Business Continuity Incidents: Data Breaches
The leakage of sensitive information, although it may not actually cause a disruption of operational activities can quickly develop into a reputational and regulatory crisis and therefore business continuity plans and particularly incident or crisis management plans should accommodate this . In this section of the incident log, we highlight some of the most significant data breaches that have occurred over the past years.
In all cases database misconfiguration facilitated the breaches
Personal information of almost 400,000 UK-based BMW customers is reportedly being auctioned on an online black market, according to Tel Aviv-based darknet intelligence experts KELA.
Hackers at a group called KelvinSecurity Team have gained access to a BMW customer database and listed it for sale on an underground forum used by cybercriminals
UntityPoint, a US based healthcare provider, following a two year legal case agrees to a $2.8 million settlement for customers who may have been affected by their data breach. The settlement equates to $1000 per class member.
The Maine Information and Analysis Center (MIAC), a unit of the Maine State Police already under intense scrutiny after allegations of surveillance abuses, has suffered a significant data breach.
Personal data of an estimated 100,000 social media influencers has been accessed and partially leaked following a breach at social media marketing firm Preen.Me, Risk Based Security has discovered. The same breach has also led to more than 250,000 social media users having their information fully exposed
EasyJet Plc faces a lawsuit over a data breach disclosed last month that potentially exposed private details of 9 million passengers
Cyber thieves are offering for sale more than 1.3 million user records from the free-to-play Stalker Online MMO game on dark web marketplaces.
The data leak was discovered by the team overseeing the dark web-monitoring project
Healthcare provider American Medical Technologies (AMT) announced it has suffered a data breach affecting almost 50,000 patients
Digital health provider Babylon Health acknowledged that its video appointment application, aimed at general practitioners, suffered a data breach.
Twitter has emailed its business clients to tell them that personal information may have been compromised.
Unbeknownst to users, billing information of some clients was stored in the browser's cache, it said.
A massive cyber attack hit Australian Government and businesses last week which is reported to be handiwork of a nation-state backed hacking group and China is top on the suspect list
‘BlueLeaks’ Exposes Files from Hundreds of Police Departments
Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed “BlueLeaks” and made searchable online, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals
The recent high-profile cyber attack that struck British budget airline easyJet may have been carried out by Chinese hackers
According to researchers, sensitive and confidential documents have been obtained from Westech International, a US military nuclear missile contractor, after a cyberattack. Experts believe the cyberattack was likely the work of threat group Maze, a well-known and sophisticated group.
Life Healthcare, a South African healthcare provider, is investigating a cyber-attack that targeted some of the group’s IT systems. Life Healthcare said it immediately took systems offline as it sought to contain the incident. “The extent to which sensitive data has been compromised is yet to be ascertained, as we are still in the process of investigating,” the organization said.
South Africa’s Postbank has suffered a major data breach, forcing the financial institution to replace 12 million bankcards after rogue employees stole its 36-digit master key.
Where financial information is concerned, remediation costs for data breaches can be significant
US department store giant Macy's has agreed to pay almost $200,000 to settle a lawsuit brought over a data breach
Online stationery and craft marketplace Minted Inc. has been sued in a class action under California’s new consumer privacy law.
Even when the breach is fixed - the issues do not go away, especially if there are legal and regulatory considerations
The University of Utah Health fell victim to a phishing scheme in which an outside party accessed patient information such as birthdates and clinical information through employee emails, the organization announced Friday
Phishing is a favourite attack method by cyber criminals and can be used to perpetrate several different kinds of cyber crime and attack
Singapore-based ST Engineering Aerospace's United States subsidiary has suffered a massive ransomware attack, resulting in the exposure of confidential data such as contract details with various governments, government-related organisations and airlines.
It's not just personal information that can be leaked in a data breach. Sensitive commercial information can also be exposed
Conduent, which says it provides services (including HR and payments infrastructure) for “a majority of Fortune 100 companies and over 500 governments”, was hit on Friday, May 29. Conduent’s European operations experienced a service interruption on Friday, May 29, 2020. Our system identified ransomware, which was then addressed by our cybersecurity protocols.
This data breach shows the importance of patching could have prevented data exfiltration and also how well developed data restoration capabilities can reduce the downtime that can be experienced in a ransomware attack
A major gaming company leaks personal information
This article highlights some of the financial measures that may need to be incorporated into Business Continuity Plans for remediation of data breaches
Content management software supplier is hit by a data breach caused by weak configuration of it's Amazon Web Service facilities.
Although preventable, human error can cause a data breach. Regardless of the root cause the situation must be management and a predefined responses contained in the crisis management process associated with your business continuity plan
Aveanna Healthcare is facing a class-action lawsuit filed by more than 100 patients impacted by a month-long data breach from 2019. Over 166,000 patients were affected by the security incident, which breach victims claim was caused by inadequate security
An indication of how a data breach can have long-term effects which can be difficult to anticipate and reflect in crisis and business continuity plans.
The National Railroad Passenger Corporation (Amtrak) has disclosed a data breach that may have resulted in the compromise of customer personally identifiable information
Data Breaches can create a major reputational crisis. Although there may be no physical damage to the organisation, business continuity AND crisis management plans need to consider reputational as well as physical damage
Payment App Data Breach Exposes Millions of Indians' Data
A major data breach at mobile payment app Bharat Interface for Money (BHIM) has exposed the personal and financial data of millions of Indians.
Whether a deliberate attack or human oversight business continuity and crisis management plans need to address the impacts of data breaches
Software "Glitch" Creates Data Breach for Health Care App Vendor
Software design flaws can expose confidential information. although prevention is better than cure a good Crisis Management plan can help to manage reputational risks
Business Continuity Plans should be supported by strong Crisis Management capabilities
Security weaknesses at a third party providing hosting services can create a data breach that puts you in the firing line
Business Continuity Plans should be supported by Crisis management procedures to deal with the adverse publicity that can occur