Editor's Message

Welcome to DBD. On March 8th 2026, DBD celebrated it's sixth anniversary and PRiSM celebrated it's third anniversary. Both projects have made a huge impact on my life and I'd like to thank each and everyone of you who have supported me, with special thanks to those individuals and communities who have helped me build up my knowledge on cybercrime and ransomware over the years. Thanks again for all your continued support. Stay safe. :)


“Data Breaches Digest and its PRiSM portal provide Dentons Global Security Team with valuable insights into the ransomware landscape, from the latest incidents to trends over time, as well as the ability to customize visual analytics. Timely reports and tracking by Data Breaches Digest help inform cyber intelligence for the world’s largest law firm and thus our cybersecurity posture across more than 80 countries worldwide.”
Dentons Senior Analyst, Washington D.C.



Monday, 9 March 2020

Data Breaches Digest - Week 11 2020

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 9th March and 15th March 2020.


15th March

Smart home developers raise concerns about Alexa and Google Assistant security

14th March

Browser vendor leaks data via open server

How To Maintain Data Security When Staff Is Working From Home

How to Protect Your Business

HSBC say VoiceID saved almost £400m from fraudsters in 2019

Internet Crimes on the Rise: Virtual currency saw the largest percentage increase; others include extortion, lottery, social media, and personal data breaches

Top 10 internet crimes you need to know about

Urgent care walk-in centers in Texas and Florida suffer cyberattacks

13th March

Amazon Is Selling Its Cashierless Checkout to Other Stores — What Happens to the Data?

Arkansas provider alerts 15,000 patients of ransomware attack

Avoid coronavirus scams: What you need to know

Confessions app Whisper spills almost a billion records

Coronavirus: How hackers are preying on fears of Covid-19

CovidLock: Mobile Coronavirus Tracking App Coughs Up Ransomware

Czech hospital hit by cyberattack while in the midst of a COVID-19 outbreak

Data centre ‘incident’ adds to Eskom’s woes

DPC warning on ‘quick-fix’ solutions

European Electricity Association Confirms Hackers Breached its Office Network

Europol takes down SIM-swap hacking rings responsible for theft of millions of euros

February-reported breaches affect 1.4 million patients

For Sale: Card Data From Online Stores Using Volusion

Hackers pounce as coronavirus spread triggers work-at-home movement

Henry Mayo Newhall Hospital Fires Employees for Snooping on Medical Records

Homeland Security sued over secretive use of face recognition

How to Secure Online Payments on Mobile Devices

It’s 10 o’clock, do you know where your data is?

Microsoft releases emergency patch for critical SMB vulnerability in Windows 10 and Windows Server

New York health system back online following ransomware shutdown

North Carolina: Randleman Eye Center Discloses Malware Attack

Oklahoma Accused of Negligence in Massive Data Breach

Open-source security: This is why bugs in open-source software have hit a record high

Parking payment app hit by ransomware attack

PCI Security – why it’s declining globally

Political campaigns and your personal data

Princess Cruises, hobbled by the coronavirus, admits data breach

Princess Cruises Confirms Data Breach

Radio.com users affected in data breach

Scams, Fraud and Misinformation: How Cybercriminals are Taking Advantage of Coronavirus

State-sponsored hackers are now using coronavirus lures to infect their targets

Sunshine Behavioral Health Group Faces Class Action Under CCPA After Data Breach Affecting 3,500 Patients

Tor team warns of Tor Browser bug that runs JavaScript on sites it shouldn't

UK Data Privacy Compliance: Lessons from the ICO’s First Fine

Using advanced machine learning for adaptive fraud prevention

Why Cybersecurity Insurance Should Complement Your Information Security Policies And Practices

12th March

60% of Company Security Breaches Caused by Human Error

Advanced Russian Hackers Use New Malware in Watering Hole Operation

Amid coronavirus scare, ransomware targets public health agency in Illinois

Analytics firm’s VPN and ad-blocking apps are secretly grabbing user data

Applying the 80/20 rule to cloud security

Australia data breach: 90,000 staff, students, suppliers impacted at Melbourne Polytechnic

Beware of What You Download! Tech Giants Sought Lawmakers Help to Protect Data From Health Apps

Can retailers win consumers with voice technology?

