Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)



Monday 18 May 2020

Data Breaches Digest - Week 21 2020

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 18th May and 24th May 2020.



Guest Post: Kindly provided by Stealth Labs, Inc
US Cybersecurity: 64% Americans Don’t Have Data Breach Response Plan


24th May

3 ways scammers are using coronavirus fears to steal money from you

Android apps downloaded BILLIONS of times from Google Play Store pose massive risk

23rd May

37% increase in cyber attacks in India in Q1 2020

Are you one of 9 million EasyJet customers who might have had their details breached? Four steps you can take to stay safe

Breach Report: staying alert in the face of cyber dark ages

Cybersecurity During COVID-19: What You Need To Know To Protect Yourself

Dangerous Phishing Malware Runs Rampant With Coronavirus Data-Infused Excel Spreadsheets

EasyJet faces £18 billion class action claim over leaked data of 9 million customers

Factors Which Make Cybersecurity Jobs More Immune To Recession

Fake supreme court subpoena phishing scam steals Office 365 credentials

“Home Chef” Admits Data Breach That Compromised 8 Million Users

How to know if a website has been hacked and is on the Dark Web

Identities of 150 survivors of historical abuse exposed in major data breach

India: Protection or threat? Experts say Aarogya Setu poses national security risk

Irish Data Protection Commissioner moves against big tech firms in Ireland

Microsoft warns of massive phishing campaign targeting PCs

Online education site EduCBA discloses data breach after hack

Patterns Of Compromise: The EasyJet Data Breach

Personal Data of Millions of Facebook Users Revealed

Ransomware Gang Posting Financial Details From Bank Attack

The cybersecurity you need to work remotely

Twitter, WhatsApp Sanctions Loom in EU Privacy Crackdown

Zoomcar Data Hacked; 3.5 Million Users’ Details Sold On Dark Web

22nd May

5 Tips for Fighting Credential Stuffing Attacks

25 million user records leak online from popular math app Mathway

40% of APAC consumers have dealt with personal data breaches

85% Organizations Anticipate Remote Working Will Threaten Business Operations

APAC consumers have concerns about online privacy, but let it go for freebies

As hackers sell 8 million user records, Home Chef confirms data breach

Bank of America leak exposes business details of PPP relief applicants

Coronavirus scam stealing 'hundreds of millions' boosted by old data breaches

Create a safe haven for your customers to build loyalty

Data Breaches and Security Incidents Surged to Record High in 2019, Verizon Report Shows

EasyJet Data Breach - What You Need To Know

EasyJet to be sued over customer data breach

EasyJet woes grow after it is hit with massive group action claim over data breach

Former Salesforce Execs Launch Data Protection Startup

FRAUD FEARS - EasyJet data breach and cyber attack: Can I claim compensation if my details were hacked?

GDPR Warning issued to Grandmother for Posting Images of Grandkids Online

Hacker shares 40 million Wishbone user records for free

Hacker Swipes Data On 40 Million Users Of Popular Wishbone App

Hackers post Sensitive Data of Wishbone Users on Darknet

Home Chef involved in a significant data breach

How encryption can help protect your sensitive data

How to become a successful cybersecurity specialist

Illinois: State to notify 32,000 of data breach

Indonesia: Calls mount for comprehensive audit into data breach affecting 2.3 million voters

Indonesia probes breach of data on more than 2 million voters

Labour demands investigation of data breach by outsourcing firm Serco

Microsoft: Beware this massive phishing campaign using malicious Excel macros to hack PCs

Non-Cybersecurity Incidents Outnumber Cyber-Attacks in ICO Report

North Dakota's Contact Tracing App Sends User Data to Third Parties

Organizations Fear Increased Risks Due To Work-From-Home Changes

Personal data of 12 million Facebook users exposed online

Privacy Perils: Take the Threat Out of Take Out

Privilege escalation vulnerability patched in Docker Desktop for Windows

Protect Yourself Against Fraud, Identity Theft and COVID-19 Scams

Ransomware deploys virtual machines to hide itself from antivirus software

Security breaches follow the money

Silent Night Zeus financial botnet sold in underground forums

Snail Mail And Debit Cards: How Washington State Was Bilked Out Of Millions

The Little Clinic Announces PHI Incident

Tusla fined again for data breach

UK: Opposition slam contact tracing scheme chaos amid fresh data breach

UK businesses quick to spot cyberbreaches, but failing to stop them

What Can Crypto Crisis Managers Learn From BlockFi's Silence & tBTC's Openness?

What can merchants do to avoid falling victim to large-scale ATO attacks?

Who Owns Privacy?

Why outages are as serious as cyber threats

Windows malware opens RDP ports on PCs for future remote access

Wishbone Breach: 40 Million Records Leaked on Dark Web

21st May

7 Recommendations For Small Business Security During COVID-19

85% of Organizations Fear Increased Risk to Business Due to Work-from-Home Changes

#COVID-19: Are We Protected From Cyber Risks?

