Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)

Monday 11 May 2020

Data Breaches Digest - Week 20 2020

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 11th May and 17th May 2020.

17th May

Covve Contacts App Leaked 100 Million Records Of Customer Data

Data breach in new Illinois online unemployment system exposes private information

Data Breach In State’s New PUA Unemployment System Exposes Some Claimants’ Personal Info

Data of 1,200 EU Parliament officials exposed on web

European Parliament hit by major cyber-attack

‘Glitch’ In New Illinois Unemployment System Made Private Information Public

Hacker group 'REvil' reveals cache of 'harmless' emails stolen from celebrity law firm mentioning Donald Trump and warn they will disclose damaging details if they are not paid $42M

Hackers leak over 20,000 unemployment applicants’ bank information

Hackers Selling Data Belonging to Russian Car Owners, Asking for Payment in Bitcoin

Insurers warn cyber attacks could overwhelm sector

Report: Marin governments still unsafe from hackers

REvil hackers leaks email conversation on Trump amid ransom demand

Tusla becomes first organisation fined for GDPR rule breach

Understanding Single Sign On as a Means of Identity Access Management

US traces three new WannaCry strains back to North Korea

Warning: 4 Major Threats to Your VPN Security

Why Cybersecurity is so Important in Digital Marketing

16th May

60% companies targeted by email-related security threats every week

Apparent security breach stalls Arkansas unemployment program

Arkansas unemployment system shut down due to data breach

Around 500 Nepali citizens’ data leaked, hacker claims Nepal Government responsible for this

Australia: New South Wales hit by data breach via phishing attack

EU data leak: 'Huge security breach at European Parliament - hundreds of MEPs compromised'

EU security data leak affecting thousands of EU officials

Hackers leak over 20,000 unemployment applicants bank information

Hackers target supercomputers researching Covid-19 in Switzerland, Germany, UK

Likely breach shuts down Arkansas unemployment program

Supercomputers hacked across Europe to mine cryptocurrency

15th May

7 Fail Safe Tips To Avoid Data Analytics Disaster

22 million emails found in mystery open database

22 million emails found in mystery open database

78% of Organizations Use More than 50 Cybersecurity Products to Address Security Issues

Allen Grubman hackers: We’ve got ‘dirty laundry’ on President Donald Trump and we want $42m now

Almost half of firms have been reported to the ICO for a potential data breach

Average US citizen had personal information stolen at least 4 times in 2019

Backup can be a powerful tool to combat ransomware

Celeb Law Firm Refuses Hacker Ransom as Lady Gaga Files Leak

Consumer password hygiene doesn't reflect cybersecurity threat in 2020

Coronavirus-themed phishing templates used to capture personal information

COVID-19 Pandemic Creates New Cybercrime Risks

Cyber attack knocks UK research supercomputer ARCHER out of action indefinitely

CYBERSECURITY AWARENESS — How to protect yourself, your co-workers, and your patients

Darien Stop & Shop one of five that may have had data breached

Data Classification: Protecting Sacred Data in the Cloud

Educational organizations use cloud apps to share sensitive data outside of IT control

Genesee County warms of ‘spoofing’ phone scams

GoDaddy Hacked And 28,000 Customers Sensitive Data Breached

Hacked! Personal Data Of Top Celebrities Like Priyanka Chopra & Lady Gaga

Hackers Love The Coronavirus – What Can Your Business Do About It?