Card data from the Volusion web skimmer incident surfaces on the dark web

Cookiethief Android malware uses proxies to hijack your Facebook account

Crooks use weaponized coronavirus map to deliver malware

Cybercriminals raking in $1.5 trillion every year

Cybersecurity Needs a Layered Approach to Stay Ahead of Attackers

Cybersecurity Trends in 2020 & the Threats Facing the Industry

Data of millions of eBay and Amazon shoppers exposed

Dell: Cost of data loss per organization surpassed $1M in the past year

DHS Warns APT Attackers Exploiting Microsoft Exchange Server Flaw

DoppelPaymer Ransomware Ups the Threat Level by Posting Victim’s Data Publicly If They Don’t Pay

Employees working from home to avoid coronavirus? Protect your data

Excessive permissions biggest threat to cloud security

Facebook cookie-stealing trojans surface on Android devices

Google Will Appeal Latest GDPR Fine

Hacking a network, using an ‘invisibility cloak’ – Is it that simple?

How to delete yourself from the internet

ICO Fines: When Is An Appeal Appealing?

Lawsuit filed against Dept. of Securities over massive data breach

Majority of businesses in SEA aim to improve IT security

Microsoft discontinues RDCMan app following security bug

Microsoft patches SMBv3 wormable bug that leaked earlier this week

Nearly 300 cybersecurity incidents impacted supply chain entities in 2019

Necurs zombie botnet disrupted by Microsoft

New Report Shows Breach Costs Continuing to Grow

Open Source Push Highlights Security Flaws

Open source vulnerabilities increase almost 50 percent in 2019

Payment Data From 2019 Volusion Hack Appears On Dark Web

Phishing attacks exploit YouTube redirects to catch the unwary

Shared Responsibility in Data Security

Startups: Your Most Valuable Asset in the Long Run Will Be Your Customers’ Trust

The Biggest Data Breaches and GDPR Fines – Google Tops the List

This free service shows who has your data—and helps you delete it

Two-Thirds of Healthcare Organizations Have Suffered a Security Incident

Unsecured database exposes 76,000 fingerprints

Vulnerabilities Patched in Popup Builder Plugin Affecting over 100,000 Sites

Web Application Security at Every Stage of the SDLC

What’s the best approach for ethical data use?

Will 5G Implementation Lead to an Increase in Ransomware Attacks?

Wireless SoCs Get Hardware Security

World is at permanent cyber war say security professionals

Wyoming hospital alerts patients of phishing attack

11th March

5 ways to stay avoid phishing lures

75% of Healthcare Organizations Globally Have Experienced Cyberattacks

100 data breaches by the UK Home Office

Are You Ready for a Data Breach?

Avast disables the JavaScript engine component due to a severe issue

Brazil: Millions of Records Leaked, Including Biometric Data

Clearview AI Data Breach Exposes Facial Recognition Firm’s Client List

Crafty Web Skimming Domain Spoofs “https”

Data Breach Enforcement in the UK and in the EU: Cross-Border Issues

Data breaches trend upward for 2019

'Data localisation won't help with cyber security,' say cyber security professionals, researchers

Dutch government loses hard drives with data of 6.9 million registered donors

European electricity association warns of office network breach

Fantasies of 900 million Whisper users exposed in yet another data breach

February sees huge jump in exploits designed to spread Mirai botnet

Government withholding information in data breach

Hackers are working harder to make phishing and malware look legitimate

Health Provider Sued for Failing to Safeguard Patient Data

How to prevent the data breach that keeps on happening

Israeli spyware company accused of WhatsApp hack: Facebook lied in lawsuit

Keeping Data Secure in the Always-On World

Local governments: Don't pay ransoms to hackers

Media and e-commerce brands are top targets for phishing attacks

Microsoft takes down global zombie bot network

Modern RAM used for computers, smartphones still vulnerable to Rowhammer attacks

Nearly 60% of Security Professionals Trust Cybersecurity Findings Verified by Humans over AI

Northeast Radiology Sends Notification of Data Security Incident

Ransomware attacks on healthcare facilities spike 350%

Redefining Bot Detection: Why Identity Matters

Safeguarding Healthcare for the Future With Zero Trust Security

University of Hertfordshire avoids data breach action by UK watchdog

What is cryptojacking (with examples) and how do you stop it?

Whisper, an anonymous secret-sharing app, failed to keep messages or profiles private

Why are governments so vulnerable to ransomware attacks?

