Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)

Monday 27 April 2020

Data Breaches Digest - Week 18 2020

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 27th April and 3rd May 2020.

3rd May

A security lapse in Reliance Jio’s coronavirus symptoms checker exposed user data

Data breach jeopardizes more than 15 million Tokopedia users, report finds

Ghost blogging platform servers hacked and infected with crypto-miner

GGhost blogging platform suffers security breach

Hackers breach LineageOS servers via unpatched vulnerability

Nintendo 64, GameCube, & Wii Source Codes Stolen & Put Online

Security lapse at India’s Jio exposed coronavirus symptom checker results

Tesla Data Leak: Old Components With Personal Info Find Their Way On eBay

Tesla has been getting rid of computers without wiping them — compromising customer accounts

Tokopedia Investigates Data Breach Compromising 15m User Accounts

What Are Cookies And How Do I Get Rid of Them?

2nd May

Beware Compromised Business Email...and the Litigation that Follows

COVID-19 News: FBI Reports 300% Increase in Reported Cybercrimes

Data Protection Laws And Their Importance

French daily Le Figaro leaks 7.4 Billion records

Hacker leaks 15 million records from Tokopedia, Indonesia's largest online store

Home affairs data breach may have exposed personal details of 700,000 migrants

Le Figaro caught out in database exposure

Supersonic fixes leak in data usage website

Xiaomi Found Collecting Browser Data Even in Incognito Mode

1st May

4 security threats retailers should watch out for during the rest of 2020

Account Takeover Attacks Found to be Evolving at a Rapid Pace

Automatic Number-Plate Recognition System Exposes 9 Million Records

Do you trust your cloud provider to protect your data? Well...maybe you shouldn’t

Dreambot malware operation goes silent

GDPR ‘in danger of failing’ due to lack of resources

Hackers deploying new types of malware, phishing, scams

How Organizations Can Ramp Up Their Cybersecurity Efforts Right Now

How ransomware attacks are making the most of the COVID-19 crisis

Keeping Your Customer Data Secure When Working Remotely

LabCorp faces shareholder lawsuit after 2 cyberattacks in 12 months

LockBit, the new ransomware for hire: a sad and cautionary tale

Maze Ransomware Attack on Cognizant May Impact Customers

Maze Ransomware group steals 11m card data from Banco de Costa Rica

New phishing campaign packs an info-stealer, ransomware punch

Ninja Forms WordPress bug exposed over a million users to XSS attacks, website hijacking

Office 365 May Be a Popular Target for Bad Actors, But Difficult to Hit

Oracle warns of attacks against recently patched WebLogic security bug

Phishing attacks spoof Microsoft Teams to steal user credentials

Phishing Campaigns Target Senior Executives via Office 365

Quibi leaked users' emails to Google, Facebook, and Twitter

Ransomware Payments Surge 33% as Attacks Target Remote Access

Researchers Uncover “Agent Tesla” Malware Abusing MS Office Vulnerabilities

SaltStack Salt critical bugs allow data center, cloud server hijacking as root

Tax2efile Releases Statement about Data Breach

The new cybersecurity resilience

The Week in Ransomware - May 1st 2020 - Banishing the Shade

We Don’t Need More Cybersecurity, We Need Better Cybersecurity

Why Most Modern Online Fraud Prevention Methods Are Falling Short

Why Traditional Identity Verification Methods Are On Their Way Out

Xiaomi Users, Beware: Your Data is Being Read by Chinese Servers

30th April

As companies rely on digital revenue, the need for web and mobile app security skyrockets

Bad Actors Have Adapted Well to the Pandemic Crisis

Brute force attacks against remote desktop apps skyrocket during pandemic lockdown

Chegg Confirmed Data Breach of Employee Records

Chegg suffers its third data breach in as many years

Clop ransomware leaks ExecuPharm's files after failed ransom

Cyber-Criminals Increasingly Using Official reCAPTCHA Walls in Phishing Attacks

Data Privacy and Data Security: Outsourcing to Third Parties and the Effect on Consumers, Companies, and the Cybersecurity Industry as a Whole

Ed-Tech Company Chegg Suffers Third Breach Since 2018

EventBot: A New Mobile Banking Trojan is Born

EXPOSED! 8.6 Million Car Licenses Open Publicly After Breach Seen on England's Traffic Database

FBI: Cyber actors taking advantage of Covid-19 pandemic

Hackers exploited SQL injection flaw to compromise Sophos XG firewall devices

Half of remote workers feel vulnerable to growing cyberattacks

How to Prevent Zoom Credential Theft

How to protect your business from cyberattacks

Investors sue LabCorp over security failures in light of data breach, ransomware attack

