A digest of June’s top data disasters
June 3, 2019: One of the largest clinical testing networks in the U.S., Quest Diagnostics, was hit with an unsettling surprise. 11.9 million patients were impacted according to the company’s data breach disclosure. Quest Diagnostics labs patients had their Social Security numbers, credit card numbers, bank account numbers, and medical information exposed in the breach.
American Medical Collection Agency (AMCA), one of Quest Diagnostics’ vendors, claims its systems were hacked and its payments page were taken control of between August 1st, 2018 and March 30th, 2019 – emitting a trail of data exposure effecting several companies.
June 4, 2019: It only took a day for health care diagnostics company, LabCorp to disclose they too were impacted by AMCA’s hack. 7.7 million consumers were affected. Luckily, the information exposed wasn’t as sensitive. Names, addresses, dates of birth, and balance information could potentially have been exposed.
June 6, 2019: Here’s another healthcare-related company, also impacted by the hack of American Medical Collection Agency (AMCA). As a bitter result, unauthorized access to information on about 422,600 Opko Health customers was attained. Compromised data may include addresses, email addresses, phone numbers, credit card info, bank account info, and balance information.
It’s dishearteningly alerting how one’s misfortune can consequentially-link to the misfortune of others.
U.S. Customs and Border Protection
June 10, 2019: Fewer than 100,000 people were affected when photos of license plates and travelers’ faces were compromised in a cyberattack on a federal subcontractor for U.S. Customs and Border Protection. People were impacted by the attack while entering and exiting a single land border entry port.
June 11, 2019: The social planning service admits to a security breach by a hacker with the name Gnosticplayers. The hacker was apparently selling the records of 10 million Evite users on the dark web. The records included full names, email addresses, IP addresses, and cleartext passwords. Users who voluntarily provided records such as dates of birth, phone numbers, and postal addresses, also had this information stolen. Fortunately, no social security numbers or financial data were stolen.
June 12, 2019: Consumers and companies using Evernote’s Web Clipper Chrome extension at the time of attack were affected due to a code flaw. Though the flaw was repaired immediately upon notification, hackers still accessed the online data of Evernote’s 4.6 million users. Sensitive user information such as authentication, financials, private conversations in social media, personal emails, and more were exposed.
Hong Kong Hospital Authority
June 17, 2019: A healthcare worker is said to have disclosed the information of 76 patients who were treated in the emergency ward of a public hospital. The Hong Kong Hospital Authority denies leaking the data to police after protesters were arrested. Yet, evidence in labeled documents proves otherwise. One group of patients was marked as having attended a “mass gathering outside Legco”. A note on the top left corner of the document read “for police”.
June 18, 2019: Gnosticplayers strikes again. This time, the hacker stole the database of food delivery service, EatStreet. End customers, delivery services, and restaurant partners were all notified. Accessed information included names, phone numbers, email addresses, bank accounts, and routing numbers for restaurants and delivery services.
In an email to ZDNet today, the hacker claimed he was in the possession of over six million user records he took from the company’s servers. Over the past few months, this hacker has stolen and put up for sale 1,071 billion user credentials from 45 companies.
Marin Community Clinics
June 19, 2019: Clinics were left without computer access for days after computer systems were infected with ransomware. A ransom of an undisclosed amount was demanded by hackers. Marin Community Clinics opted to pay some of the ransom. The company remained in operation on the sole reliance of paper and believes there may be minor patient data loss just from recovering processes.
June 20, 2019: Desjardins is the largest federation of credit unions in North America, with outlets across Quebec and Ontario. Officials revealed an employee with “ill-intention” at Desjardins Group collected information about 2.7 million people and businesses and shared it with others outside the Quebec-based financial institution.
The data breach affects more than 40% of the co-operative’s clients and members. The leaked information includes names, addresses, birth dates, social insurance numbers, email addresses and information about transaction habits.
Riviera Beach, FL
June 20, 2019: A Florida city is willing to pay hackers $600,000 in bitcoins to restore its computer systems. Riviera Beach officials voted to pay the ransom to hackers who hijacked their computers after an employee clicked on a malicious email link 3 weeks ago.
The 65 Bitcoins, which equals $600,000, will come from the city’s insurance, officials said. Once the payment is made, the local government hopes to get access to data encrypted by the hacker.
Iranian Intelligence Group
June 20, 2019: According to the New York Times, the same day President Trump calls off a strike on Iranian targets, the United States Cyber Command conducted a cyberattack against an Iranian intelligence group that is believed to have played a part in planning the recent attacks against oil tankers. The cyberattack was meant to knock the intelligence group offline, even if just temporarily. Computer systems that control Iranian missile launches were also targeted in an additional breach.
June 25, 2019: The company was struck with a large lawsuit for allegedly violating the privacy of its consumers. Safaricom was accused of breaching data on 11.5 million customers by exposing their biodata and sports betting history. Specific subscriber data exposed consists of full names, their phone numbers, identity numbers, passport numbers, gender, age, and total amounts gambled.
June 26, 2019: An insurer and administrator of dental and vision benefits, Dominion National, faced a security breach. A comprehensive investigative review determined that the potentially compromised information may include the following data: names, addresses, dates of birth, email addresses, Social Security numbers, taxpayer identification number, bank account and routing numbers, member ID numbers, group numbers, and subscriber names of what amounts to 10% of Delaware’s population.