Editor's Message

Welcome to DBD. On March 8th 2026, DBD celebrated it's sixth anniversary and PRiSM celebrated it's third anniversary. Both projects have made a huge impact on my life and I'd like to thank each and everyone of you who have supported me, with special thanks to those individuals and communities who have helped me build up my knowledge on cybercrime and ransomware over the years. Thanks again for all your continued support. Stay safe. :)


“Data Breaches Digest and its PRiSM portal provide Dentons Global Security Team with valuable insights into the ransomware landscape, from the latest incidents to trends over time, as well as the ability to customize visual analytics. Timely reports and tracking by Data Breaches Digest help inform cyber intelligence for the world’s largest law firm and thus our cybersecurity posture across more than 80 countries worldwide.”
Dentons Senior Analyst, Washington D.C.



Monday, 27 April 2020

Data Breaches Digest - Week 18 2020

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 27th April and 3rd May 2020.


3rd May

A security lapse in Reliance Jio’s coronavirus symptoms checker exposed user data

Data breach jeopardizes more than 15 million Tokopedia users, report finds

Ghost blogging platform servers hacked and infected with crypto-miner

GGhost blogging platform suffers security breach

Hackers breach LineageOS servers via unpatched vulnerability

Nintendo 64, GameCube, & Wii Source Codes Stolen & Put Online

Security lapse at India’s Jio exposed coronavirus symptom checker results

Tesla Data Leak: Old Components With Personal Info Find Their Way On eBay

Tesla has been getting rid of computers without wiping them — compromising customer accounts

Tokopedia Investigates Data Breach Compromising 15m User Accounts

What Are Cookies And How Do I Get Rid of Them?

2nd May

Beware Compromised Business Email...and the Litigation that Follows

COVID-19 News: FBI Reports 300% Increase in Reported Cybercrimes

Data Protection Laws And Their Importance

French daily Le Figaro leaks 7.4 Billion records

Hacker leaks 15 million records from Tokopedia, Indonesia's largest online store

Home affairs data breach may have exposed personal details of 700,000 migrants

Le Figaro caught out in database exposure

Supersonic fixes leak in data usage website

Xiaomi Found Collecting Browser Data Even in Incognito Mode

1st May

4 security threats retailers should watch out for during the rest of 2020

Account Takeover Attacks Found to be Evolving at a Rapid Pace

Automatic Number-Plate Recognition System Exposes 9 Million Records

Do you trust your cloud provider to protect your data? Well...maybe you shouldn’t

Dreambot malware operation goes silent

GDPR ‘in danger of failing’ due to lack of resources

Hackers deploying new types of malware, phishing, scams

How Organizations Can Ramp Up Their Cybersecurity Efforts Right Now

How ransomware attacks are making the most of the COVID-19 crisis

Keeping Your Customer Data Secure When Working Remotely

LabCorp faces shareholder lawsuit after 2 cyberattacks in 12 months

LockBit, the new ransomware for hire: a sad and cautionary tale

Maze Ransomware Attack on Cognizant May Impact Customers

Maze Ransomware group steals 11m card data from Banco de Costa Rica

New phishing campaign packs an info-stealer, ransomware punch

Ninja Forms WordPress bug exposed over a million users to XSS attacks, website hijacking

Office 365 May Be a Popular Target for Bad Actors, But Difficult to Hit

Oracle warns of attacks against recently patched WebLogic security bug

Phishing attacks spoof Microsoft Teams to steal user credentials

Phishing Campaigns Target Senior Executives via Office 365

Quibi leaked users' emails to Google, Facebook, and Twitter

Ransomware Payments Surge 33% as Attacks Target Remote Access

Researchers Uncover “Agent Tesla” Malware Abusing MS Office Vulnerabilities

SaltStack Salt critical bugs allow data center, cloud server hijacking as root

Tax2efile Releases Statement about Data Breach

The new cybersecurity resilience

The Week in Ransomware - May 1st 2020 - Banishing the Shade

We Don’t Need More Cybersecurity, We Need Better Cybersecurity

Why Most Modern Online Fraud Prevention Methods Are Falling Short

Why Traditional Identity Verification Methods Are On Their Way Out

Xiaomi Users, Beware: Your Data is Being Read by Chinese Servers

30th April

As companies rely on digital revenue, the need for web and mobile app security skyrockets

Bad Actors Have Adapted Well to the Pandemic Crisis

Brute force attacks against remote desktop apps skyrocket during pandemic lockdown

Chegg Confirmed Data Breach of Employee Records

Chegg suffers its third data breach in as many years

Clop ransomware leaks ExecuPharm's files after failed ransom

Cyber-Criminals Increasingly Using Official reCAPTCHA Walls in Phishing Attacks

Data Privacy and Data Security: Outsourcing to Third Parties and the Effect on Consumers, Companies, and the Cybersecurity Industry as a Whole

Ed-Tech Company Chegg Suffers Third Breach Since 2018

EventBot: A New Mobile Banking Trojan is Born

EXPOSED! 8.6 Million Car Licenses Open Publicly After Breach Seen on England's Traffic Database

FBI: Cyber actors taking advantage of Covid-19 pandemic

Hackers exploited SQL injection flaw to compromise Sophos XG firewall devices

Half of remote workers feel vulnerable to growing cyberattacks

How to Prevent Zoom Credential Theft

How to protect your business from cyberattacks

Investors sue LabCorp over security failures in light of data breach, ransomware attack

