Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)



Monday 20 April 2020

Data Breaches Digest - Week 17 2020

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 20th April and 26th April 2020.


26th April

Chinese ‘Frontline’ COVID-19 Research Firm Hacked: Data Now On Dark Web

Crooks are grabbing victims' money with offers of free Netflix: An ex-con reveals his tips to beat the lockdown TV scams

Kaspersky report: Nearly half of employees don't know how to respond to ransomware attacks

Why we adopt then abandon online safety practices

25th April

160,000 Nintendo Network IDs compromised from suspected breach

Apple Confirms New Warning Affecting Almost All iPhone Users

Email, class registration, payroll down from computer hack at Illinois Valley Community College

Nintendo Discontinues Support For Nintendo Network IDs Due To Recent Hacking

Payment processor exposes 2.5 million credit card transactions

Personal data hacked from 23 million Webkinz child game players

Remote Working Is Transforming The Cyber Security Landscape in 2020

Ways to get around being data mined

24th April

67% of Small Businesses Aim to Increase Cybersecurity in 2020

400,000 US, South Korean card records put up for sale online

Android malware is still a huge issue, but that doesn't mean Android is unsafe

Apple disputes recent iOS zero-day claim

Apple fixes critical iOS vulnerability that hackers used to steal private data for years

CISI to compensate fraud victims after website hack

COVID-19: Cyber threats increased by 37%, are you at risk?

COVID-19, Work-From-Home and the Risks of Data Leakage: Here’s How to Protect Your Company

COVID-19 crisis: Congress slams Nagaland government after data security breach

CyberAttack: Another pandemic in the wake of COVID-19

Cyber Chasse Alerts Healthcare Organizations over Increase in Cyber Attacks

Data breach! 20 million app store credentials leaked

Data breach lawsuit advances against Hy-Vee

Data on computers health unit left behind prompts letter to privacy commissioner

Digital Fraudsters Treat COVID As An Opportunity

Exercise app accused of “massive data leak”

Flaw in iOS Mail App May Put Millions at Risk

Genetic Testing Lab Hack Affects 233,000

How Privileged Access Management Can Protect PII

Judge approves $8.9M settlement for Banner Health data breach

Kaspersky Finds 30% of IT Security Managers Missed Important Personal Events due to Data Breaches

“Lockdown” related data security risks have soared

Michigan State Grapples with Data Breach in Third-Party Software

Nagaland Congress seeks action against data security breach of stranded people

Nintendo Confirms Massive Data Breach of Up to 160,000 User Accounts

Nintendo finally admits ‘unauthorised access to some Nintendo Accounts’

Nintendo Left Gamers Vulnerable Long Before Shocking Data Breach

Nintendo says 160,000 users impacted in recent account hacks

OneSpan: how to protect from account takeover fraud

Over half of organizations expect remote workers to be a data breach vector

Poland implicates Russia in cyberattack, info op aimed at undercutting U.S. relations

Privacy commissioner asked about 'information' left on computers abandoned by health unit

Security alert: 'Dramatic' increase in cyberattacks says WHO, after passwords leaked online

SMEs face increased cybersecurity risks, phishing attempts

Stuck at home, UK lockdown DIY fans slammed with Robert Dyas data breach

The Best Password Security Tips to Avoid Getting Hacked

The Bigger Perimeter Picture of #COVID19

The Human Brain is Both a Liability and Asset for Cybersecurity: Here’s Why

The real cost of a data breach

Trucking Companies: The New Target for Scammers

What All Employees With Network Access Should Know About Cybersecurity

When is a Data Breach Not? The WHO and Gates Foundation Compromises

WHO Reports COVID-19 Spurs Rapid Rise in Cyberattacks Against Staff

Why cloud data protection is a must in the time of COVID-19 crisis?

Work-from-home creates multitude of opportunities for leaks

Zoom Phishing Campaign Tricks People into Revealing Login Credentials

23rd April

500 million iPhone-iPad users have a big dent in data

2020 Trustwave Global Security Report Places Ransomware Threat In Context

A carrot-and-stick approach to fixing cyber security complacency

Alleged Neo-Nazis Post WHO and US Gov Log-ins Online

Companies must invest in cyber security and assess elevated risks of home working

Confidential details of entire WA Police Force accessed in 'startling' audit breach, CCC finds

Credentials of WHO, World Bank & NIH officials shared online

Cyberattacks continue amid COVID-19 pandemic

Data Breach Report: Kinomap, Exercise App, Exposes 42 Million User Records

Data Breaches Impact Employees’ Work-Life-Balance

Data Leak Complicates Hack Against Torrance, California

Email bungle at company seeking jobkeeper payments exposes staff's personal details

Email Credentials of WHO, The Gates Foundation, Other Leaked Online

Enterprises are getting more high-risk calls as fraudsters exploit COVID-19

Facebook profile details of over 267 million users stolen and sold on the dark web

Four keys to proper cyber-hygiene on World Password Day 2020

French Fitness Tech Firm Kinomap Suffers Data Breach; Exposes 42 Million User Records

Hackers target Robert Dyas to steal customers' payment card details

How sextortion scam emails sneak past security filters

How the Dark Web Fuels Insider Threats

How to Keep Your E-commerce Customers Safe?

