Well, it’s a big list this month.
The number of data breaches is growing every day – which is hardly surprising. While organisations struggle to keep their and their customers’ data safe, criminal hackers are already selling that data on the dark web.
What’s happened this month?
LinkedIn breach
A major talking point this month was the data breach LinkedIn suffered back in 2012. What was originally announced as a breach that affected 6.7 million members, actually affected 117 million. This was revealed when an unknown individual/group put the data up for sale on the dark web for around $2,200. A sample of the data was verified by a few third parties.
It’s not much of a secret that LinkedIn has handled this breach poorly. In fact, in the time it took LinkedIn to notify me that one of my email addresses was affected, I had written an article about the breach, recorded a podcast on it and enjoyed a weekend.
Organisations can’t be slow in these situations. If your customers are going to be notified of a breach, make sure it’s YOU doing the notifying.
W-2 breaches
There has been a significant increase in breaches affecting W-2 data, which relates to confidential tax information in the US. There are three instances in this month’s list, but these are just the ones that I’ve been able to find – I assume there are many more.
A recent report found that, in Q1 2016, 41 organisations had been successfully targeted for W-2 data. Back in March, the IRS issued a warning to HR departments about an increase in BEC (business email compromise) scams that aim to steal W-2 data.
If you’re aware of any other W-2 breaches that aren’t in this list – please let me know and I’ll get them added.
Data breach
MySpace and Tumblr hit by ‘mega breach’
117 million hacked LinkedIn email addresses and passwords put up for sale
Kiddicare customers at risk after data spills from test server
CA Health & Longevity Institute patients notified of Bizmatics breach
Probable security breach may have compromised thousands of Lewis Palmer students’ data
Email gaffe at clinic exposes patients’ names and email addresses
Email fail at Do Not Call Register, thousands of contacts exposed
Comanche County Memorial Hospital notifies 2,199 patients after contractor’s email gaffe
Another Bizmatics, Inc. client notifies 7.500 patients of hack
Complete Chiropractic & Bodywork Therapies notified 4,082 patients after discovering malware
Eye Associates of Pinellas notifying 87,000 patients of Bizmatics breach
County council’s data breach shockers: Care papers dumped in bin and personal info leaked to public
Open records request goof exposes personal info of 36,000 Poway USD students and their parents
City College of San Francisco notifies students after employee falls prey to phishing scam
Talentbuddy.co / Talentguide.co Database Exposed, Company Reacts Swiftly
Data breach reported at Katy physicians group
Avention investigating two data breaches involving employee info
Florida Medical Clinic, PA notifies 1,000 patients after Greenway Health error exposed PHI
Teen Dating Site Left Underage Users’ Private Messages Exposed To Anyone
Huge embarrassment over fisting site data breach
Children’s National Medical Center blames former transcription vendor for privacy breach
Breach at vendor’s results in Mayfield Brain & Spine patients receiving emails containing malware
Passwords and Sexual Desires for Dating Site ‘Fling’ hacked and up for sale
5,800 Palm Beach County teachers notified of data security breach
Cyber attack and ransomware
Perez Hilton website visitors hit by two malvertising attacks in same week
Visitors to TV station websites targeted in malvertising attack
Hackers demand ransom payment from Kansas Heart Hospital for files
Commercial Bank of Ceylon website hit by hack attack
Gilbert Public Schools email hacked by junior high school student
Michigan electricity utility downed by ransomware attack
Financial
EPISD employee accounts hacked, money stolen
Payroll vendor employee falls for phishing scam, all clients’ W-2 data involved
1.4 Billion Yen Stolen From 1,400 Japanese ATMs
Stanford University continues to investigate breach involving employee W-2 data
“Large number of” Brunswick Corporation employees being notified of W-2 data breach
Barton County Treasurer’s Office falls for email scam
O’Charley’s suffers payment card network compromise, notifies customers
Noodles & Company Probes Breach Claims
Hi-Tec Sports notifies Hi-Tec, Magnum Boots customers of payment card compromise
Union League Club fires employee, investigates customer credit card breach
Fighting back against cyber crime
Teenager charged over Mumsnet hack and DDoS attack
Member Of Large-Scale, $5 Million ATM Skimming Scheme Sentenced To More Than Seven Years In Prison
Other
Database mix-up let some smart doorbell users see video from others’ homes
Reddit Forced to Reset 100,000 Passwords After ‘Uptick’ In Hacked Accounts
Met officers ‘hacked database to leak name of protected witness’
Trends and traits of data breaches
To help you understand the trends and traits of data breaches, what they are, how and why they occur, and what you can do to avoid suffering a similar fate, take a look at our book of the month: Managing Information Security Breaches – Studies from real life by Michael Krausz.
This thought-provoking guide details how breaches can be treated and the direction you should take if you’ve been affected.
Buy your copy now.
Share now…
Your count for W-2 phishing incidents is seriously under the number actually reported to date this year. I’ve got 131 for the year by now, although the way I compile them, you won’t be able to tell which were in May. And I’m sure my list is missing lots:
http://www.databreaches.net/meanwhile-back-at-the-phishing-for-w-2-department/
Hello,
Ah yes, I’m way under! I’ll get the article updated to match your numbers. Thanks 🙂