LabCorp slapped with shareholder suit over data breaches

List of data breaches and cyber attacks in April 2020: 216 million records breached

Nintendo data breach reportedly caused by credential stuffing

Nintendo Switch, PayPal Hack: 160,000 Users Fall Into Huge Breach of Players’ Details

Quibi’s email verification process reportedly sent data to multiple ad firms

Ransomware mentioned in 1,000+ SEC filings over the past year

Sextortion scammers still shilling with stolen passwords

SQL Injection Attack: What It Is & How to Protect Your Business

Stolen device containing personal info among four data breaches at City Hall in 2019 and 2020

Surge in Scammers Using reCaptcha Walls to Increase Phishing Attacks

What Is The State of Data Security in the Cloud in 2020

Whoops, Quibi was "improperly" sharing your data with other companies

29th April

4 Telltale Signs Your Business Is Ripe for a Cybersecurity Attack (and How to Respond)

10 Ransomware Strains Being Used in Advanced Attacks

Banner Health settlement approval brings years-long data breach saga to a close

Breach of Clearview AI Source Code Renews Concerns About Law Enforcement Facial Recognition Programs

California tops states with highest number of data breaches and records lost

Chatbots Security Risks and How to Overcome Them

Companies should protect more than their firms in cybersecurity

Coronavirus: Half of remote workers 'victims of cybercrime'

Council apologises after data on 1,000 businesses shared due to ‘isolated human error’

COVID-19 Scams Raise Security Concerns for Businesses

Cyber Criminals Ramping Up Phishing Attacks amid COVID-19 Crisis

Cybersecurity Threat Actors Target Data of Businesses Seeking Economic Relief

Data Breach Settlement Calls for Enhanced Security Measures

Data protection blunder sees millions of Sheffield drivers' activities posted online

Employee data stolen in latest hack of edtech company Chegg

Every industry is now hunting ground for cyber criminals

GDPR ignored by Warwick University? - failure to alert staff & students over data breach

Hackers Broke Into Zaha Hadid Architects’ Servers and Demanded Ransom for the Return of Stolen Data

Hackers hit Chegg for the third time since 2018

How 160,000 Nintendo Accounts Were Hacked and Sold

How can cybersecurity impact physical security (and vice versa)?

Lessons Learned from Clearview AI’s Web Scraping Actions

Losing a password can be as stressful as facing illness

Mitigating ransomware and phishing attacks during a pandemic

MSP Security: It’s Not a Luxury

Oxford University Conservative Association email leaks mailing list

PayPal ‘Critical’ Login Hack: New Report Warns You Are Now At Risk From Thieves

Pharma Giant ExecuPharm Suffers Data Breach/Ransomware Combo

Phishers Start to Exploit Oil Industry Amid COVID-19 Woes

PrimoHoagies Sued Over Data Breach

Quibi, JetBlue and Others Gave Away Email Addresses, Report Says

Ransomware Attack on Portuguese Energy Company EDP Shows Increasing Trend Toward Public Leaking of Sensitive Information

SaltStack users warned – Patch by Friday or compromised by Monday

Security breach in a traffic camera database exposes information about 8.6 MILLION car trips tied to individual license plates

Sheffield Council exposes details of 8.6 million road journeys to the internet

Sheffield data breach: Drivers' details 'leaked' online

Think insider data breaches don’t happen at your organisation? Think again…

“Threat Detection has Evolved from Static to Dynamic Behavioral Analysis to Detect-Threatening Behavior”

Two European Usenet Providers Announce Data Breach and Blame Anonymous Third-Party Company

Two Usenet providers blame data breaches on partner company

U.S. Conspiracy Theorist Probably Behind Leak of WHO, Gates Foundation Data

US Cybersecurity: 64% Americans Don’t Have Data Breach Response Plan

Usenet providers reveal major security breaches

With everyone forced indoors and online by the lockdown, cases of cybercrime are increasing

WHO, Bill Gates Foundation and CDC may have been hacked

Who is responsible for our data and how do we get it back?

Why Data Centers Need Formal Data End-of-Life Processes

Why payroll security is even more essential now remote work is the norm

York council admits data breach after sharing account details of city businesses

Zaha Hadid Architects' Servers Hit by Hackers, Confidential Data Stolen

28th April

7 Steps to Deal with a Data Breach

Adapt to survive: what the IT industry is STILL doing wrong

Addressing the Cyber Resilience of Healthcare Systems During the Coronavirus Pandemic

Attackers on the Hunt for Exposed RDP Servers

Authorities scratch heads over data breach

Closing the security gap in the supply chain

Data breaches require preventative measures, not just reactive

East Suburban clinic reports data breach affecting 500 patients

FBI Urges Vigilance Around Social Media Info Sharing

Five Tips On Training Staff to Avoid Coronavirus Scams

Five ways our approach to cybersecurity could change post COVID-19

Hackers threaten to leak data from high-end architecture firm Zaha Hadid

Half of Americans Refuse to Make Purchases Due to Privacy Concerns

How can HR can support cybersecurity for remote workers?

How Small Businesses Can Protect Customer Data

How to Future-proof Your Child's Credit From Fraud

Intel report warns Zoom could be vulnerable to foreign surveillance

Is Your Favorite Video Chat App Secure?