iOS Mail application suffers from a serious security breach

La Playa hit by phishing scam

Lessons learned from the Small Business Administration's data breach

Maze Ransomware – What You Need to Know

New Facebook Data Breach as Hackers Sell Tens of Millions of Facebook Accounts Details for Low Price

New Zoom vulnerability lets hackers record any meeting anonymously

Nintendo Faces Hacking Onslaught; This Is How To Protect Yourself

Over half of organisations expect remote workers to increase the risk of a data breach

“Paay” Left an Unprotected Database Online Containing Credit Card Details

Paay open database exposes 2.5M transactions, challenges PCI compliance

Possible data breach with States grant scheme being investigated

SBA Loan Program for COVID-19 Relief Suffers Data Breach

SBA reveals potential data breach impacting 8,000 emergency business loan applicants

Security considerations for working in a COVID-19 world

Security Threats Facing Modern Mobile Apps

The Evolving Threat of Credential Stuffing

Was My Data Really Stolen?

WHO, Wuhan Institute of Virology, Gates Foundation find their data hacked

With Cognizant attack, Maze ransomware finds its way into IT services supply chain

Zoom's Security Pile-on Caused a Lawsuit - Are Microsoft, Cisco and Others Next?

22nd April

2.5M credit card records belonging to transaction firm PAAY exposed online

Almost 8,000 could be affected by federal emergency loan data breach

Apricorn survey highlights dangers of remote working and data breaches

Cybercriminals unleash wave of COVID-19 attacks on businesses

Far-Right Extremists Publish 25,000 Email Addresses Allegedly Tied to COVID Fight

How to Secure Your Website against Data Breaches

IAITAM says organisations are wide open to attack

Italian Email Provider Email.it Breached; Data for Sale on Dark Web

“KandyPens” Has Leaked Full Customer Credit Card Details

Nagaland govt investigating data leak of stranded persons

New phishing hotline sent 5,000 suspicious emails in just one day

Online leak undermines Torrance’s claim that no personal data was affected by cyberattack

Payments Startup Paay Left 2.5M Credit Card Info Exposed

PrimoHoagies warns online customers of data breach

Ransomware is now the biggest online menace you need to worry about - here's why

Rising US healthcare data breaches raise serious concerns about personal data security

21st April

5 Steps to Protect Sensitive Data

267 Million Facebook User Records for Sale on Dark Net

A Tale of 3 Breaches: Incident Response Challenges

Aptoide app store hacked, 20 million user database leaked

Beaumont Health Reports 2019 Data Breach Impacting 114K Patients

BT expert on balancing security and Digital Transformation

Children's game Webkinz suffers from a data breach

COVID-19 lockdowns are causing a huge spike in data breaches

DoppelPaymer Ransomware hits Los Angeles County city, leaks files

Five Reasons Why Data Security Should Be a Top Priority

Cybersecurity awareness tips for employees in 2020

Hackers Attacked Businesses 22 Million Times In The Last 7 Days Globally

Hackers Target Top Officials at World Health Organization

Here's a list of all the ransomware gangs who will steal and leak your data if you don't pay

Information for about 112,000 exposed in data breach at Beaumont Health

Lessons to be learned following Netherlands Covid-19 app data breach

Michigan State University says data breach of third party vendor impacts hundreds

Millions of Facebook profiles for sale on the Dark Web

Neo-Nazis Are Spreading a List of Emails and Passwords for Gates Foundation and WHO Employees

New Cybersecurity Challenges for FinTech Industry

New Trustwave Report Reveals Cybersecurity Threats Becoming Pervasive and Attacks More Targeted

Newest Maze ransomware victim - IT giant Cognizant

Nintendo aware of “unauthorized access” to Nintendo Accounts, “investigating” potential data breach

Nintendo owners urged to secure accounts

Personal information of nearly 8,000 business owners applying for disaster relief amid COVID-19 crisis is exposed during a glitch on the Small Business Administration's website

Phishing email scam exploits HMRC job retention scheme

Princeton cybersecurity expert says working remotely presents opportunities for hackers

Rethink Your Cyber Security Stack to Avoid Agent Fatigue

SBA data breach compromises business owners’ data

SBA reports data breach in disaster loan application website

SBA website leaks personal data of 8,000 small-business loan applicants

Security Weakness in TikTok

‘Squar Milner’ Has Announced a Data Breach Affecting Customers

Survey: Most Federal Officials Expect Cloud Service Providers to Secure Their Data

The real cost of fighting the inside threat

U.K.’s Data Protection Regulator’s Updated Guidance on “Empathetic and Pragmatic” Approach

UniCredit Hackers Try to Sell Employee Data on Cyber-Crime Forums

What the Clearview AI Breach Tells Us About Cybersecurity Today

When data protection is not enough

20th April

267 Million Facebook Identities for 500 Euros

Gamers Report Unauthorized Access to Their Nintendo Accounts

Island Direct denies cybersecurity breach

MailGuard warns against extortion phishing emails

Proposed government coronavirus tracking app falls at the first hurdle due to data breach

Ransomware Attacks New Orleans Government Agency

Why organisations should be wary of Maze ransomware?