A Customs and Border Protection recruiter released personal data of 1,300 American University students

Another data breach hits contact tracing scheme

Arkansas Unemployment Data Breach Releases Resident Info

BlockFi discloses failed hack attempt after SIM swapping incident

Budget airline EasyJet suffers major data breach

CEOs fear falling victim to next big breach

Data breach reported at Florida Department of Economic Opportunity

EasyJet Cyber-Attack: How to Avoid an Easy Hack

EasyJet Hit With Massive Breach Exposing Data of 9 Million Flyers

EasyJet security breach affects 9 million customers

Equifax is paying $5.5M to banks, but nothing to victims of the 2017 data breach

Florida’s unemployment website suffers data breach DEO confirms

Free service measures Dark Web information exposure

Hacker leaks 2.3 million Indonesian citizenship data for download

Hackers tried (and failed) to install ransomware using a zero-day in Sophos firewalls

Home Chef Confirms Data Breach Incident Affecting 8 Million Customers

Home Chef delivers data breach news linked to darknet sale of 8 million customer records

Home Chef hacked, eight million users have data breached

How healthcare organizations can combat cyberattacks during the coronavirus

How States Can Secure Public Health Telehealth Deployments

How to Best Avoid Costly Security Breaches

How to get into cybersecurity

I tried to delete myself from the internet. Here's what I learned

Information Security Risk Assessments Of Suppliers

Ireland: HSE’s data breach bodes ill for contact tracing app

Is Home Your Business’s New Network Security Perimeter?

Israeli Sites Hacked In Coordinated Cyber Attack

Jamaica: Attorney General says Data Protection Act will need constant review

Japan investigates potential leak of prototype missile data in Mitsubishi hack

Jersey: Data breaches increase by 40%

Microsoft's GitHub account breached by threat actors Shiny Hunters

Mobile Apps Security Threats And How To Prevent Them

Nepal: Another gov.np domain hacked

New Spectra attack breaks the separation between Wi-Fi and Bluetooth

Over 129m records of Moscow car owners up for sale on the Dark Web

Personal data of 40m Wishbone users being sold by hackers for £6,400

Protect Your PC: How to Work From Home Securely

Real Time Matters in Endpoint Protection

Secure Your Gmail Account Now Before Hackers Take Over Your Accounts! Here's How to Do It!

Security Will Continue To Put Philanthropy At Risk - Here's What You Can Do

Serco leaked email addresses of 300 COVID-19 contact tracers

Severe Data Breaches Could Cost US Small Businesses $555 Billion

ShinyHunters Is a Hacking Group on a Data Breach Spree

Struggle of unemployment claimants compounded by data breach

The price of carelessness: How much data leakage and cybersecurity cost

Thousands of Israeli sites defaced with code seeking permission to access users' webcams

Thousands of people who recently applied for unemployment compromised by data breach

Tips & Tricks For Managing IP Risks Associated With Mobile Devices During COVID-19

To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it

Toll Group data dumped on dark web

Toll's stolen data finds itself on the 'dark web'

Unacademy, Byju’s help clear your doubts, but have few answers on data privacy

Unemployment website back, payments on track after data breach, Arkansas governor says

What to know about the surge of unemployment fraud in Washington State (WA)

Video game developers under siege by cyberattacks seeking to plunder in-game cash

What everyone should know about the pros and cons of online fingerprinting

Why Singapore’s public sector needs Privileged Access Management

WordPress and Managing Third-Party Cyber Risk

20th May

8 Cybersecurity Predictions for 2020 and Beyond

14 Ways To Protect Your IP From Ex-Employees And Competitors

43% of Data Breaches Connected to Application Vulnerabilities: Assessing the AppSec Implications

60% of Insider Threats Involve Employees Planning to Leave

76% of execs losing sleep over being the next high-profile breach

192 Million Records Leaked by Natura & Co., Brazilian Online Retailer

10,000+ patients' info breached in Arizona medical group email hack

Arkansas website that exposed data cost $3 million, was developed on short timeline

Bigger budgets have not entailed more security

BlockFi data breach exposes retail customers’ personal data

BlockFi experiences a data breach but says no customer funds lost

BlockFi knowledge breach might have been prevented, Bitcoin specialists say

BlockFi Suffers Data Breach, Funds Remain Safe

Buying illegal access to enterprise networks - costs on dark web skyrocket

Celebrity law firm won’t pay ransom to hackers claiming to have 'dirty laundry' on Trump

CEOs and CISOs disagree on cyber strategies

Colorado Labor Department confirms brief data exposure for pandemic unemployment claimants

Coronavirus: Data breach exposes personal information of some Ohio unemployment applicants