Kavaliro IT Solutions Announced a Breach Which Exposed Customer Data

Massive & Unprecedented Security Breach Takes Usenet Providers Offline

Microsoft Office 365 heist highlights sophistication of cultural engineering cyber attacks

Optus hit with $40 million class action after alleged data breach of 50,000 customers details

PhantomLance spying campaign breaches Google Play security

SBA data breach released tons of new applicants’ data

Social Engineering Scams Are On the Rise – Do I Have Insurance Coverage for That?

The Biggest Data Leaks of the Decade and the Financial Devastation They Caused

Usenet Providers Went Offline Following Massive Security Breach

Warwick University suffered multiple breaches due to poor security protocols

Warwick University Under Fire After Reported Breach Cover-Up

Why You Need Both SIEM and SOAR Solutions in your Cybersecurity

Zaha Hadid Architects says it will not pay ransom after cyber attack

Zaha Hadid Architects suffers cyber attack during coronavirus lockdown

Zaha Hadid warns architects to be vigilant after falling prey to cyber attack

27th April

5 common mistakes that lead to ransomware

5 Security Tips for Your Business while Homeworking

Aimed at Moving Targets: Five Cyber-Threats That Put Mobile Devices at Risk

Best practices to ensure data security while working remotely

Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams

Biopharmaceutical Firm Suffers Ransomware Attack, Data Dump

Brave accuses European governments of GDPR resourcing failure

Chinese Firm Researching Coronavirus Detection Got Hacked and the Data Is on the Dark Web

Credential stuffing: the annual $6 million challenge

Customer Confidentiality - How To Protect Confidential Customer Data?

Cyber distancing – The new norm in secure distance learning

Data governance and COVID-19 data security challenges

DoppelPaymer Ransomware Attacks California City; Hackers Steal Data

Gamer's beware: 160K Nintendo accounts breached

Group-IB detects US and South Korea card data dump on dark web

Hackers Access Etana Custody Clients’ Details, Funds are Safe

Hackers publish ExecuPharm internal data after ransomware attack

Hackers spoof SBA to try to compromise companies' computers

Half a Million Zoom Accounts Compromised by Credential Stuffing, Sold on Dark Web

How to build a secure remote working organisation

How to Write a Disaster Recovery Plan for Your Business

Insider Breaches Remain a Major Concern, but New Email Protections Can Help

Lessening data privacy risks in the work-from-home era according to an expert

Microsoft Teams fixes funny GIFs cyber-attack flaw

Microsoft Teams flaw could let attackers hijack accounts

Most IT leaders believe remote workers are a security risk

NPC to probe unauthorized disclosure of COVID patients’ information

Optus facing class action over alleged customer privacy breaches

Petrol stations need to protect data

Ransomware gangs are changing targets again. That could make them even more of a threat

Shade (Troldesh) ransomware shuts down and releases decryption keys

'Smart' parking meter vendor had data stolen in ransomware attack

Solving the Case of the Missing Data

South Korean and US Payment Card Records Valued at $2 Million up for Sale on Dark Web

Third-party compliance risk could become a bigger problem

Three firmware blind spots impacting security

Top 10 Cyber Incident Response Mistakes and How to Avoid Them

Trustwave report highlights biggest cybersecurity trends of today

U.S. Universities Hit With ‘Adult Dating’ Spear-Phishing Attack

University of Warwick kept data breach secret from students and staff

Users’ Funds Are Safe Following Reported Etana Custody Breach

Warwick University kept data hack secret from students and staff

Warwick University was hacked and kept breach secret from students and staff

What Every Business Needs to Know About Consumer Data Privacy in 2020

Why effective data protection in healthcare matters

Your workforce is your front line defence against data breaches

Zaha Hadid Architects held to ransom by cyberhacker

Monday, 20 April 2020

Data Breaches Digest - Week 17 2020

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 20th April and 26th April 2020.


26th April

Chinese ‘Frontline’ COVID-19 Research Firm Hacked: Data Now On Dark Web

Crooks are grabbing victims' money with offers of free Netflix: An ex-con reveals his tips to beat the lockdown TV scams

Kaspersky report: Nearly half of employees don't know how to respond to ransomware attacks

Why we adopt then abandon online safety practices

25th April

160,000 Nintendo Network IDs compromised from suspected breach

Apple Confirms New Warning Affecting Almost All iPhone Users

Email, class registration, payroll down from computer hack at Illinois Valley Community College

Nintendo Discontinues Support For Nintendo Network IDs Due To Recent Hacking

Payment processor exposes 2.5 million credit card transactions

Personal data hacked from 23 million Webkinz child game players

Remote Working Is Transforming The Cyber Security Landscape in 2020

Ways to get around being data mined

24th April

67% of Small Businesses Aim to Increase Cybersecurity in 2020

400,000 US, South Korean card records put up for sale online

Android malware is still a huge issue, but that doesn't mean Android is unsafe

Apple disputes recent iOS zero-day claim

Apple fixes critical iOS vulnerability that hackers used to steal private data for years

CISI to compensate fraud victims after website hack

COVID-19: Cyber threats increased by 37%, are you at risk?

