Ocorreram 99 violações de dados e ataques cibernéticos massivos em agosto, tornando-se o terceiro maior total mensal do ano em número de incidentes de segurança.
Mas, por outro lado, apenas 36.673.575 registros foram confirmados como vazamentos, que é o menor número que registramos desde maio de 2018.
O número real, como sempre, será maior do que isso – em parte porque as organizações raramente divulgam quantos registros estiveram envolvidos em incidentes de segurança. Mas vamos dar uma resposta positiva da maneira que pudermos, especialmente considerando o quão problemáticas as organizações têm estado durante o bloqueio.
Você pode encontrar nossa lista completa de violações de dados divulgadas publicamente desde agosto neste blog, com incidentes que afetaram organizações do Reino Unido listados em negrito .
Enquanto isso, você pode se manter atualizado com as últimas notícias, assinando nosso resumo semanal ou visitando nosso blog .
Ataques cibernéticos
- 15-year-old Merseyside boy arrested for hacking UK PayPal accounts(unknown)
- Leeds-based Luminate Education Group hit by cyber attack (unknown)
- Myerscough College hit by cyber attack on exam results day (unknown)
- Mexican delivery startup iVoy experiences data breach (127,432)
- Cyber attack affects website of Texas-based Hudson Independent School District (unknown)
- Hacker leaks passwords for enterprise VPN servers (913)
- Intel investigating breach after 20GB of internal documents leak online(unknown)
- FX broker Pepperstone has updates its clients over third-party malware attack(unknown)
- Scholarship America notifies individuals of breach (unknown)
- Indiana-based Community School Corporation of Southern Hancock County hit by cyber attack (unknown)
- Ohio-based Premier Health Partners discloses data breach (unknown)
- The SANS cybersecurity training organisation hit by phishing scam (unknown)
- Pakistani intelligence agencies have tracked a major security breach by Indian hackers (1,400)
- North Korean hacking group attacks Israeli defence industry (unknown)
- Canada Revenue Agency records breached in a pair of cyber attacks (5,500)
- Germany’s military-run transport fleet hacked (unknown)
- Rochester City School District reopening forum hacked on Zoom (unknown)
- Experian SA incident affects millions of South Africans (24 million)
- Incident at Louisiana’s Jefferson Parish public school affects students (86)
- Mitsukoshi and MI Card confirm that its systems were hacked (19,000)
- Kariyer.net customers hit by security incident (55,149)
- Hacker breaks into royalty-free photo site Freepik (8.3 million)
- CO-based Mental Health Partners says an employee’s account was hacked(unknown)
- Sumitomo Forestry Co., Hitachi Chemical Co. among Japanese firms affected by VPN vulnerability (unknown)
- CA-based North Okanagan Pediatric Clinic informs patients of cyber attack(unknown)
- New Zealand stock exchange disrupted by fourth ‘offshore’ cyber attack(unknown)
- Nevada’s Clark County School District provides few details of security incident(unknown)
- Utah Pathology Services notifying patients of security incident (112,000)
Ransomware
- British Dental Association records leaked on the dark web (5,524)
- Australian aged care firm Regis hit by ransomware (unknown)
- Canon suffers ransomware attack that impacts numerous services (unknown)
- Lafayette, CO, gov pays $45,000 in ransom after computer systems were disabled (unknown)
- Coronavirus ventilator manufacturer Boyce Technologies targeted by ransomware gang (unknown)
- Three US medical practices hit by ransomware (unknown)
- Multiple systems impacted by ransomware attack on California-based Imperial Valley College (unknown)
- Jack Daniel’s manufacturer target of apparent ransomware attack (unknown)
- Medical debt collection firm R1 RCM hit in ransomware attack (unknown)
- OK-based Ponca City Schools had backups to prevent ransomware disaster(unknown)
- Baugo Community Schools in Indiana dealing with cyber attacks (unknown)
- Canadian land developer Brookfield Residential hit with ransomware (unknown)
- Delivery firm Canpar Express faces delays amid ransomware attack (unknown)
- NC’s Haywood County schools shut down by ransomware (unknown)
- No ransomware paid after Ventura Orthopedics hit by ransomware (1,850)
