GDPR Services report 20 Private Data breaches
– Week 34, 2019 –
This is a curated list about last week’s latest news from by our GDPR Services. Be informed about the latest 20 Private Data breaches, identified and reported publicly during Week 34, 2019.
As these Private Data breaches have a severe negative impact on any business and highly serious legal consequences, consider a these GDPR Service packages: on-demand GDPR COMPLIANCE or a recurrent monthly service of GDPR COMPLIANCE ADD-ON together with your dedicated data protection OFFICER package.
- A Pakistani national has been charged by U.S. authorities for his role in a scheme that involved bribing employees of telecommunications giant AT&T to help unlock phones and plant malware on the company’s network.
- The suspect, Muhammad Fahd, 34, was arrested in Hong Kong in February 2018 and he was extradited to the United States on August 2, 2019. According to the Justice Department, Fahd led a conspiracy that involved bribing AT&T employees working at a call center in Bothell, Washington, to get them to unlock cell phones associated with specified international mobile equipment identity (IMEI) numbers. Pakistani Man Bribed AT&T Employees to Unlock Phones, Plant Malware
- A trove of patient information was breached during two separate security incidents; health vendor Medico and Amarin Pharma recently confirmed misconfigured databases put patient data at risk.
- Health vendor Medico and Amarin Pharma recently reported data breaches caused by misconfigured databases, which potentially exposed the data of thousands of patients. According to the UpGuard Data Breach Research Team, a misconfigured database exposed 14,000 documents containing medical, personal, and financial data from Medico, a healthcare billing and insurance data processing vendor. 2 Misconfigured Databases Breach Sensitive Data of Nearly 90K Patients
- More than 1.5 million users of a group dating service had their personal data exposed — including their real-time location — because of a vulnerability in the app.
- The dating site, 3Fun, bills itself as a “private space” where you can meet “local kinky, open-minded people.” But the data wasn’t private at all. Ken Munro, founder of Pen Test Partners, which published its findings Thursday and shared its findings with TechCrunch, said it was “probably the worst security for any dating app we’ve ever seen.” Group dating app 3Fun exposed sensitive data on 1.5 million users
- FBI: Nashville company Asurion paid $300K ransom after private data was stolen
- A Nashville corporation paid at least $300,000 in ransom to an extortionist who claimed he stole private info of thousands of employees and more than a million customers, according to new court records from an ongoing FBI investigation. Asurion, a global phone insurance and tech support company headquartered in the city, confirmed the breach but said it believes the suspect took less information than he claimed. A Nashville corporation paid at least $300,000 in ransom to an extortionist
- Users of credit monitoring site Credit Karma have complained that they were served other people’s account information when they logged in.
- “First time logging in it gave me my information, but as soon as I refreshed the screen, it gave me someone else’s info,” said one Reddit user. “Refreshed again and bam! someone else’s info — it’s like roulette.” Another user said they logged in and out several times and each time they had “full access to a different random person’s credit file,” they said. Credit Karma glitch exposed users to other people’s accounts
- When users of hacking forums turn on each other, expect things to get messy quickly.
- The latest site to find itself on the receiving end of this phenomenon is Cracked.to which last Friday reportedly found its database of 321,000 members and 749,161 unique email addresses leaked on rival site, RaidForums. We can say that with confidence because by Monday the compromised accounts had become another statistic on the Have I Been Pwned (HIBP) breach database – the industry’s go-to for news of such incidents. Hacking forum spills rival’s 321,000 member database
- Company doesn’t know what locations were impacted, but it’s warning customers early so they can keep an eye out for suspicious transactions.
- Supermarket chain Hy-Vee has published a warning to customers this week after staff discovered a security breach on some of its point-of-sale (PoS) systems. The company said that card transactions made at Hy-Vee fuel pumps, drive-thru coffee shops, and restaurants (Market Grilles, Market Grille Expresses, and Wahlburgers) may have been recorded by hackers. Hy-Vee issues warning to customers after discovering point-of-sale breach
- A website that shares adult content has caused blushes of a different kind by leaking the private data of 1.195 million global users.
- An authentication failure on the website Luscious.net allowed unrestricted access to a database containing user names, locations, genders, personal email addresses and even some full names. Also available were activity logs detailing what users had liked, uploaded, commented on and shared. Users of Adult Website Exposed By Data Breach
- Movie ticket subscription service MoviePass has exposed tens of thousands of customer card numbers and personal credit cards because a critical server was not protected with a password.
- Mossab Hussein, a security researcher at Dubai-based cybersecurity firm SpiderSilk, found an exposed database on one of the company’s many subdomains. The database was massive, containing 161 million records at the time of writing and growing in real time. Many of the records were normal computer-generated logging messages used to ensure the running of the service — but many also included sensitive user information, such as MoviePass customer card numbers. These MoviePass customer cards are like normal debit cards: they’re issued by Mastercard and store a cash balance, which users who sign up to the subscription service can use to pay to watch a catalog of movies. For a monthly subscription fee, MoviePass uses the debit card to load the full cost of the movie, which the customer then uses to pay for the movie at the cinema. MoviePass exposed thousands of unencrypted customer card numbers
- Massachusetts General Hospital said Thursday that a data breach in its neurology department has exposed the private information of nearly 10,000 people.