COVID-19, Work-From-Home and the Risks of Data Leakage: Here’s How to Protect Your Company

COVID-19 crisis: Congress slams Nagaland government after data security breach

CyberAttack: Another pandemic in the wake of COVID-19

Cyber Chasse Alerts Healthcare Organizations over Increase in Cyber Attacks

Data breach! 20 million app store credentials leaked

Data breach lawsuit advances against Hy-Vee

Data on computers health unit left behind prompts letter to privacy commissioner

Digital Fraudsters Treat COVID As An Opportunity

Exercise app accused of “massive data leak”

Flaw in iOS Mail App May Put Millions at Risk

Genetic Testing Lab Hack Affects 233,000

How Privileged Access Management Can Protect PII

Judge approves $8.9M settlement for Banner Health data breach

Kaspersky Finds 30% of IT Security Managers Missed Important Personal Events due to Data Breaches

“Lockdown” related data security risks have soared

Michigan State Grapples with Data Breach in Third-Party Software

Nagaland Congress seeks action against data security breach of stranded people

Nintendo Confirms Massive Data Breach of Up to 160,000 User Accounts

Nintendo finally admits ‘unauthorised access to some Nintendo Accounts’

Nintendo Left Gamers Vulnerable Long Before Shocking Data Breach

Nintendo says 160,000 users impacted in recent account hacks

OneSpan: how to protect from account takeover fraud

Over half of organizations expect remote workers to be a data breach vector

Poland implicates Russia in cyberattack, info op aimed at undercutting U.S. relations

Privacy commissioner asked about 'information' left on computers abandoned by health unit

Security alert: 'Dramatic' increase in cyberattacks says WHO, after passwords leaked online

SMEs face increased cybersecurity risks, phishing attempts

Stuck at home, UK lockdown DIY fans slammed with Robert Dyas data breach

The Best Password Security Tips to Avoid Getting Hacked

The Bigger Perimeter Picture of #COVID19

The Human Brain is Both a Liability and Asset for Cybersecurity: Here’s Why

The real cost of a data breach

Trucking Companies: The New Target for Scammers

What All Employees With Network Access Should Know About Cybersecurity

When is a Data Breach Not? The WHO and Gates Foundation Compromises

WHO Reports COVID-19 Spurs Rapid Rise in Cyberattacks Against Staff

Why cloud data protection is a must in the time of COVID-19 crisis?

Work-from-home creates multitude of opportunities for leaks

Zoom Phishing Campaign Tricks People into Revealing Login Credentials

23rd April

500 million iPhone-iPad users have a big dent in data

2020 Trustwave Global Security Report Places Ransomware Threat In Context

A carrot-and-stick approach to fixing cyber security complacency

Alleged Neo-Nazis Post WHO and US Gov Log-ins Online

Companies must invest in cyber security and assess elevated risks of home working

Confidential details of entire WA Police Force accessed in 'startling' audit breach, CCC finds

Credentials of WHO, World Bank & NIH officials shared online

Cyberattacks continue amid COVID-19 pandemic

Data Breach Report: Kinomap, Exercise App, Exposes 42 Million User Records

Data Breaches Impact Employees’ Work-Life-Balance

Data Leak Complicates Hack Against Torrance, California

Email bungle at company seeking jobkeeper payments exposes staff's personal details

Email Credentials of WHO, The Gates Foundation, Other Leaked Online

Enterprises are getting more high-risk calls as fraudsters exploit COVID-19

Facebook profile details of over 267 million users stolen and sold on the dark web

Four keys to proper cyber-hygiene on World Password Day 2020

French Fitness Tech Firm Kinomap Suffers Data Breach; Exposes 42 Million User Records

Hackers target Robert Dyas to steal customers' payment card details

How sextortion scam emails sneak past security filters

How the Dark Web Fuels Insider Threats

How to Keep Your E-commerce Customers Safe?

iOS Mail application suffers from a serious security breach

La Playa hit by phishing scam

Lessons learned from the Small Business Administration's data breach

Maze Ransomware – What You Need to Know

New Facebook Data Breach as Hackers Sell Tens of Millions of Facebook Accounts Details for Low Price

New Zoom vulnerability lets hackers record any meeting anonymously

Nintendo Faces Hacking Onslaught; This Is How To Protect Yourself

Over half of organisations expect remote workers to increase the risk of a data breach

“Paay” Left an Unprotected Database Online Containing Credit Card Details

Paay open database exposes 2.5M transactions, challenges PCI compliance

Possible data breach with States grant scheme being investigated

SBA Loan Program for COVID-19 Relief Suffers Data Breach

SBA reveals potential data breach impacting 8,000 emergency business loan applicants

Security considerations for working in a COVID-19 world

Security Threats Facing Modern Mobile Apps

The Evolving Threat of Credential Stuffing

Was My Data Really Stolen?

WHO, Wuhan Institute of Virology, Gates Foundation find their data hacked

With Cognizant attack, Maze ransomware finds its way into IT services supply chain

Zoom's Security Pile-on Caused a Lawsuit - Are Microsoft, Cisco and Others Next?