Hackers preparing to launch ransomware attacks against hospitals arrested in Romania

Hackers target the air-gapped networks of the Taiwanese and Philippine military

Here’s How COVID-19 Could Threaten Your Company’s Cloud Data

Higher fines for data breaches proposed

Huge, mysterious list appears online of where people met, personal information and more of tens of millions

ICO’s BA and Marriott Fines Likely to Be Pushed Back Again

Information of Over 115 Million Pakistani Mobile Subscribers Exposed in a Massive Data Leak

Interserve Hit by Data Breach; 100,000 Employee Records Stolen

Investment Firm Hit by BEC Scam

Law Firm Hackers Claim to Have Dirt on Donald Trump, Up Data Ransom to $42M

Mikroceen RAT backdoors Asian government networks in new attack wave

MyBudget blames ransomware hack for system outage affecting thousands of customers

Mysterious data breach called 'db8151dd' exposed email, physical address and job titles of 22 MILLION people - but no one knows exactly where the records came from

‘Mystery’ data breach dubbed db8151dd exposes records of 22 Million people

Norway's Wealth Fund Loses $10m in Data Breach

Perth firm exposes thousands of cyber criminals exploiting coronavirus pandemic

Preventive measures to take against Google Play, Firebase data leak

Ransomware Attack Cripples New Jersey Town’s Website

Ransomware gang asks $42m from NY law firm, threatens to leak dirt on Trump

San Dieguito high school district warns of employee email breach

San Dieguito School District Hit by Data Breach

School district announces data breach of employee emails

Service NSW suffers cyber attack

Stop Being Afraid of Granting Network Access to Remote Users, Third Parties and Partners

The REvil Group Now Threatens the President of the United States

This new, unusual Trojan promises victims COVID-19 tax relief

UK Power Grid Biz Suffers Outage After Cyber-Attack

Unprepared employees put cybersecurity at risk while working from home, experts warn

US healthcare admin firm admits data breach

What IT Teams Can Learn From The Pressure Of A Crisis

Words with Friends Developer, Zynga, Sued Over User Data Breach, Law Firm FeganScott Announces

14th May

79% of Organizations Have Experienced an Identity-Related Security Breach in the Last Two Years According to New Identity Defined Security Alliance Study

#COVID19 Hospital Construction Firms Hit by Cyber-Attacks

A cybercrime store is selling access to more than 43,000 hacked servers

Almost half of organisations have been reported to the ICO for a potential data breach

Avoiding healthcare vendor compliance nightmares with third-party remote access best practices

Businesses advised to prioritise cybersecurity

Circa 50% of organisations reported to ICO for data breaches post-GDPR

Citizen data compromised as Service NSW falls victim to phishing attack

City Index Reports Intrusion and Potential Data Breach

Compliance as a Way to Reduce the Risk of Insider Threats

Coronavirus Concerns: Security Teams Scattered, Enterprises Vulnerable

COVID-19 blamed for 238% surge in cyberattacks against banks

Covid-19 ignites a firestorm of cyber attacks

COVID-19 Phishing Update: Threat Actors on Twitter Want You to Pay for Your Stolen Passwords

Cyber-Attack Hits Sovereign Wealth Fund Norfund for $10M

CyberScout Survey Finds Steep Increase in Concern about Cyberattacks Since the Onset of the Coronavirus Pandemic

Do we need tougher breach notification rules?

Email Data Leak Found to Be Feeding Information to Advertising and Analytics Companies

Employee mistakes lead to information exposure in Nova Scotia, U.K.

Fixing poor cybersecurity habits

Hacker selling 550 million stolen user records on hacking forum

Hackers steal sensitive information about Lady Gaga, Madonna, Lizzo and more from law firm servers

Healthcare still battered by ransomware – even amid a crisis

Hiver survey: 60% Companies are Targeted By Email-Related Security Threats Every Week

In development: Ramsay malware steals documents from isolated networks

Keeping Data Protected as Businesses Embark on Remote Working Journey

Keeping Your Data Safe

Leaked NHS Contact Tracing App Docs Point to More Invasive Plans Down the Line

LeaseSolution (LS2) Breach Statement

New Jersey town’s computers target of ransomware attack, mayor says. Town’s website knocked offline.