Why hackers are more persistent than security teams

10th March

8 million UK shopping records exposed on the web, customers’ personal info leaked

Apple, Samsung, Google get letter from lawmakers to protect data from period tracker apps

ASD teamed up with GCHQ for stolen credit card crackdown

Avast AntiTrack certificate bug allowed others to snoop on your online activities

Bank’s voice ID system detects record number of fraud attempts

Coronavirus 'fake news' Twitter accounts shut down

Cyber hackers demand $30m from ‘major international company’ with office in Perth

Cyber Security Trends: Tips from recent UK enforcement - Part 1

Cybersecurity Has A People Problem

Details about new SMB wormable bug leak in Microsoft Patch Tuesday snafu

Durham City and County services targeted in cuber attack, 80 servers taken offline

FBI arrests Russian behind Deer.io, a Shopify-like platform for cybercrime

Following Data Breach, In-House Counsel Should Review Company Email Policies

GDPR: Is it time for the ICO to get tough?

Google data puts innocent man at the scene of a crime

Hackers impersonate Vanderbilt University Medical Center to lure victims in phishing attacks

Hackers using fake HIV test results, coronavirus emails to target healthcare companies

How poor IoT security is allowing this 12-year-old malware to make a comeback

Human Error Linked to 60% of Security Breaches

Intel CPUs vulnerable to new LVI attacks

Intel's data center CPUs vulnerability could lead to "devastating" attacks

IoT Security Market is Projected to Grow From USD 8,472.19 Million to USD 73,918.82 Million by 2026 With a CAGR of 31.20% - Valuates Reports

IT Vs. The Big Phish: Study Finds Split On Security Risk

It’s 2020 and Only 20% of Companies Are Ready for a Ransomware Attack

Microsoft March 2020 Patch Tuesday fixes 115 vulnerabilities

Microsoft orchestrates coordinated takedown of Necurs botnet

Microsoft shares nightmare tale: 6 sets of hackers on a customer's network

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

New cybersecurity legislation – ‘password123’ is illegal?

NSW govt pledges to introduce mandatory data breach reporting

Password managers: A little pain for a lot of security

Passwords Remain the Main Method of Authentication and Top Cause of Data Breaches

Poor Rowhammer Fixes On DDR4 DRAM Chips Re-Enable Bit Flipping Attacks

Privacy and Data Security Alert - March 2020

Securing customer data in a digital world filled with threats

Securing the PII ‘crown jewels’ of health IT systems

Sextortion hackers use 'friend's naked girlfriend' lure

Stop saying employees are the weakest link in cybersecurity

The Necessary Evolution of SecOps to DevSecOps

This ransomware campaign has just returned with a new trick

Thousands of Malaysian credit card details leaked in massive breach

U.S. Ex-Inspector General Indicted for Stealing Data on 250,000 DHS Employees

Verizon Business adds biometrics to cybersecurity solution portfolio

Watchdog Finds Security Weaknesses in NIH's Records System

What’s Driving Identity Access Management in 2020?

Why a risk-based approach to application security can bolster your defenses

Why the Wawa Data Breach Serves as a Warning That “Good Enough” is Never Enough

Years-long campaign targets hackers through trojanized hacking tools

9th March

5 Data Security Errors That Can Break Your Business

2020: The Year of Mobile Sneak Attacks?

A Philly lawyer nearly wired $9,000 to a stranger impersonating his son’s voice, showing just how smart scammers are getting

A Round-up of Data Breaches in February 2020

An introduction to cyber security and data protection

Australia Sues Facebook For Data Breach Of 300K Citizens In Cambridge Analytica Case

Australia vs Facebook as Privacy commissioner launches Federal Court action

Biometrics and new standards – the key to digital security

Brave to generate random browser fingerprints to preserve user privacy

Cambridge Analytica: Australia takes Facebook to court over privacy

Cathay Pacific fined £500,000 after "brute force" data breach

Cyberattackers are delivering malware by using links from whitelisted sites

Dump your passwords, improve your security. Really

Eckert Seamans lawyer warns about voice fakers after he nearly wired $9K to scammer

Eight Best Practices For Avoiding Data Breaches

Fort Worth ISD Hacked, Joining Other Texas Schools, Towns Hit By Ransomware Attacks

From Facebook to Marriott: the biggest data breach fines companies have had to pay

Healthcare Providers Lose an Average $2.75 Million per Data Breach

Holistic Cybersecurity a Must for the Healthcare Industry

Infographic: Cyber Attacks and Data Breaches of 2019

Inside the Insider Threat

Insurance provider alerts members of phishing attack

IoT May be a Hacker’s Delight, Both Inside and Out

Is Enterprise Password Death Really Inevitable?