22nd April

2.5M credit card records belonging to transaction firm PAAY exposed online

Almost 8,000 could be affected by federal emergency loan data breach

Apricorn survey highlights dangers of remote working and data breaches

Cybercriminals unleash wave of COVID-19 attacks on businesses

Far-Right Extremists Publish 25,000 Email Addresses Allegedly Tied to COVID Fight

How to Secure Your Website against Data Breaches

IAITAM says organisations are wide open to attack

Italian Email Provider Email.it Breached; Data for Sale on Dark Web

“KandyPens” Has Leaked Full Customer Credit Card Details

Nagaland govt investigating data leak of stranded persons

New phishing hotline sent 5,000 suspicious emails in just one day

Online leak undermines Torrance’s claim that no personal data was affected by cyberattack

Payments Startup Paay Left 2.5M Credit Card Info Exposed

PrimoHoagies warns online customers of data breach

Ransomware is now the biggest online menace you need to worry about - here's why

Rising US healthcare data breaches raise serious concerns about personal data security

21st April

5 Steps to Protect Sensitive Data

267 Million Facebook User Records for Sale on Dark Net

A Tale of 3 Breaches: Incident Response Challenges

Aptoide app store hacked, 20 million user database leaked

Beaumont Health Reports 2019 Data Breach Impacting 114K Patients

BT expert on balancing security and Digital Transformation

Children's game Webkinz suffers from a data breach

COVID-19 lockdowns are causing a huge spike in data breaches

DoppelPaymer Ransomware hits Los Angeles County city, leaks files

Five Reasons Why Data Security Should Be a Top Priority

Cybersecurity awareness tips for employees in 2020

Hackers Attacked Businesses 22 Million Times In The Last 7 Days Globally

Hackers Target Top Officials at World Health Organization

Here's a list of all the ransomware gangs who will steal and leak your data if you don't pay

Information for about 112,000 exposed in data breach at Beaumont Health

Lessons to be learned following Netherlands Covid-19 app data breach

Michigan State University says data breach of third party vendor impacts hundreds

Millions of Facebook profiles for sale on the Dark Web

Neo-Nazis Are Spreading a List of Emails and Passwords for Gates Foundation and WHO Employees

New Cybersecurity Challenges for FinTech Industry

New Trustwave Report Reveals Cybersecurity Threats Becoming Pervasive and Attacks More Targeted

Newest Maze ransomware victim - IT giant Cognizant

Nintendo aware of “unauthorized access” to Nintendo Accounts, “investigating” potential data breach

Nintendo owners urged to secure accounts

Personal information of nearly 8,000 business owners applying for disaster relief amid COVID-19 crisis is exposed during a glitch on the Small Business Administration's website

Phishing email scam exploits HMRC job retention scheme

Princeton cybersecurity expert says working remotely presents opportunities for hackers

Rethink Your Cyber Security Stack to Avoid Agent Fatigue

SBA data breach compromises business owners’ data

SBA reports data breach in disaster loan application website

SBA website leaks personal data of 8,000 small-business loan applicants

Security Weakness in TikTok

‘Squar Milner’ Has Announced a Data Breach Affecting Customers

Survey: Most Federal Officials Expect Cloud Service Providers to Secure Their Data

The real cost of fighting the inside threat

U.K.’s Data Protection Regulator’s Updated Guidance on “Empathetic and Pragmatic” Approach

UniCredit Hackers Try to Sell Employee Data on Cyber-Crime Forums

What the Clearview AI Breach Tells Us About Cybersecurity Today

When data protection is not enough

20th April

267 Million Facebook Identities for 500 Euros

Gamers Report Unauthorized Access to Their Nintendo Accounts

Island Direct denies cybersecurity breach

MailGuard warns against extortion phishing emails

Proposed government coronavirus tracking app falls at the first hurdle due to data breach

Ransomware Attacks New Orleans Government Agency

Why organisations should be wary of Maze ransomware?

Monday, 13 April 2020

Data Breaches Digest - Week 16 2020

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 13th April and 19th April 2020.


19th April

Ford and VW cars exposed to hackers after ‘serious’ security flaws

Hacker Claims Android App Store Breach: Publishes 20 Million User Credentials

Hackers selling 267 million Facebook records on hacker forum

Hidden bug in FPGA chips can help hackers steal critical data

Webkinz Data Breach Leaked About 23 Million User Accounts

18th April

AI in your Email: What is Human Layer Security?

Cognizant And Its Customers Hit By Maze Ransomware

Cyber security agencies suspect massive data breach in the last few days

Data Security Issues in Cloud Computing

FBI says cybercrime reports quadrupled during COVID-19 pandemic

Gmail accounts targeted with millions of phishing attacks - here's how to stay safe

Hacker leaks 23 million usernames and passwords from Webkinz children's game

IT services giant Cognizant suffers Maze Ransomware cyber attack

Misconfigured server exposes ClearView AI's source code

17th April

Audits Don't Solve Security Problems

Beaumont Health says 112K patients were impacted by data breach

Coronavirus scams: This is how much people have lost to online fraudsters so far

Covid-19 will make cyber and digital insurance policies more relevant than ever

Cybersecurity for Remote Working: Is Your Business Ready?

Details of 20 million Aptoide app store users leaked on hacking forum

DHS CISA: Companies are getting hacked even after patching Pulse Secure VPNs

Famous Data Breaches You Can Learn From

Ingram data breach: Digital content platform hack resulted in theft of publishers’ titles

“Lincoln Financial Advisors” Disclose Data Breach Affecting Clients

Most consumers admit to sharing passwords with someone outside their home

Personal employee information mistakenly published at Thunder Bay Regional Health Sciences Centre

PoetRAT Trojan targets energy sector using coronavirus lures

UK Tax Refund Email Scam Uncovered

Varsities ditch Zoom app over data breach warning

What data breaches teach us about security procedures

Zoom Rolls Out New Measures To Tackle Security Breach As MHA Warns Against Its Use

16th April

“AST LLC” Announces Data Breach and Circulates Notices to Employees

California software developer hit with W-2 scam

Canadian Authorities Email Private Details of 247 MS Zaandam Cruise Passengers

Cyber crime scammers blackmail South Yorkshire residents over porn

EDP data breach highlights need for cybersecurity

GDPR Do-Over: Thousands of Breaches, Millions in Fines Point to More Work Ahead

Govt minister’s Zoom webinar hijacked to display porn

Halton police warn of ‘phishing’ scam after receiving complaints

How Can Your SMB Handle Ransomware And Other Cyberthreats?

