Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)



Monday 25 May 2020

Data Breaches Digest - Week 22 2020

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 25th May and 31st May 2020.


31st May

Covid cyberattacks ramp up in South Africa under lockdown

Cybersecurity solutions company shares ways to secure distance learning environment

Hacker leaks database of dark web hosting provider

Here's how easyJet customers targeted in a cyber attack may get £2,000

How to Remove Malware and Viruses From Your Android Phone

Ransomware Attack Kidnaps Austrian City

Sri Lanka: No data breach occured in cyber-attack attempts

Telework cannot be ignored any longer − but what’s in it?

TV Licence Scam: Warning signs Britons should look for as cyber crime rises in lockdown

Viruses about! Cyber-security update for lenders

30th May

4 Dos and 4 Don’ts of B2B Portal Security

80,000 Credit Cards’ Data Leaked In Exchange For Cryptocurrency

Amtrak resets user passwords after Guest Rewards data breach

An advanced and unconventional hack is targeting industrial firms

Bank Of America Admits Data Breach With PPP, Notifies Customers

Bank of America data breach – was your info exposed?

“Bigfooty.com” Leaked Sensitive Data of About 100,000 Users

Cybersecurity trends that you need to be kept posted about

Dark Web Merchants Sell Thousands of Stolen Credit Card Numbers

Former IT Administrator Sentenced in Insider Threat Case

Hackers target Google Docs, Microsoft Sway to steal user credentials

How to stay safe from web-based malware

How to Use Risk Management Techniques to Improve Remote Work

New Research Reveals – Data of Over 80K Credit Cards Was Put Up for Sale for Crypto on Dark Web

NHS contact tracing undermined by hackers sending fraudulent warnings to public

Passwords on the rise despite evidence that they are increasingly unable to protect, finds Thales

The devastating home theft you’ll never see coming

Warning as Britons lose £4.6 million in shock lockdown scams - how to protect yourself

29th May

4.75 crore Indian users' Truecaller data at risk, available for just Rs 75,000; company denies claims

5 Ways to Secure Your Brand’s Remote Work Environment

70 million records exposed in data leak from AFL fan website, cyber researchers claim

American Civil Liberties Union sues facial recognition firm Clearview AI and accuses the company of 'unlawful, privacy-destroying surveillance activities'

Are connected cars vulnerable to hackers?

BigFooty.com Leaks 70 Million Records from Sports Fan Members

Bristol: Warning to parents after cyber criminals attack school website

C-suite employees most vulnerable to cyber attacks

‘Digital Tartar’ And Its Impact On Business Wellbeing

Distrust of Big Tech is Contract Tracing’s Biggest Hurdle

Five Data Breaches that Put Victims at Greater Risk of COVID-19 Scams

Google sees resurgence in state-backed hacking, phishing attacks

Hackers left customer data untouched — PLDT

How security testing could change after COVID-19

How to protect your business from COVID-19-themed vishing attacks

In Cybersecurity, Best Practices Are The Worst

Judge demands Capital One release Mandiant cyberforensic report on data breach

Kentucky: Cameron, Harmon criticize data breach handling; Beshear responds

Kentucky: Potential data breach of unemployment system occurred in April

Minneapolis Hit with DDoS Attack amid Social Unrest

Minted confirms data breach as Shiny Hunters sell its database

New report warns hundreds of terabytes of potentially sensitive corporate data is now stored on USBs located in employee homes

NSA: Sandworm Actors Exploiting Vulnerability in Exim Mail Transfer Agent

Online retailers could lose £5.9 billion through cyberattacks

Over 600 NTT Customers Hit in Major Data Breach

Phishing attack spoofs World Health Organization to steal email credentials

Ransomware attacks have evolved into something more dangerous

Revealed: Advanced Java-Based Ransomware PonyFinal

Securing the remote workforce during COVID-19 and beyond

Smart Car Source Code Leak May Compromise Customer Safety

Snake Ransomware Slithers Into the Light

State officials investigate April data breach of Kentucky's online unemployment

Test and Trace has not passed data protection impact assessment

The Most Surprising Cybersecurity Weaknesses Every CEO Should Know About

TrueCaller Data of 4.75 Crore Indians for Sale On Dark Web

Using Active Directory to Check for Leaked Passwords

What are our GDPR obligations as a business?