New study finds the average American had their personal data stolen or exposed at least four times in 2019, with social media sites like Facebook responsible for the most security breaches

Norfund Was Defrauded $9.8 Million in an “Advanced Data Breach” Incident

Ohio hospital inadvertently posts spreadsheet with 3,683 patients' information on website

ProLock Ransomware teams up with QakBot trojan for network access

Proposed changes to Singapore's data protection law seek stiffer penalties for info leaks

Report highlights strain pandemic puts on healthcare security protocols

Russian hacker group using HTTP status codes to control malware implants

San Dieguito Union High School District - Notice Of Data Breach

Scam warning: fake Barclays text directing victims to phishing site

Scammers steal $10 million from Norway's state investment fund

Service NSW customer details stolen in email phishing attack

Shadow of ransomware looms over healthcare sector

Stolen database trading site WeLeakData hacked; data leaked

Tackling dark web identity theft

Taking back control of rogue data footprints

Tesla: Car Computers Sold On eBay With Personal Data Were Stolen

The “ARCHER” Supercomputer in the UK Suffered a Security Breach

The Future of Network Security is Now - Whether We Like It or Not

The role of AI in fighting fraud for businesses during a global pandemic

The top 10 most-targeted security vulnerabilities – despite patches having been available for years

There's Norway you're going to believe this: World's largest sovereign wealth fund conned out of $10m in cyber-attack

UK electricity middleman hit by cyber-attack

Uncertain Data Sharing Practices Keep Educational Organizations at Risk

Understanding Cyber Resilience: The 4 Stages of a Breach

Visa Redefines User Passwords in the Era of Technology

When we need it most, healthcare is still hit hard by ransomware

Why the Keys to Maintaining Data Security in a Remote Environment are Control and Visibility

Why The Largest Cyberattack In History Will Happen Within Six Months

13th May

3 Cyberattacks and 3 Practical Measures Lawyers Can Take to Protect Themselves

4 Tech Trends to Become Popular Post COVID-19

A River Runs Through It: How MFA And UEM Swim Against The Current Threat Landscape

Adobe issues patches for 36 vulnerabilities in DNG, Reader, Acrobat

An “Unscrupulous Act” – Toll Group Confirms Data Breach

Bam Construct and Interserve hit by cyber attacks

Banks’ DMARC Fail Puts #COVID19 Business Loans at Risk of Phishing

Best practices and need of cloud storage for protecting corporate and personal data

Better Business Bureau (BBB) & FBI report an uptick in sextortion blackmail attempts by scammers

Celebrities face data breach after ransomware attack involving REvil malware

Conquer Cloud Collaboration Chaos: Securing Data At Risk

Coping with COVID-19: Keeping business data secure during work-at-home operations

Coronavirus: Cyber-attacks hit hospital construction companies

Coronavirus-related Cyber Attacks Jump 30% – Check Point Research

COVID-19 cyberthreats should prompt Indonesia to step up vigilance, watchdog says

COVID-19 Pandemic Leaves Pharmaceutical Companies Vulnerable to Cyber Criminals

Credit unions must step up cybersecurity during coronavirus

Criminal forum trading stolen data suffers ironic data breach

Cyber threat posed by Covid-19

Cyberattacks Growing More Sophisticated, Severe, Say IT Staff

Cybersecurity: the measures businesses should be taking during Covid-19

Danger zone! Brit research supercomputer ARCHER's login nodes exploited in cyber-attack, admins reset passwords and SSH keys

Data Breach at U.S. Marshals Service Exposes Personal Data of 387,000 Prisoners

Data Breach Notification Software Market Growth by Top Companies, Trends by Types and Application, Forecast to 2026

Data breaches wipe 7.2% off average company share price

DHS CISA and FBI share list of top 10 most exploited vulnerabilities

Domain Intelligence Shows Cybercriminals May Abuse Video-Conferencing Services' Brand Names

Domestic IoT devices and cybersecurity – you can’t have one without the other

Don’t Let Your Restaurant Become a Victim of Cybercrime

Dropbox Security 2020: The Good, the Bad & the Ugly

Firebase database crack unknowingly leaks billions of Android user data

Global remote work transitions fail to consider security gaps

Hackers steal information on up to 100,000 Interserve employees

Hackers target West Australia's major daily newspaper, putting data of subscribers at risk