How to Secure Your Data During Coronavirus

ICO to relax GDPR enforcement during coronavirus economic downturn

Microsegmentation architecture choices and how they differ

Misconfiguration Remains the #1 Cause of Data Breaches in the Cloud

Pastebin just made it easier for hackers to avoid detection, researchers say

‘Sextortion’ scam emails uses real passwords to blackmail for ‘watching porn’

U.S. Government Offers $5 Million Reward To Identify North Korean Hackers

Wappalyzer Data Breach Exposed 16,000 Customer’s Email Addresses

Zoom not safe to use: Indian govt warns amid Coronavirus lockdown

15th April

4 Ways to Avoid Getting Hacked While Working From Home

40% of Data Breaches Affect Customer Information How Can Businesses Reduce the Potential Damage?

278% Rise in Leaked Government Records During Q1 of 2020

A legal perspective on data breaches and home working

Almost four million Quidd users have credentials exposed

Business Email Compromise Is Extremely Costly And Increasingly Preventable

Businesses Skating on Thin Ice Using Third-Party Services

Cyber Attacks on the Rise in Nepal Aftermaths the Recent Data Breach – Basic Preventive Measures

Cyber cover: The world of cyber insurance

Cybersecurity training: the key to strengthening your security posture

Employees are a weak link in cybersecurity: How to protect your business

Firms encouraged to remind staff working from home of GDPR policies

Keeping Your Business Out Of The Phishing Net

Linksys forces password reset for Smart Wi-Fi accounts after router DNS hack pointed users at COVID-19 malware

Massive growth in leaked government records

New York State Confirms Breach of Government Network

PII of 115 Million Pakistani Mobile Users Up for Sale on Dark Web

Power giant EDP 'faces $11m ransomware demand after cyberattack'

Remote working has increased the risk of a cyber breach, according to study

Survey finds widespread concern over cloud security risks during the COVID-19 pandemic

The Power Of Data Governance

TikTok accounts of WHO, Red Cross hacked: Expose platform's serious problem

Wappalyzer discloses security breach after hacker starts emailing users

14th April

4 million Quidd user accounts dumped on hacker forum for download

Account details for 4 million Quidd users shared on hacking forum

Cyber Criminals Increasingly Will Target Top Executives in Ransomware Attacks

Cyber threats are rising as hackers exploit coronavirus fears and work-from-home trend, experts warn

Digital Convenience Threatens Cybersecurity

Equifax settles Indiana case over massive data breach for $19.5 million

Ford and VW’s top selling cars can be hacked

Four Cloud Mistakes That Put Your Data At Risk

How to Make Your Passwords Stronger In the Coronavirus Era

How to Protect Your Zoom Account From Recent Data Breaches

Indiana gets $19.5M settlement over Equifax data breach

Ingram shuts down data breach at CoreSource

Intruder alert! How to keep Zoom meetings secure

IT Security Risk Management Best Practices

Over 500,000 Zoom accounts on sale on dark web for less than 1 sen each

Potential data breaches make up 14% of Commonwealth incidents reported to ACSC

Preventing data security breaches and what to do if one happens

Quidd data breach: nearly 4 million registered users affected

RagnarLocker ransomware hits EDP energy giant, asks for €10M

Ransomware attacks lock 2 Manitoba law firms out of computer systems

Russian state hackers behind San Francisco airport hack

San Francisco Airport data breach: Double website hack may have lifted users’ Windows login credentials

The Next Cyber Breach Could Be Closer Than You Think

TikTok 'hacked', fake COVID-19 video posted from verified WHO account

Why You Need MFT for Healthcare Cybersecurity

You're One Misconfiguration Away from a Cloud-Based Data Breach

Zoom security: Your meetings will be safe and secure if you do these 10 things

13th April

1.1 million SCUF Gaming customer records exposed online due to faulty server security

5 Tips for Protecting Your Business Against Cybersecurity Threats

Compromised email account leads to Saint Francis Ministries data breach

Cyber-Threat Ready: The pandemic escalates scammer's new ransomware attacks

Cybercriminals leveraging on Covid-19 for fake news, scams

Cybersecurity: making manufacturing secure

Cybersecurity tips to prevent a catastrophe during COVID19 like pandemic situations

Data protection ranks as top security issue for SEA companies

Examining a Hospital Ransomware Outbreak

Hackers file fake tax returns in scheme to steal IRS refunds

Hartford HealthCare Data Breach May Have Compromised Patient Information

Maropost's Data Breach vs The Biggest Data Breaches of 2020

Over 500,000 Zoom accounts sold on hacker forums, the dark web

PTA investigates data breach of 115mn Pakistani mobile users

Reframing Insider Threat: What Does it Mean When Everyone’s Working from Home?