Why Hackers Target SMBs

World’s Largest Sovereign Wealth Fund Loses Millions in Likely BEC scam

Zero trust security: A cheat sheet

28th May

A New Free Monitoring Tool to Measure Your Dark Web Exposure

A New Ransomware Deploys Human-Operated Attacks Against Healthcare Sector

Ambry Genetics Corporation Discloses Hack and Theft of 230,000 Customer Records

American Civil Liberties Union (ACLU) sues facial recognition startup Clearview AI for privacy and safety violations

Another College Ransomware Attack Strikes Michigan State

Another Day, Another Significant Data Breach – What We Know About the EasyJet Cyber-attack

As Organizations Become Aware of Security Vulnerabilities in Cloud-Based Collaboration Applications, It’s Time to Act

Asian perspectives on cybersecurity laws

Austrian City of Weiz Falls Victim to NetWalker's Ransomware Attack

Bank of America suffers data breach in Paycheck Protection Program application process

C-Level Executives the Weakest Link in Organizations’ Mobile Security

C-suite execs often pressure IT teams to make security exceptions for them

Capital One Required to Produce Forensic Report in Class Action

CEOs Fear Falling Victim to Next Big Breach, Says Study

Chinks in the armour: Why the post COVID-19 cloud is easy game for cybercriminals

Cisco discloses security breach that impacted VIRL-PE infrastructure

COVID 19 – Remote Working & Data Protection – Risk Mitigation Strategies

Cyber crime has never been cheaper

Cyber thugs target healthcare

Cybercrime continues to be a threat as remote working grows

Cybersecurity: Half of employees admit they are cutting corners when working from home

Cybersecurity in The Age of Coronavirus - Changing Dynamics

Data Drives Business, So Why Aren't Companies Doing More To Protect It?

Data Loss Spikes Under COVID-19 Lockdowns

Data protection best practice more important than ever in cloud environment

Department of Homeland Security Cybersecurity: Top 10 Vulnerabilities Still Being Exploited

Don’t be phish food! Tips to avoid sharing your personal information online

Enforcement proves the Achilles heel for GDPR

‘Evolution of IoT attacks’ study exposes the race between cybercriminals and cybersecurity

'Failed cyberattack on Israel was designed to trigger a humanitarian disaster'

Findings from the 2020 Verizon Data Breach Investigations Report

Fortune 500 company NTT discloses security breach

Guide to preventing coronavirus phishing and ransomware

Hackers breach data of Education and Culture Ministry’s 1.3 million civil servants

Hackers hid ransomware in virtual machines

Hackers share database containing passwords and personal data from 26 MILLION LiveJournal for free on dark web forum

Half of workers 'cut corners' on IT security during Covid-19 remote working

How can organisations protect themselves from NAS ransomware attacks?

How hoteliers can mitigate data breaches

How to fight a virus: Lessons from cybersecurity

How user credentials from LiveJournal wound up on the Dark Web

Inside a ransomware gang’s attack toolbox

Is your business ready for post-Covid-19 cybersecurity?

Law firm: Phishing Still Top Cause of Data Security Incidents

Law firms under constant cyber-attack

Manager denies any wrongdoing over confidential company data

Massive shift to digital space increases the need for Cyber Security experts

Michigan State University hit by ransomware gang

Michigan State University (MSU) computer system breached in ransomware attack

Minneapolis city websites victim of cyber attack

Minted discloses data breach after 5 Million user records sold online

Moving to the cloud for an easier life? Cybercriminals are coming with you

NetWalker Ransomware – What You Need to Know

NSA warns of new Sandworm attacks on email servers

Over-Stretched and Under-Resourced: General Data Protection Regulation Two Years On