LabCorp slapped with shareholder suit over data breaches

List of data breaches and cyber attacks in April 2020: 216 million records breached

Nintendo data breach reportedly caused by credential stuffing

Nintendo Switch, PayPal Hack: 160,000 Users Fall Into Huge Breach of Players’ Details

Quibi’s email verification process reportedly sent data to multiple ad firms

Ransomware mentioned in 1,000+ SEC filings over the past year

Sextortion scammers still shilling with stolen passwords

SQL Injection Attack: What It Is & How to Protect Your Business

Stolen device containing personal info among four data breaches at City Hall in 2019 and 2020

Surge in Scammers Using reCaptcha Walls to Increase Phishing Attacks

What Is The State of Data Security in the Cloud in 2020

Whoops, Quibi was "improperly" sharing your data with other companies

29th April

4 Telltale Signs Your Business Is Ripe for a Cybersecurity Attack (and How to Respond)

10 Ransomware Strains Being Used in Advanced Attacks

Banner Health settlement approval brings years-long data breach saga to a close

Breach of Clearview AI Source Code Renews Concerns About Law Enforcement Facial Recognition Programs

California tops states with highest number of data breaches and records lost

Chatbots Security Risks and How to Overcome Them

Companies should protect more than their firms in cybersecurity

Coronavirus: Half of remote workers 'victims of cybercrime'

Council apologises after data on 1,000 businesses shared due to ‘isolated human error’

COVID-19 Scams Raise Security Concerns for Businesses

Cyber Criminals Ramping Up Phishing Attacks amid COVID-19 Crisis

Cybersecurity Threat Actors Target Data of Businesses Seeking Economic Relief

Data Breach Settlement Calls for Enhanced Security Measures

Data protection blunder sees millions of Sheffield drivers' activities posted online

Employee data stolen in latest hack of edtech company Chegg

Every industry is now hunting ground for cyber criminals

GDPR ignored by Warwick University? - failure to alert staff & students over data breach

Hackers Broke Into Zaha Hadid Architects’ Servers and Demanded Ransom for the Return of Stolen Data

Hackers hit Chegg for the third time since 2018

How 160,000 Nintendo Accounts Were Hacked and Sold

How can cybersecurity impact physical security (and vice versa)?

Lessons Learned from Clearview AI’s Web Scraping Actions

Losing a password can be as stressful as facing illness

Mitigating ransomware and phishing attacks during a pandemic

MSP Security: It’s Not a Luxury

Oxford University Conservative Association email leaks mailing list

PayPal ‘Critical’ Login Hack: New Report Warns You Are Now At Risk From Thieves

Pharma Giant ExecuPharm Suffers Data Breach/Ransomware Combo

Phishers Start to Exploit Oil Industry Amid COVID-19 Woes

PrimoHoagies Sued Over Data Breach

Quibi, JetBlue and Others Gave Away Email Addresses, Report Says

Ransomware Attack on Portuguese Energy Company EDP Shows Increasing Trend Toward Public Leaking of Sensitive Information

SaltStack users warned – Patch by Friday or compromised by Monday

Security breach in a traffic camera database exposes information about 8.6 MILLION car trips tied to individual license plates

Sheffield Council exposes details of 8.6 million road journeys to the internet

Sheffield data breach: Drivers' details 'leaked' online

Think insider data breaches don’t happen at your organisation? Think again…

“Threat Detection has Evolved from Static to Dynamic Behavioral Analysis to Detect-Threatening Behavior”

Two European Usenet Providers Announce Data Breach and Blame Anonymous Third-Party Company

Two Usenet providers blame data breaches on partner company

U.S. Conspiracy Theorist Probably Behind Leak of WHO, Gates Foundation Data

US Cybersecurity: 64% Americans Don’t Have Data Breach Response Plan

Usenet providers reveal major security breaches

With everyone forced indoors and online by the lockdown, cases of cybercrime are increasing

WHO, Bill Gates Foundation and CDC may have been hacked

Who is responsible for our data and how do we get it back?