How cloud is accelerating the growth of digital payments

How educational organizations can be better protected against data breaches

How to Handle Growing Complexity in Identity Management

How to Use Encryption for Defense in Depth in Native and Browser Apps

Indonesia in urgent need of law on personal data protection

Info on NHS Coronavirus app leaks out via Google Drive snafu

Insight into ShinyHunter hacking activities, as data goes on sale

Interserve hit by cyber attack as hackers target hospital construction firms

Is Your Now-Online Business Protecting Itself From Privacy Threats and Potential Liability?

Lady Gaga, Madonna & Nicki Minaj Among Celebrities Targeted In Data Breach

Latest Nova Scotia privacy breach reveals names, medical conditions, sexual abuse details

Law Firm Used by Celebrities Affected by REvil Ransomware and Data Breach

Magellan Health warns ransomware attack exposed PII

Managing Compliance Costs With Enhanced Cybersecurity Visibility

Moving To Defense In Depth With Security Validation

New Ramsay malware can steal sensitive documents from air-gapped networks

New third-party healthcare data rules: Increased access alongside privacy considerations

PrintDemon vulnerability impacts all Windows versions

Ramsay Cyber-Espionage Framework Rumbled by Researchers

Ransomware now demands extra payment to delete stolen files

Sophos: Paying Ransom Can Double Attack Recovery Costs

Stopping Attackers & Web Conferencing Hackers: Keeping Unwanted Attendees from Accessing your Meetings

Survey: Nearly Two-Thirds of Orgs Have Experienced COVID-19 Related Attacks

Take security seriously when getting back to work

Tech and Social Media Companies Risk Losing $32.2 Billion Following a Major Data Breach

Three Steps for Protecting Data in the Public and Private Sectors

Toll says data stolen in second ransomware attack within months

UK users targeted by malicious, fake contact tracing text messages

US formally accuses China of hacking US entities working on COVID-19 research

US Health Giant Hooked with Ransomware Bait

US Says China-Linked Hackers Targeting COVID-19 Researchers

What your DevOps team needs to know: 4 lessons from exploited vulnerabilities

Windows 10 to get PUA/PUP protection feature

Zoom Video Conferencing Security: Safe or Not?

12th May

7 Hot Takes on Cyber Incident Response Planning

8.4 Billion Records Exposed in Q1 2020

15 Effective Cybersecurity Strategies For Your Remote Workforce

Android app promised to serve news updates, served ESET with a DDoS attack instead

Astaroth malware hides command servers in YouTube channel descriptions

Building a Cyber Security Strategy & Plan As a New CISO

Bulk texts being sent out by IDSP with names of COVID-19 cases

Chatbooks Confirms Breach After ‘Shiny Hunters’ Sell Data

Coronavirus creates ‘unprecedented opportunity’ for hackers, researchers say

Critical security concerns facing the technology industry

Data Breach Leaks Personal Data of Top Celebrities Including Priyanka Chopra, Lady Gaga, Madonna

Data Breaches from End-of-Life IT Devices: Not ‘If’ but ‘When’

Data sharing in the cloud puts education sector at risk of data breaches

Details of celebrities stolen in REvil ransomware attack on high-profile law firm

E-commerce platform Bhinneka.com reported to be latest target of data theft

Federal court launches snap investigation of its asylum seeker data breach

Giant Food warns of potential data breach after credit card skimmer found on self-checkout

Giant: Illegal scanning device found in self-checkout at DC store

Google removed 813 creepware apps from the Android Play Store

Hacking site WeLeakData hacked, sensitive cybercrime-related data leaked on dark web

Health Data Breach Update: What Are the Causes?