- Arkansas’ Gosnell School District is recovering from a ransomware attack(unknown)
- CA-based Rialto Unified suspends online learning amid ransomware (unknown)
- Valley Health System recovering from ransomware attack while maintaining patient care (unknown)
- California’s Selma Unified School District hit by ransomware (unknown)
- North Carolina’s Greenville Technical College suffers ransomware attack(15,000)
- Houston’s United Memorial Medical Center hit by ransomware (unknown)
- Rocky Mount, North Caroline, hit by ransomware (unknown)
- Amphastar Pharmaceuticals learns that hackers exfiltrated employee data in ransomware attack (unknown)
- Cruise ship operator Carnival crippled by ransomware (unknown)
Violações de dados
- Basingstoke Hospital investigating possible confidentiality breach(unknown)
- Password displayed in Plymouth government building window(unknown)
- Passer-by finds sensitive medical info belonging to Caithness General Hospital (19)
- Southern Water customers could view others’ personal data by tweaking URL parameters(unknown)
- Robocall legal advocate Blacklist Alliance leaks customer data (388)
- Twitter says security flaw may have exposed Android users’ direct messages(unknown)
- Canadian transport firm Metrolinx investigating privacy breach (2,000)
- MedEvolve finally discloses security incident two years after it occurred(unknown)
- Argentinian government exposes COVID-19 health data (115,000)
- Ireland’s Department of Employment Affairs and Social Protection leaks sensitive data (unknown)
- Researchers uncovered Alexa flaw that exposed personal information and speech histories (unknown)
- BioTel Heart leaves cardiac patient data exposed online (61,000)
- Hacker releases the databases of Utah-based gun exchanges (281,999)
- Researcher discovers Github databases from nine US medical entities (150,000)
- New South Wales Police force leaks emails relating to Black Liver Matter protest(150)
- Co Cork’s Union Quay Medical Centre sent STD and mental health diagnoses to the wrong patient (2)
- AI company Cense leaked information from car accident victims (2.41 million)
- Canada’s London Police Service snooped on records of people who tested positive for COVID-19 (10,475)
- Managed isolation facility security guard suspended over social media privacy breach (27)
- Records from West Texas Orthopedics found in recycling centre (unknown)
- South African social grant applications were found dumped on the street(unknown)
- India’s most popular travel booking hubs was left exposed (700,000)
- Wellington-Dufferin-Guelph Public Health notifies those affected by data breach(unknown)
- New South Wales driver’s licences found in open Cloud storage (54,000)
- Manitoba government confirms privacy breach at Children’s Disability Services(9,000)
- Philadelphia Archdiocese clergy abuse victims part of accidental email leak (47)
Informações financeiras
- Toronto residents’ CERB payments on hold after fraudulent employment insurance claims (700)
- Kentucky’s unemployment system suffers another breach (unknown)
- Defence supplier PULAU Corporation says it has been hacked (unknown)
- American Payroll Association notifying those affected by cyber attack (unknown)
Insiders maliciosos e incidentes diversos
- Nova Scotia Health notifying patients affected by two separate incidents (211)
- Arkansas-based Ashley County Medical Center fires nurse for improperly accessing patient records (722)
- Iran cover-up of deaths revealed by data leak (200,000)
- Former employee at NC-based Coastal Preparatory Academy stole sensitive data(unknown)
- Rogue employee to blame for breach at Turkey’s Rezzan Günday (unknown)
- Employee at IL-based Villa at Palos Heights paid bills with patients’ info(unknown)
- Cisco engineer resigns then nukes WebEx accounts (16,000)
Em outras notícias…
- Author of FastPOS malware revealed, pleads guilty
- Cyber insurance: The moral quandary of paying criminals who stole your data
- For six months, security researchers have secretly distributed an Emotet vaccine
- Please stop hard-wiring AWS credentials in your code. Looking at you, uni COVID-19 track-and-test app makers
- Marriott faces London lawsuit over vast data breach
- Russian arrested for trying to recruit an insider and hack a Nevada company
FONTE: IT GOVERNANCE