- “An unauthorized third party” accessed data in two computer programs used by researchers, Mass. General said. The breach exposed data about participants in certain research programs, including their names, dates of birth, medical record numbers, and medical histories. Social Security numbers and financial information were not disclosed, according to the hospital. The incident occurred in June. The hospital has begun notifying people who were affected. MGH reports data breach that exposed information of nearly 10,000 people
Discover more trending and viral stories from our GDPR Service. The remaining Private Data breaches made news headlines. All these news related to GDPR Services happened just in the last week.
- New Data Breach Has Exposed Millions Of Fingerprint And Facial Recognition Records: Report
- The news of the breach was first published by Wednesday’s Guardian newspaper in the U.K., which highlighted the use of Suprema solutions by the “Metropolitan Police, defence contractors and banks.” The breach, though, is international, with Suprema’s Biostar 2 biometric identity SDK integrated into the AEOS access control system “used by 5,700 organisations in 83 countries, including governments, banks and the police.” Major breach of a biometric database has actually been reported
- Capital One hacker took data from more than 30 companies, new court docs reveal
- Paige A. Thompson, the hacker accused of breaching US bank Capital One, is also believed to have stolen data from more than 30 other companies, US prosecutors said in new court documents filed today and obtained by ZDNet. New court documents reveal the government is investigating the Capital One hacker for 30+ other breaches.
- Another day, another breach, as hackers demand ransom for 700,000 customer records
- US-based hotel chain Choice Hotels has faced ransom demands from hackers, after they reportedly managed to steal more than 700,000 customer records. The stolen records is said to include names, full addresses, email addresses, and/or phone numbers, and the information was easy pickings for the hackers as the MongoDB instance was reportedly unprotected. Choice Hotels Data Breach Affects 700,000 Records
- Canada’s Desjardins Reports Costs of $53M Related to Data Breach
- Unauthorized use of internal data by an employee led to breach of personal information including social insurance number, address and details of banking habits, the company said in June. Last year, Bank of Montreal and Canadian Imperial Bank of Commerce said that cyber attackers may have stolen data of nearly 90,000 customers in what appeared to be the first significant assault on financial institutions in the country. Canadian lender Desjardins Group said on Monday it spent C$70 million ($53 million) in the second quarter related to a data privacy breach earlier this year that exposed personal information of 2.9 million members.
- Epic Games faces class action lawsuit over Fortnite data breach
- A class-action lawsuit is forming against Epic Games following a breach that exposed the personal data of Fortnite players at the end of last year. US law firm Franklin D. Azar & Associates is calling for users who believe they have been affected to join the suit, promising to “fight to get you the recovery you deserve.” US law firm says Fortnite users “have no guarantee security measures will adequately protect their personal information”
- Five companies have been fined $117,000 in the last three weeks for failing to secure the personal data of their customers and staff.
- The biggest fine of $54,000 was given to Horizon Fast Ferry, which offers ferry services between Singapore and Batam. 5 firms fined over data breaches
- Aegon Life Insurance India on Friday announced that a vulnerability on its website exposed information of some Indian customers who had used web forms to get in touch with Aegon Life.
- Aegon Life immediately fixed the vulnerability and have since informed all customers of this exposure. Aegon Life estimates that up to 10,000 customers were possibly affected. The company said: “We will initiate an outreach programme in coming days to offer guidance to affected customers and to let them know what information was exposed. At Aegon Life, data security and customer privacy are of utmost importance and we will continue to be transparent with customers as we investigate further.” Aegon says data of 10,000 customers exposed
- Monzo, a mobile-only bank operating in the UK, admitted today to storing payment card PINs inside internal logs.
- Bug in Monzo mobile apps sent account PINs to internal logs. The logs were encrypted, Monzo said. The company is now notifying all impacted customers and urging users to change card PINs the next time they use a cash machine. Monzo described the issue as a “bug” that occurred when Monzo customers used two specific features of their Monzo mobile apps — namely the feature that reminds users of their card number and the feature for canceling standing orders. Monzo admits to storing payment card PINs in internal logs
- Albuquerque, N.M.-based Presbyterian Healthcare Services began mailing letters to 183,000 patients Aug. 2 notifying them of a data breach that may have exposed their personal information, according to the Albuquerque Journal.
- An employee at the nonprofit health system fell victim to a phishing attack May 9. Presbyterian became aware that an unauthorized third-party had gained access to the email account on June 9. Patient information that may have been affected included names, dates of birth, Social Security numbers and other types of information. Presbyterian is unaware of any misuse, reports the Albuquerque Journal. The health system also said that the hackers did not gain access to its EHR or patient billing information. Since the incident, Presbyterian has added additional security measures to protect its email system. Additionally, the health system will continue to conduct its annual security training for employees. Presbyterian alerts 183,000 patients of data breach
- Exposed MongoDB databases have become the easy money-maker ransomware criminals are busy filling their boots with.
- In mid-July 2019, another database fell to the extortion hackers, this time containing 2.1 million records belonging to well-known Mexican publisher and bookseller, Librería Porrúa. It’s not certain how many individual customers were affected, but purchase information included details of 1.2 million names, email addresses, shipping addresses and phone numbers, plus site information such as invoices and purchases, shopping cart IDs, activation codes and tokens, and hashed card details. Attackers ransom bookseller’s exposed MongoDB database