Covve Contacts App Data Breach Exposes 23 Million Emails Addresses and Other Private Details

CYBER RAID - Chinese hackers suspected of EasyJet cyber attack as 9 million customers’ personal details stolen

'Cyberattack on EasyJet will put consumer confidence to the test' warns PCI Pal

Cybersecurity: How to Handle the Nontechnical Aspects of a Data Breach

Cybersecurity survey by Canadian law firm offers surprising results

EasyJet admits security hack of 9 million passenger records

EasyJet data breach: 9 million customers affected

EasyJet data breach: What consumers need to know

EasyJet data breach sees nine million customer details stolen

EasyJet hack: ‘I’ve been left in complete limbo’

EasyJet Reports 9 Million Customers Affected by Security Breach - Credit Card Details of Over 2,000 Customers Stolen

‘Failed mishmash’ of privacy protections insufficient for NHS app users

‘Flight risk’ employees involved in 60% of insider cybersecurity incidents

GoDaddy Web Hosting Accounts Data Breach Underscores Need for Stronger Authentication

Home Chef announces data breach after hacker sells 8 Million user records

Home Chef confirms breach after 8 million user records found on the dark web

Illinois Department of Employment Security (IDES) confirms data breach in online unemployment system

Information of 9 Million Passengers Compromised in EasyJet Data Breach

Japan investigates Mitsubishi Electric breach amid national security concerns

Mal-Innovation on Mobile: A Changing Threat Landscape

Mitsubishi Electric attack likely stole data on new missile

Nearly a quarter of remote workers do not consider data protection when sharing information

NetWalker Ransomware Gang Hunts for Top-Notch Affiliates

No funds lost in BlockFi data breach

Preventing attackers from taking your organization’s data ransom

Private Equity and Cybersecurity: Threats, Consequences, and the Regulatory Framework

Security problem could affect 130K Ohio unemployment seekers

Serco accidentally shares contact tracers' email addresses

Serco exposes contact tracers’ data in email error

Severe Data Breach Could Cost Tech Companies $174 Million per Day

Social Engineering Scams on the Rise Amid the Pandemic

Staying Safe from Cyber Attacks

Toll Group Data Leaked Following Second Ransomware Incident

Verizon Data Breach Investigations Report: Money Is Top Motivator

Will your cyber insurance protect you during COVID-19

With Cyberattack on Iranian Port, Tehran Gets a Warning: Civilian Installations Are a Red Line

19th May

5 tell-tale signs saying your computer has been hacked

65% of European Consumers Worry About Online Fraud. Do You Shop Online Safely?

82% of Indian firms hit by ransomware attacks in a year

Attacks Targeting ICS & OT Assets Grew 2000% Since 2018, Report Reveals

Australian Digital Health Agency (ADHA) details My Health Record breach attempt

BlockFi data breach could have been prevented, Bitcoin experts say

BlockFi’s Data Breach May Allow Criminals to Extort Rich Clients

BlockFi Experiences Data Breach – Crypto Lending Hack

British Airline EasyJet Suffers Data Breach Exposing 9 Million Customers' Data

CEOs, CISOs fear becoming the next big breach target

Criminals scamming Florida unemployment system with fake claims

Cyber hackers target EasyJet and access details of 9million customers in 'highly sophisticated' attack

Data breaches timeline: EasyJet cyberattack exposes over 9M people, and more

EasyJet: Nine million customers' details 'accessed' by hackers

EasyJet admits nine million customers hacked

EasyJet data breach: how to know if you've been affected, and what to do about it

EasyJet data breach hits nine million passengers

EasyJet data breached: over 9 million customers affected

EasyJet hack: How to check if your details have been stolen - and what to do next

EasyJet hack: Passenger data could be sold on dark web after major cyber attack, experts warn

EasyJet hacked as 9m customers' details 'accessed' in massive data breach

EasyJet hit by cyberattack where email and travel details for 9 million customers stolen

EasyJet says 9 million travel records taken in data breach

EasyJet Says Details of Nine Million Customers Accessed in Data Breach

EasyJet says hackers accessed data of 9 million customers

EasyJet Suffered Data Breach Exposing 9 Million Travel Records

GDPR what? European Parliament breach exposes data of 1000s of people

Hackers accessed details of 9 million EasyJet customers, credit card details of 2K+ people

Health records targeted in hack attack

Here’s what security professionals took away from Verizon’s annual data breach report

How to decode a data breach notice

Leveraging Your Microsoft Assets in this Remote Access World

Making Security a Business Priority: Four Things to Communicate to Leadership

Money is still the main motivating factor for hackers, Verizon report finds

Money is still the root of most breaches

Money still makes the cyber-crime world go round - Verizon Business 2020 Data Breach Investigations Report is live

Nine million EasyJet customer details lost in data breach

Phishers are trying to bypass Office 365 MFA via rogue apps

Post-COVID-19 working: The end of passwords?