It’s not a breach… it’s just that someone else has your data

Many companies still lacking in data breach readiness

Microsoft Edge has more privacy-invading telemetry than other browsers

Millions of UK businesses experience data breaches due to employee error

Mobile malware: Hidden apps give cyber criminals a sneaky backdoor

Multiple nation-state groups are hacking Microsoft Exchange servers

NordVPN HTTP POST bug exposed customer information, no authentication required

Oh, you won an award? Don't click that vanity scam spam link

Passwords belong in time capsules, not IT ecosystems

Phishing: Google just made it easier to use 2FA to secure your accounts

Policy Management: Choosing the Right Data Privacy Software, Part 1

Report: 267 million Facebook users IDs and phone numbers exposed online

Spying concerns raised over Iran's official COVID-19 detection app

Take These 4 Steps to Protect Yourself After a Data Breach

Two-factor authentication isn't as secure as you might expect

UK regulator fines Cathay Pacific £500k for data breaches

Sunday, 8 March 2020

Data Breaches Digest - Week 10 2020

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 2nd March and 8th March 2020.


8th March

250,000+ Login/Passwords Leaked in The Trident Crypto Fund Data Breach

Computer systems at University of Kentucky and UK HealthCare hobbled by massive, month-long cyber attack

Coronavirus Sets Up Accelerated Push to Cloud for Cybersecurity Industry

Data breach fines set to rocket after limit is lifted - with some hitting hundreds of millions

7th March

AMD processors from 2011 to 2019 vulnerable to two new attacks

Redcar council excludes public from cyber-attack discussion

Singapore, Malaysia credit card details dumped online in massive data breach

6th March

53% of hospitals faced cyberattacks, but few have plans to respond to phishing attacks

Arkansas Children's Hospital reboots IT system after cyberattack

Behind the Crime: New Phishing Attack Launched Every Two Minutes

Brazilian security firm leaks more than 25 GB of client and staff data

Catches of the month: Phishing scams for March 2020

Charities report 102 data breaches in the third quarter of 2019-20

Data breach: U.S. retailer J.Crew reveals 2019 security incident to customers

Former DHS official charged with theft of confidential government software, databases

Microsoft: 99.9% of compromised accounts did not use multi-factor authentication

Nasty phishing scams aim to exploit coronavirus fears

One billion Android devices at risk of hacking

Ransomware: These sophisticated attacks are delivering ‘devastating’ payloads, warns Microsoft

Security Researcher Publishes Details About Zero-Day Vulnerability in Zoho Enterprise Product

T-Mobile's Data Breach Exposes Customer's Data and Financial Information

Virgin Media breach 'linked customers to porn'

5th March

Access Control: Don’t Give Cybercriminals the Keys to Your Business

Americans worry more about identity theft than being murdered

Backdoor malware is being spread through fake security certificate alerts

Boots Advantage Card hit by cyber attack

Brazil ranks third in email security threats

Chinese hackers use decade-old Bisonal Trojan in cyberespionage campaigns

Cruise Operator Carnival Corporation Discloses Cyber Attack

Defense contractor CPI knocked offline by ransomware attack

Facebook sues Namecheap to unmask hackers who registered malicious domains

How to maintain safe cybersecurity practices while transitioning workers from the office to remote workstations

Loyalty program fraud targets 600,000 Tesco shopper accounts

Malicious Chrome extension caught stealing Ledger wallet recovery seeds

Malta-based crypto-fund suffers data breach; 10K user records affected

Microsoft subdomains hijacked following DNS security blunder

Mimecast tracks growing Malware-as-a-Service trend in analysis of 202 billion emails

New Report: A Profile into Kilos, New Search Engine for the Dark Web

One of Roman Abramovich's companies got hit by ransomware

Quest Diagnostic finalizes data breach settlement

Ryuk ransomware hits Fortune 500 company EMCOR

T-Mobile says hacker gained access to employee email accounts, user data

US property and demographic database of 200 million records leaked on the web

Virgin Media data breach affects 900,000 people

Virgin Media exposes data of 900,000 users via unprotected marketing database

West Suffolk Hospital apologises after dog walker finds medical records in nature reserve

Why Ethical Hacking? (The What and Why of Ethical Hacking)

4th March

4 essential things security experts do to protect their own data

5 recent data breaches caused by human error

2019 proves a bumper year for cyber attacks

Cathay Pacific hit with £500,000 fine for customer data breach

Citrix vulnerability used for potential Defence recruitment database access

Cyberattackers hack Wellington school’s computer system

Cybercriminals are Increasingly Turning to Ransomware as a Secondary Source of Income