Why Data Centers Need Formal Data End-of-Life Processes

Why payroll security is even more essential now remote work is the norm

York council admits data breach after sharing account details of city businesses

Zaha Hadid Architects' Servers Hit by Hackers, Confidential Data Stolen

28th April

7 Steps to Deal with a Data Breach

Adapt to survive: what the IT industry is STILL doing wrong

Addressing the Cyber Resilience of Healthcare Systems During the Coronavirus Pandemic

Attackers on the Hunt for Exposed RDP Servers

Authorities scratch heads over data breach

Closing the security gap in the supply chain

Data breaches require preventative measures, not just reactive

East Suburban clinic reports data breach affecting 500 patients

FBI Urges Vigilance Around Social Media Info Sharing

Five Tips On Training Staff to Avoid Coronavirus Scams

Five ways our approach to cybersecurity could change post COVID-19

Hackers threaten to leak data from high-end architecture firm Zaha Hadid

Half of Americans Refuse to Make Purchases Due to Privacy Concerns

How can HR can support cybersecurity for remote workers?

How Small Businesses Can Protect Customer Data

How to Future-proof Your Child's Credit From Fraud

Intel report warns Zoom could be vulnerable to foreign surveillance

Is Your Favorite Video Chat App Secure?

Kavaliro IT Solutions Announced a Breach Which Exposed Customer Data

Massive & Unprecedented Security Breach Takes Usenet Providers Offline

Microsoft Office 365 heist highlights sophistication of cultural engineering cyber attacks

Optus hit with $40 million class action after alleged data breach of 50,000 customers details

PhantomLance spying campaign breaches Google Play security

SBA data breach released tons of new applicants’ data

Social Engineering Scams Are On the Rise – Do I Have Insurance Coverage for That?

The Biggest Data Leaks of the Decade and the Financial Devastation They Caused

Usenet Providers Went Offline Following Massive Security Breach

Warwick University suffered multiple breaches due to poor security protocols

Warwick University Under Fire After Reported Breach Cover-Up

Why You Need Both SIEM and SOAR Solutions in your Cybersecurity

Zaha Hadid Architects says it will not pay ransom after cyber attack

Zaha Hadid Architects suffers cyber attack during coronavirus lockdown

Zaha Hadid warns architects to be vigilant after falling prey to cyber attack

27th April

5 common mistakes that lead to ransomware

5 Security Tips for Your Business while Homeworking

Aimed at Moving Targets: Five Cyber-Threats That Put Mobile Devices at Risk

Best practices to ensure data security while working remotely

Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams

Biopharmaceutical Firm Suffers Ransomware Attack, Data Dump

Brave accuses European governments of GDPR resourcing failure

Chinese Firm Researching Coronavirus Detection Got Hacked and the Data Is on the Dark Web

Credential stuffing: the annual $6 million challenge

Customer Confidentiality - How To Protect Confidential Customer Data?

Cyber distancing – The new norm in secure distance learning

Data governance and COVID-19 data security challenges

DoppelPaymer Ransomware Attacks California City; Hackers Steal Data

Gamer's beware: 160K Nintendo accounts breached

Group-IB detects US and South Korea card data dump on dark web

Hackers Access Etana Custody Clients’ Details, Funds are Safe

Hackers publish ExecuPharm internal data after ransomware attack

Hackers spoof SBA to try to compromise companies' computers

Half a Million Zoom Accounts Compromised by Credential Stuffing, Sold on Dark Web

How to build a secure remote working organisation

How to Write a Disaster Recovery Plan for Your Business

Insider Breaches Remain a Major Concern, but New Email Protections Can Help

Lessening data privacy risks in the work-from-home era according to an expert

Microsoft Teams fixes funny GIFs cyber-attack flaw

Microsoft Teams flaw could let attackers hijack accounts

Most IT leaders believe remote workers are a security risk

NPC to probe unauthorized disclosure of COVID patients’ information

Optus facing class action over alleged customer privacy breaches

Petrol stations need to protect data

Ransomware gangs are changing targets again. That could make them even more of a threat

Shade (Troldesh) ransomware shuts down and releases decryption keys

'Smart' parking meter vendor had data stolen in ransomware attack

Solving the Case of the Missing Data

South Korean and US Payment Card Records Valued at $2 Million up for Sale on Dark Web

Third-party compliance risk could become a bigger problem

Three firmware blind spots impacting security

Top 10 Cyber Incident Response Mistakes and How to Avoid Them

Trustwave report highlights biggest cybersecurity trends of today

U.S. Universities Hit With ‘Adult Dating’ Spear-Phishing Attack

University of Warwick kept data breach secret from students and staff

Users’ Funds Are Safe Following Reported Etana Custody Breach

Warwick University kept data hack secret from students and staff

Warwick University was hacked and kept breach secret from students and staff

What Every Business Needs to Know About Consumer Data Privacy in 2020

Why effective data protection in healthcare matters

Your workforce is your front line defence against data breaches

Zaha Hadid Architects held to ransom by cyberhacker