People know reusing passwords is risky – then do it anyway

PLDT holds probe after hackers defaced its Twitter support page

PLDT should notify customers if data breached, says privacy commission

PonyFinal Ransomware Targets Enterprise Servers Then Bides Its Time

Ransomware attack affects 13,146 patients' info at Alaska surgical practice

Ransomware attack threatens to release stolen Michigan State University files

Ransomware attacks: How firms can understand the impact and respond effectively

Ransomware Demands Soared 950% in 2019

Ransomware On The Rise As Home Working Increases

Ransomware’s revival

Remote and home devices are now the weakest link

Remote work could be putting sensitive corporate data at risk

Scam Financial Conduct Authority (FCA) email targets brokers

Security risk from remote workers is a problem for HR as well as IT

Sensitive Data Belonging to European Officials Leaked in a Major EU Parliament Breach

Service providers brace for up to 1.5 billion network attacks in 2020

Solving the security challenges of remote working

Studies highlight security issues for brands

Taking responsibility for cyber security in a truly virtual world

Telehealth IT Security: What Clinicians Need to Know & Tips to Keep Your Practice Secure

Test platform leaks Bank of America clients’ Covid-19 PPP loan applications

The Bank of America is the latest victim of a data breach

The personal cost of security breaches

The Security Risks You’re Probably Overlooking — and How to Fix Them

These types of businesses are in serious need of a cyber policy

Tips for educating employees on cybersecurity preparedness

Toll Group confirms attackers 'accessed' personal and payroll data of staff

Toll's cyber attacker has published the stolen data on the dark web

Truecaller data of 47 million Indians breached, company denies

UN warns of cyberattacks on medical facilities

'Valak' gives crooks flexibility in multi-stage malware attacks

Verizon report analysis: Money not espionage at the heart of cyber-crime breaches

Vermont Updates its Data Breach Notification Law

Washington: State recovers $300M in stolen unemployment money, but many jobless still waiting for help

What is Vulnerability Management?

What to Do if Your Old LiveJournal Password Was Leaked

Working from home opens up new data security threat

27th May

3 Questions Your Board Has About Cybersecurity

5 Cybersecurity Best Practices for Tackling Ransomware

23% of leading banks had an exposed database with potential data leakage

26 million LiveJournal credentials leaked online, sold on the dark web

26 million logins believed to be stolen from LiveJournal in 2017 pop up on hacker forum

28% of IT security managers in the META region missed important family dates because of data breaches

Account credentials of 26+ million LiveJournal users leaked online

After a breach, users rarely change their passwords, and when they do, they're often weaker

Another Alleged FIN7 Cybercrime Gang Member Arrested

Anti Phishing Cybersecurity Awareness Training Program For Employees

Arbonne breach of 3,500+ Californian residents’ PII could test privacy law

Autonomous vehicles must have a cybersecurity development framework

Bank of America Experiences Potential PPP Application Data Breach

Creating an emergency ready cybersecurity program

Cyber alert: tackling the unseen risk that could sink your business in 2020

Data Breach at Bank of America

Data Of 29 Million Indian Job Seekers Leaked On Dark Web

Debunking The Myth That Greater Compliance Makes IT More Secure

Despite lacking security tools, 84% of organisations support remote work

Don’t let responsibility float away into the cloud

Employment Agency and Data Protection: A Hong Kong Perspective

Former student sues Wichita State over data breach

Former UK prosecutor: Work from home options trigger new internal compliance concerns

Hackers Sell Data from 26 Million LiveJournal Users on Dark Web

Home Is Where The Hack Is: Remote Workforces Present Security Challenges

Ireland: Data Protection Commission (DPC) bares teeth to big tech with beefed-up enforcement

Kansas University Data Breach Affects Current, Former Students

Key and secrets management: The weak link in strong data protection

Make the Case for Security Spend

Man arrested following data breach at Los Al Unified

Nearly One Fifth of Law Firms Show Signs of Compromise

Netwalker Ransomware Tools Reveal Attacker Tactics and Techniques

Network Vulnerability: It May Not Mean What You Think It Means

New Zealand: Earthquake Commission (EQC) apologises for leakage of claims info

Personal data of 2.9 crore Indian job seekers leaked on dark web

PonyFinal deployed in human-operated ransomware attacks

Ransomware's big jump: ransoms grew 14 times in one year

Scammers steal "hundreds of millions" using fake unemployment claims

Security is still an issue, despite success telecommuting during pandemic

Standing Privilege: The Attacker's Advantage

Stormont now probing historical abuse victims data breach

Survey says 40% of online users in APAC experienced personal data leak

Taiwan’s Personal Data Protection Rules

The need for a holistic approach in the battle against ransomware

Toll data published on the dark web: What does it mean for you?

