faulted For Data Breach, But Hackers’ Objective Unclear
data protection OFFICER
Identify high-risk problems. Taking access and rights management into serious consideration is the foundation for a safely guarded online presence throughout your domain.