Q1 2020 sees more data breaches than ever before

Quarter of a million customers exposed as Brazilian cosmetics brand suffers data leak

Show Them the Money: Cyber Attackers Desire Financial Gain More Than Espionage

SMBs see cyberattacks that rhyme with large enterprises due to cloud shift

The unexpected cyber threat inside your business

Ukraine Nabs Suspect in 773M Password ‘Megabreach’

Use the ABC of cyber safety

Verizon's data breach report highlights how unsecured cloud storage opens door to attacks

Verizon 2020 Data Breach Report: Money Still Makes the Cyber-Crime World Go Round

Verizon issues its Business 2020 Data Breach Investigations Report

18th May

8 ways local governments can enhance security while working remotely

15% of Small Businesses Experienced a Cybersecurity Threat in 2019

$18m in cryptocurrency exposed to theft in “dangerously unsafe” marketplaces

86% of data breaches are conducted for financial gain

Anglo-Eastern suffers ransomware attack

BlueScope reports cyber incident affecting Australian operations

Breach of Dating App Mobifriends Highlights the Ongoing Problem of Password Reuse

Celebrity law firm won’t pay ransom to hackers claiming to have ‘dirty laundry’ on Trump

Chicago Children's Hospital Sued Over Data Breaches

Co-operative Banks - A Cybersecurity disaster waiting to happen

Covve revealed as source of data breach impacting 23m individuals

Cyber Insurers Get Tough on Risk Assessments Amid Coronavirus Pandemic

Cyber Insurers Increase Scrutiny Amid Pandemic

Dark Data Dreams

Data protection and GDPR: what are my legal obligations as a business?

E-commerce platforms ‘under attack’, cybersecurity must be improved

Edison Mail bug exposed users’ email accounts to complete strangers

Edison Mail rolls back iOS update after emails reach wrong inbox

Edison Mail security vulnerability exposed accounts to other people

Equifax finally coughs up the money for its 2017 monster hack...to the banks for having to cancel your cards

Equifax Offers to Pay Banks $30.5 Million for Data Breach Claims

European supercomputers hacked, apparently to mine cryptocurrency

Extent of Taiwanese government data breaches still unknown to public

FBI: ProLock ransomware gains access to victim networks via Qakbot infections

Hacking Streak Forces European Supercomputers Offline in Midst of COVID-19 Research Effort

How Bots Can Attack Your Web Application – And How To Stop Them

I know what you leased last summer: Asset database leak hits Capita, Rolls-Royce, Tesco (every little helps, eh?)

Identity-related breaches are on the rise

Identity-related breaches on the rise, prevention still a work in progress

Improving Cyber Hygiene with Greater Social Cybersecurity Engagement

Ireland fines country's child and family agency €75,000 for data breach

Malaysia’s data protection practices still have some way to go

Many firms expect their remote workers to put them at risk of a data breach

Mercedes-Benz onboard logic unit (OLU) source code leaks online

Mitigating Cybersecurity Risks In Remote Work Environments

Multiple supercomputers across Europe targeted for cryptocurrency mining

Network security in a world of encryption

Over 190 Law Firms Affected by Advanced Data Leak That Exposed Over 10,000 Legal Documents

“PentaGuard” Hacking Crew Busted in Romania

'PERFECT CYBER STORM' - How hackers could cause a cyber doomsday during coronavirus pandemic – from shutting down hospitals to crashing banks

Protecting Organization From Cyber-Threats: Business at Risk During COVID-19

Ransomware attack 'especially disruptive' to appellate courts including Texarkana

Ransomware Gang Arrested for Spreading Locky to Hospitals

Recent cyber attacks just the tip of the iceberg for Australia

Refocusing Cybersecurity Best Practices on Security Hygiene

Remote working carries data breach risk for companies

Research finds remote working security concerns

REvil Ransomware Gang Threatens to Release Dirt on Trump

REvil ransomware hackers threatening to release “dirty laundry” on Donald Trump

Samsung, Rolls-Royce Information Exposed by Leaky Database, Security Firm Says

Scammers Are Flooding Depop and Hacking Users

Shiny new Azure login attracts shiny new phishing attacks

State unemployment agency confirms data breach

Stop & Shop, Giant find skimming devices in self-checkouts at six stores

Ten Crucial Privacy Statistics That May Surprise You

Texas Department of Transportation (TxDOT) hit by a ransomware attack

The 3 Top Cybersecurity Myths & What You Should Know

The History And Future Of Passwords (And What’s Next)

The Inconvenient Truth of Cybersecurity Failures

The New DIBBS Password Format Explained

Warning! Nigerian crime ring stealing millions in U.S. unemployment money

Why a cybersecurity framework for autonomous vehicles is now vital