Peter A Clarke

As it does, it Governance has collated data breaches and cyber attacks for July 2022 and found that 99.2 million records were breached.  That is quite outstanding. They include:

• the comic reading platform Mangatoon has suffered a massive data breach involving 23 million accounts. The breach apparently occured when a hacker found an unsecured Elasticsearch database. It seems that credentials just said password.
• Twitter suffered a data breach involving 5.4 million records involving phone numbers and email addresses.  The hacker attempted to sell data for $30,000.
• the virtual pet website Neopets had a data breach involving the theft of the source code and a database containing personal information of 69 million members. It amazes me that 69 million people would sign up for a website where people can own, raise and play games with their virtual “pets.”
• Carolina Behavioural Health Alliance suffered a ransomware attack involving health information of 138,000 people.
• a misconfigured portal in a Phillipine government website, Proud Makatizen, resulted exposure of 620,000 files.  The files included photos of ID cards as well as private and financial information.

In Australia there were significant data breaches Read the rest of this entry »

There is a sub specialty of data breaches involving institutions of higher education.  Recently in  Australia there have been data breaches of the Australian National University, the University of Tasmania and most recently Deakin University.  Yesterday it was reported that the University of Western Australia has suffered a significant data breach involving access of personal information and grades.

Unlike the data breaches at other universities this data breach involved the theft  of laptops which held the personal information.  Failure to secure bring your own devices, be they lap tops, phones, cameras, ipads etc.. is a chronic problem.  These days large data breaches are generally caused by cyber attacks however, as this case highlights, the temptation for staff to store masses of personal information on lap tops for convenience in working offsite or even within a place of employment.  Given this is the second data breach involving data stored on computers since 2019 the University has poor data security as well as physical security practices.  If this occurred in the United Kingdom the University would be liable to receive a very significant monetary penalty.  Here Read the rest of this entry »

The impact of data breaches cannot be underestimated.  Many, if not most, businesses and organisations store their data on computers which are connected with the internet.  For the service industry that usually means personal information.  Masses of it.  And the health sector is a prime target for cyber attacks because health service providers collect a vast amount of personal information and types of information which may be used for identity theft and other forms of fraud.  Unfortunately the health sector is also prone to poor cyber security practices. This is highlighted in Cyber Incident Cost $100 Million, Tenet Healthcare Reports.  That is a significant cost but not a record by current standards. 

Tenet’s data breach is not an isolated incident by any stretch.  In June and July there have been the following breaches of health care providers:

• Avamere Health Services suffered intermittent unauthorized network access between January 19, 2022 and March 17, 2022. A total of 380,984 patient records were affected and notified. The personal information involved were names, addresses, dates of birth, driver’s license or state identification numbers, Social Security numbers, claims information, financial account numbers, medications information, lab results, and medical diagnosis/conditions information.
• The City of Newport suffered a data breach on June 8, 2022 and June 9, 2022 involving records of city employees.
• in the Canadian province of Newfoundland and Labrador Eastern Health suffered a data breach  resulting in a privacy breach notification sent to 37,800.  That equates to one out of every 13 people in the province.

• Feelyou a journaling and social mood tracking app had a flaw whereby anyone could obtain the personal email addresses of users and link them to anonymous posts by simply accessing the app’s GraphQL application programming interface (API), which did not require any authentication to do so. This affected 70,000 personal emails.

Read the rest of this entry »