Business Continuity Incidents: Data Breaches
The leakage of sensitive information, although it may not actually cause a disruption of operational activities can quickly develop into a reputational and regulatory crisis and therefore business continuity plans and particularly incident or crisis management plans should accommodate this . In this section of the incident log, we highlight some of the most significant data breaches that have occurred over the past years.
Data leaks and privacy breaches discovered on 5 different dating apps
In all cases database misconfiguration facilitated the breaches
500,000 BMW, Mercedes and Hyundai owners hit by massive data breach
Personal information of almost 400,000 UK-based BMW customers is reportedly being auctioned on an online black market, according to Tel Aviv-based darknet intelligence experts KELA.
Hackers at a group called KelvinSecurity Team have gained access to a BMW customer database and listed it for sale on an underground forum used by cybercriminals
Healthcare provider agrees to $2.8 million settlement following data breach
UntityPoint, a US based healthcare provider, following a two year legal case agrees to a $2.8 million settlement for customers who may have been affected by their data breach. The settlement equates to $1000 per class member.
Data breach exposes activities of police intelligence agency
The Maine Information and Analysis Center (MIAC), a unit of the Maine State Police already under intense scrutiny after allegations of surveillance abuses, has suffered a significant data breach.
350,000 Social Media Influencers and Users at Risk Following Data Breach
Personal data of an estimated 100,000 social media influencers has been accessed and partially leaked following a breach at social media marketing firm Preen.Me, Risk Based Security has discovered. The same breach has also led to more than 250,000 social media users having their information fully exposed
10,000 People Join Lawsuit Against EasyJet for Massive Data Breach
EasyJet Plc faces a lawsuit over a data breach disclosed last month that potentially exposed private details of 9 million passengers
Hacker Sells Over 1.3 Million User Records of Popular Stalker Online MMO Game
Cyber thieves are offering for sale more than 1.3 million user records from the free-to-play Stalker Online MMO game on dark web marketplaces.
The data leak was discovered by the team overseeing the dark web-monitoring project
AMT healthcare data breach impacts nearly 50,000 patients
Healthcare provider American Medical Technologies (AMT) announced it has suffered a data breach affecting almost 50,000 patients
Babylon Health hit by major data breach
Digital health provider Babylon Health acknowledged that its video appointment application, aimed at general practitioners, suffered a data breach.
Twitter apologises for business data breach
Twitter has emailed its business clients to tell them that personal information may have been compromised.
Unbeknownst to users, billing information of some clients was stored in the browser's cache, it said.
Australia hit by massive cyber attack, Chinese hackers suspected
A massive cyber attack hit Australian Government and businesses last week which is reported to be handiwork of a nation-state backed hacking group and China is top on the suspect list
‘BlueLeaks’ Exposes Files from Hundreds of Police Departments
Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed “BlueLeaks” and made searchable online, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals
EasyJet Cyber Attack Likely the Work of Chinese Hackers
The recent high-profile cyber attack that struck British budget airline easyJet may have been carried out by Chinese hackers
Cyber-Attack Hits US Nuclear Missile Sub-Contractor
According to researchers, sensitive and confidential documents have been obtained from Westech International, a US military nuclear missile contractor, after a cyberattack. Experts believe the cyberattack was likely the work of threat group Maze, a well-known and sophisticated group.
South African healthcare provider hit by cyber-attack
Life Healthcare, a South African healthcare provider, is investigating a cyber-attack that targeted some of the group’s IT systems. Life Healthcare said it immediately took systems offline as it sought to contain the incident. “The extent to which sensitive data has been compromised is yet to be ascertained, as we are still in the process of investigating,” the organization said.
South Africa’s PostBank is Replacing 12 Million Bank Cards After Major Security Breach
South Africa’s Postbank has suffered a major data breach, forcing the financial institution to replace 12 million bankcards after rogue employees stole its 36-digit master key.
Where financial information is concerned, remediation costs for data breaches can be significant
Macy's Pays $192,000 to Settle Data Breach Suit
US department store giant Macy's has agreed to pay almost $200,000 to settle a lawsuit brought over a data breach
Californian Business Sued Over Data Breach
Online stationery and craft marketplace Minted Inc. has been sued in a class action under California’s new consumer privacy law.
Even when the breach is fixed - the issues do not go away, especially if there are legal and regulatory considerations
University of Utah Health patient info was breached through ‘phishing schemes’
The University of Utah Health fell victim to a phishing scheme in which an outside party accessed patient information such as birthdates and clinical information through employee emails, the organization announced Friday
Phishing is a favourite attack method by cyber criminals and can be used to perpetrate several different kinds of cyber crime and attack
ST Engineering Aerospace's US subsidiary suffers massive data breach
Singapore-based ST Engineering Aerospace's United States subsidiary has suffered a massive ransomware attack, resulting in the exposure of confidential data such as contract details with various governments, government-related organisations and airlines.
It's not just personal information that can be leaked in a data breach. Sensitive commercial information can also be exposed
IT Services Giant Conduent Suffers Ransomware Attack, Data Breach
Conduent, which says it provides services (including HR and payments infrastructure) for “a majority of Fortune 100 companies and over 500 governments”, was hit on Friday, May 29. Conduent’s European operations experienced a service interruption on Friday, May 29, 2020. Our system identified ransomware, which was then addressed by our cybersecurity protocols.
This data breach shows the importance of patching could have prevented data exfiltration and also how well developed data restoration capabilities can reduce the downtime that can be experienced in a ransomware attack
Nintendo Confirms Additional 140,000 Accounts Compromised in April Data Breach
A major gaming company leaks personal information
This article highlights some of the financial measures that may need to be incorporated into Business Continuity Plans for remediation of data breaches
Content management software supplier is hit by a data breach caused by weak configuration of it's Amazon Web Service facilities.
Although preventable, human error can cause a data breach. Regardless of the root cause the situation must be management and a predefined responses contained in the crisis management process associated with your business continuity plan
Aveanna Healthcare Faces Lawsuit Over Monthlong Data Breach
Aveanna Healthcare is facing a class-action lawsuit filed by more than 100 patients impacted by a month-long data breach from 2019. Over 166,000 patients were affected by the security incident, which breach victims claim was caused by inadequate security
An indication of how a data breach can have long-term effects which can be difficult to anticipate and reflect in crisis and business continuity plans.
Amtrak discloses data breach, potential leak of customer account data
The National Railroad Passenger Corporation (Amtrak) has disclosed a data breach that may have resulted in the compromise of customer personally identifiable information
Data Breaches can create a major reputational crisis. Although there may be no physical damage to the organisation, business continuity AND crisis management plans need to consider reputational as well as physical damage
Payment App Data Breach Exposes Millions of Indians' Data
A major data breach at mobile payment app Bharat Interface for Money (BHIM) has exposed the personal and financial data of millions of Indians.
Whether a deliberate attack or human oversight business continuity and crisis management plans need to address the impacts of data breaches
Software "Glitch" Creates Data Breach for Health Care App Vendor
Software design flaws can expose confidential information. although prevention is better than cure a good Crisis Management plan can help to manage reputational risks
Business Continuity Plans should be supported by strong Crisis Management capabilities
Canada’s Fitness Depot Blames ISP for Security Incident
Security weaknesses at a third party providing hosting services can create a data breach that puts you in the firing line
Business Continuity Plans should be supported by Crisis management procedures to deal with the adverse publicity that can occur