Top EU data protection agency under pressure to act against Internet giants as GDPR turns 2 years old

Truecaller denies breach after data of 4.75 crore Indians appear on dark web

Truecaller Denies Data Breach After Reports Claim Selling 4.75 Cr Indians' Data On Dark Web

‘Weaver Fundraising’ Is Sending Notices of a Data Breach

26th May

3 Hacking Forums Hacked! Database Leaked Online

3-week lapse for AIS data breach

Abuse victims' group says it's 'too late' for apologies over major data breach

Arbonne MLM data breach exposes user passwords, personal info

As UK Data Breach Reports Drop, Britain’s Privacy Watchdog Reveals Surge in Other Cyber Incidents

Australian customer experience firm Stellar hit by ransomware

China to set individual privacy rights in first civil code

Cloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid

Coronavirus: Cyber criminals target UAE hospitals and people working from home

Customers’ data of 3 crypto wallets, 1 investment platform hacked

Cut Hacker Dwell Time to Save Your Bottom Line

Cyber Security Threats That All IT Teams Need To Know

Cyberattacks against hospitals must stop, says Red Cross

Cybercriminals after money more than anything else

Cyberstress: How Technology Is Changing Our Brains

Cyberthreats During the Pandemic Are on the Rise

Data on 29 Million Indian Jobseekers Leaked

Data breach scam shows cryptoexchanges have a big hackable vulnerability

Database of 8 billon Thai Internet Records Exposed in Major Data Breach

Determining Liability For Security Breaches Isn't Black And White

Domino’s Pizza scam warning: Fast food text scam spreads on WhatsApp

EasyJet faces £18 billion class-action lawsuit over data breach

EasyJet faces billions in potential liability over data breach

EasyJet faces class-action lawsuit over data breach

EasyJet subject of class action lawsuit over massive data breach

Europol, Capgemini team up in cybercrime prevention, awareness campaigns

Florida Unemployment System Hit by Data Breach

From Mr Robot to cybercrime vigilante

GDPR - 2 Years On

Hackers are more active under lockdown

Hackers leak Zoomcar data of 3.5 million Indians on dark web

Hacker Stealing SQL Databases to Extort Online Shop Owners

Here's how EasyJet customers targeted in a cyber attack may get £2,000

Historical Institutional Abuse: Stormont to investigate data breach

How businesses can secure themselves in a post-COVID world

How do I select a backup solution for my business?

How to Protect Privacy While Mining Millions of Patient Records

How Using AI Vastly Improves Threat Detection

In land of big data, China sets individual privacy rights

‘In the hands of cyber criminals’: Man sues Wichita State University (WSU) over hack of decades-old student data

Irish Data Protection Commission Completes Inquiry into Twitter Data Breach

Jersey: Islanders among victims of EasyJet hack

Lawsuit filed over Ohio Pandemic Unemployment data breach

List of ransomware that leaks victims' stolen files if not paid

Malicious actor holds at least 31 stolen SQL databases for ransom

Managing data privacy risks in corporate investigations - some key considerations for businesses in the Asia-Pacific region

Mathway breach latest caper for Shiny Hunters

Maze ransomware gang leak Banco BCR card data

PGMBM issues £18bn class action claim against EasyJet over data breach

Qihoo & Baidu disrupt malware botnet with hundreds of thousands of victims

Ransomware Attack Hits One Public Figure After Another

Securing Data in Cloud Email and Messaging Applications

SIM swap fraud – an explainer

Stop collecting employee data from cameras, Teck told

Texas Court Backs Phishing Attack Insurance Claim

The Biggest Cause of Data Breaches is (Again) Frustratingly Banal

The Earthquake Commission (EQC) accidentally leaks details of 8000 claims

The Opportunity and Challenges of Offering Managed Security

The security trends set to arise from coronavirus

The surge of SaaS applications to aid remote working

Third-party access creates huge security risks

Truecaller Data Being Sold On Dark Web Doesn’t Belong To Its Users, Says Company

Turla hacker group steals antivirus logs to see if its malware was detected

Value of data security

Verizon Data Breach Investigations Report Finds an Increase in Web Application Breaches