How Australian firms can plug data protection gaps

How to Freeze Your Credit (It’s Easier Than You Think)

INTERPOL Declares “Anti-Ransomware Day”

Investigation into “Significant Privacy Breach” at Ontario Care Home

IoT security: How these unusual attacks could undermine industrial systems

Law Firm Representing Madonna, Bruce Springsteen, More Hit by Data Breach

Law Firm to the Stars Confirms Ransomware Attack

Managing Security Risk: How COVID-19 Pandemic and Work-from-Home Arrangements Pose New Security Considerations

Mass consumer arbitration is on! Ed tech company hit with 15,000 data breach claims

Maze ransomware: extorting victims for 1 year and counting

Maze ransomware one year on

Microsoft May 2020 Patch Tuesday fixes 111 vulnerabilities

Moving away from passwords in the era of evolving technology and societal norms

MyToll still down after ransomware attack

Navigating the Uneasy Alliance Between Tech Giants and Healthcare Organizations

On the three-year anniversary of WannaCry, US exposes new North Korean malware

Out-of-date, insecure open-source software is everywhere

Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm 'hack'

Personal, Professional Data of Hollywood Biggies Priyanka Chopra, Mariah Carey & More Hacked In US

Personal data of celebrities including Lady Gaga, Priyanka Chopra hacked in data breach

Personal Information of 3.6 Million MobiFriends is Up for Grabs, Free Download Included

Pitney Bowes suffers second ransomware attack in seven months

Researcher detects malware designed to steal credit card information on more than 1,200 online stores

Q1 data breaches down, but exposed records reach new high

Ransomware: Why paying the crooks can actually cost you more in the long run

Severe Data Breaches Could Cost UK Small Businesses a Whopping £41.3 Billion

Star Tribune investigating potential subscriber data breach

Star Tribune warns of possible data breach, urges subscribers to take precautions

Stick the Landing: 6 Steps to Broaden Your Cyber Resilience Web

Talk of another possible privacy breach prompts letter from health unit lawyer

Texas courts slammed by ransomware attack

Texas Courts System Hit By Ransomware Attack

Tokopedia appoints independent cybersecurity company to investigate data theft

Tokopedia CEO writes to users on personal data leak

Toll attacker made off with past and present employee data and commercial agreements

Toll concedes company data stolen in cyber attack

Total number of publicly reported breaches in Q1 2020 down 42% compared to last year

Uncovering the cyber threat within

WeLeakData hack reveals hackers’ private messages

Why 2019 was the worst year for security breaches in this century

Why Effective Data Protection in Healthcare Matters

Why Everyone Is Needed to Make Cybersecurity Matter

Widespread “Perswaysion” Phishing Campaign Is Targeting the C-Suite of Hundreds of International Organizations

WordPress plugin Page Builder by SiteOrigin patched against code execution attacks

11th May

5 Ways to Defend Your Medical Practice Against Ransomware

60 kids 'horrified' as hacker streams sex abuse video during Zoom call

8.4 Billion Records Exposed in Q1 Data Breaches

14 Personal Data Security Tips For Everyday Users

66 Percent of Consumers Recycle Their Account Passwords. Do You?

73 million user records stolen from 10 companies – see the full list

91 percent of people know password reuse is insecure, yet two thirds do it anyway, according to the Psychology of Passwords Report

Are you sure you would never fall for a phishing scam?

BJC HealthCare Responds to Data Breach

Chatbooks photo service confirms breach, days after 'Shiny Hunters' hacking claims went public

Chatbooks security breach. Users told to change their passwords

Cognizant Anticipates $50-70 Million Loss Following Ransomware Attack

Coronavirus Fraud Is In Full Swing — And Businesses Are A Big Target

Coronavirus-ravaged long-term care home victim of data breach

Cyberattacks add to cost of companies already reeling under covid-19

Cyberattacks keep offices on their toes

Data breaches could cost companies millions every day

Data Breach Exposes Four Million Dating App Users

Data leak, phishing security flaws disclosed in Oracle iPlanet Web Server

Data security crucial as newer payment methods rise

Detect Anomalous Activity Ahead of a Data Breach With Heuristics

Dutch student discovers seven security holes in Thunderbolt connection

Endpoint Security: The New Frontier

Firms slash IT staff despite rise in remote working

Four Unexpected Benefits of Endpoint Security for Businesses

Fury over data breach that left details of 8 milllion car trips exposed to hackers and stalkers

