Business Continuity Incidents: Data Breaches

The leakage of sensitive information, although it may not actually cause a disruption of  operational activities can quickly develop into a reputational and regulatory crisis and therefore business continuity plans and particularly incident or crisis management plans should accommodate this . In this section of the incident log, we highlight some of the most significant data breaches that have occurred over the past years.  

Data leaks and privacy breaches discovered on 5 different dating apps

In all cases database misconfiguration facilitated the breaches

500,000 BMW, Mercedes and Hyundai owners hit by massive data breach

Personal information of almost 400,000 UK-based BMW customers is reportedly being auctioned on an online black market, according to Tel Aviv-based darknet intelligence experts KELA.

Hackers at a group called KelvinSecurity Team have gained access to a BMW customer database and listed it for sale on an underground forum used by cybercriminals

Healthcare provider agrees to $2.8 million settlement following data breach

UntityPoint, a US based healthcare provider, following a two year legal case agrees to a $2.8 million settlement for customers who may have been affected by their data breach. The settlement equates to $1000 per class member.

Data breach exposes activities of police intelligence agency

The Maine Information and Analysis Center (MIAC), a unit of the Maine State Police already under intense scrutiny after allegations of surveillance abuses, has suffered a significant data breach.

 

350,000 Social Media Influencers and Users at Risk Following Data Breach

Personal data of an estimated 100,000 social media influencers has been accessed and partially leaked following a breach at social media marketing firm Preen.Me, Risk Based Security has discovered. The same breach has also led to more than 250,000 social media users having their information fully exposed

10,000 People Join Lawsuit Against EasyJet for Massive Data Breach

EasyJet Plc faces a lawsuit over a data breach disclosed last month that potentially exposed private details of 9 million passengers

Hacker Sells Over 1.3 Million User Records of Popular Stalker Online MMO Game

Cyber thieves are offering for sale more than 1.3 million user records from the free-to-play Stalker Online MMO game on dark web marketplaces.

The data leak was discovered by the team overseeing the dark web-monitoring project 

AMT healthcare data breach impacts nearly 50,000 patients

Healthcare provider American Medical Technologies (AMT) announced it has suffered a data breach affecting almost 50,000 patients

Babylon Health hit by major data breach

Digital health provider Babylon Health acknowledged that its video appointment application, aimed at general practitioners, suffered a data breach.

Twitter apologises for business data breach

Twitter has emailed its business clients to tell them that personal information may have been compromised.

Unbeknownst to users, billing information of some clients was stored in the browser's cache, it said.

Australia hit by massive cyber attack, Chinese hackers suspected

A massive cyber attack hit Australian Government and businesses last week which is reported to be handiwork of a nation-state backed hacking group and China is top on the suspect list

 

‘BlueLeaks’ Exposes Files from Hundreds of Police Departments
Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed “BlueLeaks” and made searchable online, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals


EasyJet Cyber Attack Likely the Work of Chinese Hackers

The recent high-profile cyber attack that struck British budget airline easyJet may have been carried out by Chinese hackers

Cyber-Attack Hits US Nuclear Missile Sub-Contractor

According to researchers, sensitive and confidential documents have been obtained from Westech International, a US military nuclear missile contractor, after a cyberattack. Experts believe the cyberattack was likely the work of threat group Maze, a well-known and sophisticated group.

South African healthcare provider hit by cyber-attack

Life Healthcare, a South African healthcare provider, is investigating a cyber-attack that targeted some of the group’s IT systems.  Life Healthcare said it immediately took systems offline as it sought to contain the incident. “The extent to which sensitive data has been compromised is yet to be ascertained, as we are still in the process of investigating,” the organization said.

South Africa’s PostBank is Replacing 12 Million Bank Cards After Major Security Breach

South Africa’s Postbank has suffered a major data breach, forcing the financial institution to replace 12 million bankcards after rogue employees stole its 36-digit master key.

Where financial information is concerned, remediation costs for data breaches can be significant

Macy's Pays $192,000 to Settle Data Breach Suit

US department store giant Macy's has agreed to pay almost $200,000 to settle a lawsuit brought over a data breach

Californian Business Sued Over Data Breach 

Online stationery and craft marketplace Minted Inc. has been sued in a class action under California’s new consumer privacy law.

Even when the breach is fixed - the issues do not go away, especially if there are legal and regulatory considerations

University of Utah Health patient info was breached through ‘phishing schemes’

The University of Utah Health fell victim to a phishing scheme in which an outside party accessed patient information such as birthdates and clinical information through employee emails, the organization announced Friday

Phishing is a favourite attack method by cyber criminals and can be used to perpetrate several different kinds of cyber crime and attack

 

ST Engineering Aerospace's US subsidiary suffers massive data breach

Singapore-based ST Engineering Aerospace's United States subsidiary has suffered a massive ransomware attack, resulting in the exposure of confidential data such as contract details with various governments, government-related organisations and airlines.

It's not just personal information that can be leaked in a data breach.  Sensitive commercial information can also be exposed

 

IT Services Giant Conduent Suffers Ransomware Attack, Data Breach

Conduent, which says it provides services (including HR and payments infrastructure) for “a majority of Fortune 100 companies and over 500 governments”, was hit on Friday, May 29. Conduent’s European operations experienced a service interruption on Friday, May 29, 2020. Our system identified ransomware, which was then addressed by our cybersecurity protocols.

This data breach shows the importance of patching could have prevented data exfiltration and also how well developed data restoration capabilities can reduce the downtime that can be experienced in a ransomware attack

Nintendo Confirms Additional 140,000 Accounts Compromised in April Data Breach

A major gaming company leaks personal information

This article highlights some of the financial measures that may need to be incorporated into  Business Continuity Plans for remediation of data breaches

Joomla Data Breach

Content management software supplier is hit by a data breach caused by weak configuration of it's Amazon Web Service facilities. 

Although preventable, human error can cause a data breach. Regardless of the root cause the situation must be management and a predefined responses contained in the crisis management process associated with your business continuity plan

Aveanna Healthcare Faces Lawsuit Over Monthlong Data Breach

Aveanna Healthcare is facing a class-action lawsuit filed by more than 100 patients impacted by a month-long data breach from 2019. Over 166,000 patients were affected by the security incident, which breach victims claim was caused by inadequate security

An indication of how a data breach can have long-term effects which can be difficult to anticipate and reflect in crisis and business continuity plans

Amtrak discloses data breach, potential leak of customer account data

The National Railroad Passenger Corporation (Amtrak) has disclosed a data breach that may have resulted in the compromise of customer personally identifiable information

Data Breaches can create a major reputational crisis.  Although there may be no physical damage to the organisation, business continuity AND crisis management plans need to consider reputational as well as physical damage

Payment App Data Breach Exposes Millions of Indians' Data

A major data breach at mobile payment app Bharat Interface for Money (BHIM) has exposed the personal and financial data of millions of Indians.

Whether a deliberate attack or human oversight business continuity and crisis management plans need to address the impacts of data breaches

Software "Glitch" Creates Data Breach for Health Care  App Vendor

Software design flaws can expose confidential information. although prevention is better than cure a good Crisis Management plan can help to manage reputational risks

Business Continuity Plans should be supported by strong Crisis Management capabilities 

Canada’s Fitness Depot Blames ISP for Security Incident

Security weaknesses at a third party providing hosting services can create a data breach that puts you in the firing line

Business Continuity Plans should be supported by Crisis management procedures to deal with the adverse publicity that can occur

  • Twitter Social Icon
  • LinkedIn Social Icon