San Francisco airport websites hacked to steal staff passwords, says notice

SCUF Gaming Customer Data Breach: What You Need To Know

Singapore allows schools to resume Zoom use for home-based learning

The Rise of the Secure Internet Gateway

Tips On Protecting Your Virtual Meetings To Avoid A Cyber Security Breach

Travelex Paid Hackers $2.3 Million Worth Of Bitcoin To Regain Access To Its Systems After A Ransomware Attack!

WordPress sites using WooCommerce targeted by credit card skimmers

Working Remotely And Cyber Security During The COVID-19 Outbreak

Monday, 6 April 2020

Data Breaches Digest - Week 15 2020

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 6th April and 12th April 2020.


12th April

Coronavirus and Managing Remote Work Cyber Risks

Cryptocurrency Hackability, All That One Needs to Know

Cyber risk assessment: AI and ML are critical cyber security tools

Cybersecurity cases rise by 82.5%

Hacker Hits Italy-Owned Bank’s Emails, Data Breach Unknown

Irish data protection commissioner liaises with European colleagues over Zoom concerns

Login credentials stolen in hack of San Francisco International Airport websites

Pakistan's FIA asked to probe mobile data breach

SEC settles with two suspects in EDGAR hacking case

The Impact of Coronavirus on Cybersecurity

11th April

Data of 115m Pakistani mobile users put up for sale on dark web

Epilepsy Foundation followers exposed to seizure-inducing strobe lights in cyber attack

Is Zoom doomed?

Staff Mailboxes at Italy's Monte Dei Paschi Suffer Hacker Attack

10th April

3 Business Reasons Why You Shouldn’t Be Slashing Security Right Now

115 Million Pakistani Mobile Users Data Go on Sale on Dark Web, claims cybersec company

As coronavirus intensifies, so does cybercrime for businesses

Box CPO: Malware Presents "Tremendous Amount of Exposure" for Companies

Brazilian food and drug regulator bans Zoom

Compromised Zoom Credentials Swapped in Underground Forums

Coronavirus: Teachers in Singapore stop using Zoom after 'lewd' incidents

Dutch police take down 15 DDoS services in a week

Gambling company to set aside $30 million to deal with cyber-attack fallout

How Can CDOs Resurrect Data Protection?

Protecting long-term care facilities from cyberattacks and data breaches

San Francisco International Websites Hacked: Airport Discloses Data Breach

'Serious risk' of personal data leaks to add to honours blunder

Sextortion emails and porn scams are back – don’t let them scare you!

Suspecting Cyber Attack, Mediterranean Shipping Company Reports Network Outage

The Equifax Saga: It Could Happen Again. Don’t Let It

The importance of security for printers and other office software

The line between biological and cyber-threats has never been so thin

Tips For Businesses To Prevent And Recover From Cyber Attacks

Top Ways to Guard Against Work-from-Home Phishing Threats

Travelex paid $2.3 million in ransom to restore its systems

Travelex Ransomware Attack Payment: $2.3 Million

9th April

4 Statistical Reasons Data Security Should Be a Top Priority for Small Businesses

7 Ways Hackers and Scammers Are Exploiting Coronavirus Panic

After SpaceX, Google bans its employees from using Zoom over security concerns

All That Cloud Data Is Causing Firms to Focus on the Wrong Security Issues

Bisq Bitcoin exchange slams on the brakes after exploit of critical security flaw, crypto theft

Cabinet Office at risk of further data breaches, review concludes

City settles with Equifax for $1.5M over data breach

Coronavirus Cyberscams and Other Attacks – Scammers Are Still at It

Coronavirus online scams: How to protect your data and device

Cyber Security: More than just an IT issue

Data Breach Report: RigUp Exposes More Than 70,000 Private Files

Delete this VPN now, millions of users warned

Department for Education data protection ‘tightened significantly’ after massive breach of learner records

Fleeceware apps discovered on the iOS App Store

Hackers leak personal info of Vianet users

Healthcare security: LA respiratory hospital hit by supplier data breach

How Covid-19 will revolutionise SMEs' cyber security practices

Inoculating Against the Long-Term Fraud Implications of Remote Working

Is Zoom safe to use?

Maropost’s Leaky Database on Google Cloud Server Exposes 95 Million Email Records

Online scams, apps and trends to be aware of during the pandemic

Putting zero trust into action

Reducing the risk of email attacks

Review raises questions over Cabinet Office’s handling of personal data

SBTech ordered to set aside $30m to settle hacking claims

Travelex paid the ransom, breach investigation still underway

US Senate, German government tell staff not to use Zoom

Vianet’s customer data compromised with latest leaks (with official statement)

Zoom faces federal scrutiny over data privacy concerns

8th April

95M records exposed on database belonging to marketing firm Maropost

BlackBerry uncovers hacker tools that it says opened data servers for a decade

Can fingerprint authentication on smartphones be fooled with 3D printing?