Global tech firm Pitney Bowes hit by Maze ransomware

Hacked Law Firm Informs Clients Like Lady Gaga and Bruce Springsteen of Data Breach

Hackers selling PII of 3.6m MobiFriends users on dark web forums

Hackers' private chats leaked in stolen WeLeakData database

Hacking Group Offers Another 27 Million Records for Sale

Hacking group puts millions of Zoosk dating profiles up for sale

Healthcare Providers to Receive Cyber Incident Response Services at No Cost from Atlantic Data Forensics

Healthcare Resource Group, Inc. Provides Notice of a Data Breach for Additional Covered Entity

How to address the security risks of a remote workforce

How To Better Prevent Banking App Breaches

Iran reports failed cyber-attack on Strait of Hormuz port

Keeping Your Backups Safe from Ransomware Attacks

Major Data Breach at Law Firm Representing Lady Gaga, Madonna, Nicki Minaj, More

Making Security a Team Sport is Critical to Identity Access Management Success

Malware Is Taking on a New Shape: Malware as a Service

Microsoft GitHub data stolen by hacker named Shiny Hunter, who wants to give it away for free

Millions of PCs with Intel Thunderbolt Flaws are Vulnerable to Hacking; Thunderspy Attack Takes Only Five Minutes

MobiFriends Data Breach Affects 3.68 Million Users

More than 9,400 sextortion scam emails reported in the last month

Most Businesses Vulnerable to Emerging Risks Not Covered by Their Cyber Insurance

Moving Beyond Passwords

Navigating the three phases of remote working adoption

One third of businesses axe IT staff due to Covid-19 cost concerns

Over 160 million user records put up for sale on the dark web

Package delivery giant Pitney Bowes confirms second ransomware attack in 7 months

Passwords are an inconvenient drain on productivity, reveals Microsoft

Phishing attack evades Microsoft 365 security

Pitney Bowes Battles Second Ransomware Attack

Publicly disclosed breaches are down 42 percent

Ransomware Hit ATM Giant Diebold Nixdorf

Ransomware on the rise, companies prioritizing disaster recovery

RDP attacks skyrocket amid Covid-19 lockdown

Remote Work Not So Secure: Study Says

Rising Need for Backing Up Data to Escalate the Growth of Global Disaster Recovery as a Service Market

Scammers Send 3.1 Billion Domain Spoofing Emails A Day. Here’s How To Protect Yourself (And Your Company)

Second privacy breach complaint filed against Alberta Health Minister Tyler Shandro

Sheffield County’s ANPR system leaked 8.6m vehicle records online

Shiny Hunters list 73.2 million user records on the dark web

Sodinokibi ransomware can now penetrate locked files

Some Texas Court Data Is Offline After Ransomware Attack

Stadler's IT network suffers malware attack

Star Tribune Data Breach?

Staying on top of your data breach response plan during Covid-19

Teen Hackers Accused of Cryptocurrency Theft, Sued For $71 Million

Thunderbolt flaws affect millions of computers – even locking unattended devices won't help

U.S. Marshals Announced Data Breach of Prisoners’ Information

U.S. Marshals Service Breach Exposed Personal Data of 387,000 Prisoners

US Security Agencies Reportedly to Warn of Chinese Hackers Seeking to Obtain COVID-19 Vaccine Data

Use Zoom app safely to prevent data leak, say experts

Visa optimizes the security of online transactions throughout Latin America and the Caribbean

What are the security priorities for the post-coronavirus world?

Who poked holes in the public sector?

Why Cyber Attack Insurance is important for SME’s?

Zeus Sphinx revamped as coronavirus relief payment attack wave continues