Remember when I said last month that “with the GDPR less than a month away I imagine future lists will be even longer thanks to the introduction of mandatory data breach notifications”?
Well, May’s list of incidents is very long, and the GDPR only came into effect at the end of the month.
If I were a cynic I might think that some breached organisations were seeking to keep their exposure to regulatory fines to a minimum by rushing to report historic incidents before the GDPR – and its enhanced penalty regime – applied. I’m not, though. I’m entirely guileless.
I count this month’s total number of breached records to be 17,273,571, which is actually quite low when compared with previous months.
As always, let me know if I’ve missed anything.
Cyber attack & ransomware
Town of Wasaga Beach recovering from ransomware attack, negotiating with hackers
Associates in Psychiatry and Psychology disclose ransomware incident
Allied Physicians of Michiana report SamSam attack
Ransomware attack on Family Planning NSW
Police Dept Loses 10 Months of Work to Ransomware. Gets Infected a Second Time!
Hacker Shuts Down Copenhagen’s Public City Bikes System
Data breach
Privacy Commissioner says Avenue Living privacy breach poses a risk
HIT Hacked Again? More Than 3 500 Student Account Credentials Leaked
University of Vermont notifies community of hack of NetID portal
Jaguar Land Rover data leak reveals employee records, upcoming layoffs
Aultman data breach may have accessed patient information
County Clerk’s Office tossing personal, sensitive customer information in the trash
Insurance startup leaks sensitive customer health data
Coca-Cola Suffers Breach at the Hands of Former Employee
SimplyWell (Viverae) notifying Lincoln Electric System employees of of personal health info breach
Another data breach for SA – passwords and IDs exposed
Data Leak May Have Affected Patients at Muir Medical Group IPA
LifeBridge Health and LifeBridge Potomac Professionals Notify Patients of a Recent Security Incident
UT alerts some faculty, students of lost flash drive containing Social Security numbers
The University of Greenwich fined £120,000 by Information Commissioner for “serious” security breach
Teen phone monitoring app leaked thousands of user passwords
Two thousand, six hundred and ninety UB logins stolen in data breach
Hospital staff disciplined after Ed Sheeran data breach
Bloomfield Hills high schoolers hack database to give themselves better grades
LA Confidential: How Leaked Emergency Call Records Exposed LA County’s Abuse & Crisis Victims
Marines make changes after data of 164,000 people lost on Okinawa
Crown Prosecution Service fined £325,000 after losing victim interview videos
LifeBridge Health and LifeBridge Potomac Professionals Notify Patients of a Recent Security Incident
CBC warns past, current staff personal data may be at risk after break-in, theft of computer
Hacker Publicly Posts Data Stolen From Government-Linked Cyberespionage Group
UT physician group improperly shared patient email addresses
More than 200,000 patients’ records were exposed on MedEvolve’s public FTP server – researcher
Huge new Facebook data leak exposed intimate details of 3m users
Notice of Unauthorized Access to Chili’s® Grill & Bar Guest Data
LaPorte & Associates notifies clients of laptop theft
Notice to Individuals Regarding Privacy Incident Involving Capitol Administrators, Inc.
Data breach affects nearly 900 patients from two San Francisco hospitals
Patients’ data released in Oswestry orthopaedic hospital breach
High school apologises over data breach of pupil information
Eye Care Surgery Center notifies 2,553 patients of laptop theft
Android App With 10 Million Downloads Left Users’ Photos and Audio Messages Exposed to Public
Data stolen in Sheffield Credit Union cyber attack
HIV Patient’s Records Leaked, UAMS Fires 3
Tencent-Backed Internet Giant Probes Massive User-Data Leak
MAXIMUS notifies 3,029 patients after Business Ink mailing error exposes PHI
Mass notification launched after inappropriate access to Winnipeg patient data
Financial information
BMO and CIBC-owned Simplii Financial reveal hacks of customer data
Hacker Steals $1.35 Million From Cryptocurrency Trading App Taylor
Aflac says agent emails were hacked, exposing personal information of clients
Bombas notifies consumers of breach going back to 2013
Notice of Data Breach at blackphoenixalchemylab.com
Morinaga Milk fears leak of 120,000 online customers’ info
Malley’s Chocolates’ website hacked, 3,400 online customers’ card information breached
Email account of Northwest University’s CFO hacked; school out nearly $60,000
Australia’s Largest Bank Lost The Personal Financial Histories Of 12 Million Customers
Other
Comcast website bug leaks Xfinity customer data
Remember your baby’s newborn pictures? They may still be online.
Fighting back
Grant West, aka “Courvoisier,” sentenced to 10 years and eight months
Shadowy Hackers Accidentally Reveal Two Zero-Days to Security Researchers
Good morning Lewis
Thank you for your post and comments, very illuminating. I hope it serves as a reminder for everyone just how significant this matter really is. As an aside, your note of “ones child’s photos might still be online”, is a good reminder for every parent.
Kind regards
Haydon
Thank you Lewis for taking time in putting all together, appreciated. I found cyber attack and ransomware links very interesting. Great work, thanks.
Thank you very much Lewis for this valuable information. Any chance to categorise these lists by country?