Cybercriminals are living the dream – here’s how to stay safe

Cybersecurity prevention can save your company $682K

Dark_nexus botnet outstrips other malware with new, potent features

Data breach: Repubblika, Daphne Caruana Galizia Foundation file judicial protest

Data on 600,000 Email.it users for sale on dark web after email provider refuses to pay bounty

Data Protection and the Pandemic: What We Can Learn for Future Policy

Email.it data breach exposes 600,000 users

FBI warns of a phishing uptick as hackers latch on to coronavirus

Fraudster Puts Statue of Unity on Sale to Raise Pandemic Relief Fund

Hackers selling data of 600,000 Email.it customers on the Dark Web

How a Reactive Mindset Is a Threat to Data Security

Judicial protest filed over massive data breach

Less than half of businesses provide cybersecurity training

"Major systemic failure”: The Federal Court of Australia published full names of asylum seekers on the Commonwealth Courts Portal

Marketing giant Maropost exposes 95 million email records and doesn’t seem to care about it

Merchants Face An Increase In Cybersecurity Threats During COVID-19

Nearly 389,000 patients affected in March-reported breaches

Potential data breach reported at Colorado Mental Health Institute

Researchers use 3D-printed fingerprints to unlock an iPhone8, laptops

Shipbuilder Austal was hacked with stolen creds sold on dark web

Social Engineering Attacks: A Look at Social Engineering Examples in Action

The CSI Effect Comes to Cybersecurity

This is why the vicious xHelper malware resists factory wipes and reboots

University of Warwick hiding data security risks from students and staff

Vianet’s Data Breach Exposes More Than 170,000 Customers Personal Data

Video Calling Service Zoom Sued by Own Stakeholder For Not Revealing Privacy, Security Breach

Wawa says data breach affected thousands over 10 months

Working From Home and the Impact on Data Protection

Zoom sued over security lapses as stock slides

7th April

3 Proven Steps to Protect Your Data From Online Data Aggregators

37% of Businesses Expect to Grow by Investing in Cybersecurity

Cybersecurity vital during lockdown

Data of 600,000 email users up for sale on dark web

DDoS attacks took down Italy’s social security website amid COVID-19 crisis

Domain name registrar suspends 600 suspicious coronavirus websites

Drug testing firm sends data breach alerts after ransomware attack

Email provider got hacked, data of 600,000 users now sold on the dark web

Europol arrests man for coronavirus business email scam peddling masks, sanitizer

FBI Warns of a Sudden Rise in BEC Attacks Due to Coronavirus

Human errors account for 60% of all cyber-attacks

Network Segmentation: The First Line of Defense

New Ransomware Innovations Bring Shame

No COVID-19 Respite: Ransomware Keeps Pummeling Healthcare

Over 350,000 Microsoft Exchange servers still open to flaw that's under attack

Payments Processor nCourt Left Years Of Data Exposed

Phishing and Malware Attacks Against NASA Employees Have Doubled

Stockdale Radiology Is Circulating Notices About a Data Breach

Taiwan instructs government agencies not to use Zoom

These hackers have been quietly targeting Linux servers for years

UAE’s federal entities witness 11% jump in cyber attack attempts in March

UK Businesses Could Make Huge Savings on Cybersecurity Services

What is phishing? How this cyber attack works and how to prevent it

Zero in on Zero Trust

6th April

5 critical issues cybersecurity teams face with COVID-19

A Round-up of Data Breaches in March 2020

Algerian petroleum Joint Venture hit by Maze ransomware, data posted online

Australia on the cyber offence to bring down COVID-19 scammers

Australian Digital Health Agency reveals two 'probable' instances of Medicare fraud

Australian government advice on how to avoid coronavirus-related scams and cyber threats

BA and Marriott get GDPR fine reprieve

Battling cloud breaches requires a new type of 'privilege'

Beyond Zoom: How Safe Are Slack and Other Collaboration Apps?

Common Flaws Discovered in Penetration Tests Persist

Coronavirus-related cyberattacks surge in Brazil

Cyber criminals are trying a new trick to cash in on Zoom's popularity

DarkHotel hackers use VPN zero-day to breach Chinese government agencies

Data Thieves Hit California Property Management Company

Docker Users Targeted with Crypto Malware Via Exposed APIs

DoJ: Zoombombing Could Land You Behind Bars

Facebook’s official Twitter and Instagram accounts were hacked

Fake Zoom installers being used to distribute malware

Files sent to wrong address among large rise in data breaches

Hackers’ forum hacked, OGUsers database dumped (again)

Here's How an Automated Dialer Can Easily Find and Hack Your Zoom Meeting

If You Use the Key Ring App, Update Your Account Security Now

Interpol: Ransomware attacks on hospitals are increasing

Maze ransomware group hacks oil giant; leaks data online

Remote working has increased risk of a cyber breach, say businesses

Royal Bahamas Police Probe Patient Data Leak

Small business owners applying for COVID-19 relief may have had PII exposed, agency says

Tracking GDPR Fines

What Morrisons means for vicarious liability

Why healthcare cyber risk management is more important than ever

Zoom Blow as Thousands of User Videos Are Found Online

Wednesday, 1 April 2020

Global Data Breaches - March 2020

March 2020 saw another 67 Data Breaches reported which accounted for 832 Million Data Records reported compromised.

Although March's total amount of Data Breaches reported was down by over 36% from last month, the total amount of Data Records reported compromised is up by over 31% from last month.

The hardest hit sectors continue to be Education, Healthcare and the Public Sector, accounting for over 56% of total Data Breaches reported this year, and likewise the most breach types continue to be Cyber Attack, Internal Error and Ransomware, accounting for over 66% of total Data Breaches reported this year.

Currently this takes the yearly totals so far to 233 Data Breaches reported and 2.9 Billion Data Records reported comprised as of the end of March 2020.

Download PDF



Data Source: IT Governance.