Why Your Approach To Cybersecurity May Require Shifting Your Mindset

World leaders: Work together to stop cyberattacks plaguing healthcare systems

25th May

2.9 crore Indian job seekers’ data leaked on Dark Web

5 Tips to Prevent Your IoT Project from Taking a Wrong Turn

28% of Data Breaches in 2020 Involved Small Businesses

AI plays major role in automating cyber security threat detection and prevention

Breach Report: staying alert in the face of cyber dark ages

Building cybercrime preparedness in a digital era

Cyber security attacks

Deloitte Sued By Unemployed Ohioans Who Are Unhappy Their SSNs and Addresses Were Visible For All to See

Easyjet customers to sue over data breach

EasyJet faces huge class-action lawsuit over data breach

Easyjet hit with £18 billion lawsuit over customer data breach

Every CTO Must Take Action on These 4 Edtech Issues

GDPR: The First Two Years and Future Challenges

GDPR 2nd Anniversary: Take a Tall Stance in 2020

GDPR at Two: Critics Slam Patchy Enforcement, Sluggish Investigations

GDPR enforcement held back by lack of resources, report says

Ghana: Data breach - Disclosure needed from Chamber of Telecommunications - CSS

Government supplier Interserve hit by cyber attacks

Growing Threat of Destructive Attacks is One of the Top Cyber Risks Organizations Face

Hacker extorts online shops, sells databases if ransom not paid

Historical abuse survivors taking legal action after private details shared

Historical Institutional Abuse: Brendan McAllister 'will not resign' over data breach

Homeworkers may see employers breach GDPR

How to avoid being hacked while playing in an online casino?

In a massive data breach, over 8 billion Thai internet user records leaked

Information security risk assessments of suppliers

Massive Xbox Data Leak Similarly Follows Nintendo Data Breach

Maze gets rampant: exposes card numbers of Costa Rica Bank clients

Mercedes-Benz Data Leak: Embarrassing But Endurable

Microsoft warns of massive COVID-19 phishing attack: Pandemic has made India a playground for cyber scammers

Northern Ireland customers sue EasyJet after major data breach

On Anniversary of GDPR Enactment, Israel’s Privacy Laws Still Far Behind

Pandemic Unemployment Assistance applicants believe second data breach took down site Sunday

Phishing campaign hijacks Google Firebase storage

Popular Maths Site Investigates ‘Potential Data Compromise’

Quidd data breach exposes 4 million users, including youngsters

Ragnar Locker ransomware uses a clever trick to dodge detection

RangeAmp attacks can take down websites and CDN servers

Ransomware Attacks Are Exploding in the Education Sector

Ransomware attacks are targeting the education sector, report reveals

Research: Women Are Better at Cybersecurity Than Men

Retailer IN SPORT's head office hit by ransomware

SIM Swap Traps BlockFi Too in “Temporary Data Breach”

States plead for cybersecurity funds as hacking threat surges

Thousands of enterprise systems infected by new Blue Mockingbird malware gang

ThreatList: People Know Reusing Passwords Is Dumb, But Still Do It

Trezor Calls Claims of Hardware Wallets’ Data Breach a ‘Hoax’

UK businesses reported 2,629 security incidents to ICO in Q4

UK Data Breach Reports Decline

Unprepared remote workers put cybersecurity at risk

What is the dark web? Your questions answered, in plain English

Why Is 3sYqo15hiL Such A Popular Password?

Why Retailers Should Take Action to Avoid the Next IoT Security Disaster

Working from home for a while? Here’s how to do it securely

ZLoader Banking Malware Resurfaces