Cybercriminals Increasingly Harnessing Stolen Identity Data to Launch Global Attacks

Fears private details of Defence Force members compromised in database hack

Indiana hospital alerts 2,600 patients of human error data breach

International airline fined £500,000 for failing to secure its customers’ personal data

Number of spoof attempts on domains drops to "near zero" within months of DMARC enforcement

Number of Student Data Breaches, Ransomware Attacks Nearly Triple in Last Year

State-by-state breakdown of ransomware attacks on healthcare providers

T-Mobile customers notified of breach

These are the first passwords hackers will try when attacking your device

Warning over 'hidden apps' as mobile malware attacks increase - and get sneakier

3rd March

7 security tips for IoT systems

Almost half of mobile malware are hidden apps

Casinos in Las Vegas Hit by Suspected Ransomware Attack

Chinese security firm says CIA hacked Chinese targets for the past 11 years

Consumers urged to secure internet connected cameras

CrowdStrike's 2020 Threat Report: Spammers fine-tune email thread hijacking

Cybercriminals and drug cartels are spreading malware and stealing financial information in Latin America

Data Breach Affects Princess Cruises, Holland America Line Guests

Data security: 5 problems and solutions

Do these three things to protect your web security camera from hackers

Hospitals should employ 1-10-60 rule to counter cyberattacks

Legal services giant Epiq Global offline after ransomware attack

'Malware-free' attacks now most popular tactic amongst cybercriminals

Missouri: Detectives investigate data breach at Jefferson County School District

Phishing scams: Big jump in complaints about phoney calls and texts

SpaceX Contractor Hit by Data Breach

Surge in Attacker Access to Privileged Accounts and Services Puts Businesses at Risk

Woman scammed out of £95,000 after her solicitor was hacked

2nd March

5G and IoT security: Why cybersecurity experts are sounding an alarm

23 cybersecurity incidents in February

Alinta Energy accused of putting customers' sensitive information at risk

Computer Scientists’ New Tool Fools Hackers into Sharing Keys for Better Cybersecurity

Credit score builder Loqbox hit by data breach

Hackers are actively exploiting zero-days in several WordPress plugins

Hawaii health system notifies 2,900 patients of email mix-up

Increased security investments aren't stopping data breaches

Leaked: 146 million records relating to users of railway Wi-Fi exposed online

Phishing: Leading targets, breaking myths, and educating users

Ransomware victims are paying out millions a month. One particular version has cost them the most

Simon Fraser University hit by ransomware attack, resulting in data breach

Spartanburg School District One's computer network hit by ransomware attack

Survey: Despite new tactics, companies still face challenges implementing cybersecurity measures

Swiss government submits criminal complaint over CIA Crypto spying scandal

Tesco sends security warning to 600,000 Clubcard holders

This phishing email contains a password-protected file. Don't open it

UK Home Office breached GDPR 100 times through botched management of EU Settlement Scheme

US charges two Chinese nationals for laundering cryptocurrency for North Korean hackers

‘Vulnerable’ iOS Cut-and-Paste Data in iPhone or iPad Devices

Walgreens Announces its Mobile App Leaks Personal Data

Global Data Breaches - February 2020

February 2020 saw another 105 Data Breaches reported which accounted for 632 Million Data Records reported compromised.

Although February's total amount of Data Breaches reported is up by over 72% from last month, the total amount of Data Records reported compromised was down by over 57% from last month.

The hardest hit sectors continue to be Education, Healthcare and the Public Sector, accounting for over 57% of total Data Breaches reported this year, and likewise the most breach types continue to be Cyber Attack, Internal Error and Ransomware, accounting for over 63% of total Data Breaches reported this year.

Currently this takes the yearly totals so far to 166 Data Breaches reported and 2.1 Billion Data Records reported comprised as of the end of February 2020.

Download PDF



Data Source: IT Governance.


Global Data Breaches - January 2020

January 2020 saw another 61 Data Breaches reported which accounted for 1.5 Billion Data Records reported compromised.

Although January's total amount of Data Breaches reported is down by over 32% from last month, the total amount of Data Records reported compromised was up by over 139% from last month.

The hardest hit sectors continue to be Education, Healthcare and the Public Sector, accounting for over 52% of total Data Breaches reported this year, and likewise the most breach types continue to be Cyber Attack, Internal Error and Ransomware, accounting for over 62% of total Data Breaches reported this year.

Download PDF



Data Source: IT Governance.