August 14, 2019

Monthly Breach Report: August 2019 Edition

PKWARE
Monthly Breach Report: August 2019 Edition

National Australia Bank (NAB)

A data breach shook NAB after the names and contact information of approximately 13,000 clients were accidentally disclosed with two data service enterprises. NAB, Australia’s fourth-largest financial institution, acknowledged that this is the second significant leak of customer data that the banking major encountered within three years.

According to an official statement from NAB, personal information mistakenly uploaded to the third-party servers comprised customer names, date of birth, contact details, and in few cases, government-issued ID numbers such as driver’s license. The bank also confirmed that all uploaded data was deleted within two hours as informed by the third-party service providers. Fortunately, the data mishap did not impact NAB login details or passwords.

While apologizing about the incident, NAB chief data officer Glenda Grisp mentioned that there has been no proof that the breached information had been further exposed or copied.  NAB has already informed approximately two-thirds of the affected customers via calls and emails about the breach.

This accidental happening is an embarrassing one for the bank because in 2017 NAB witnessed a similar incident where it sent the personal data of 60,000 customers due to a human error. Nab will cover the cost of re-issuing government identification for impacted clients and strengthened fraud detection identification of affected accounts.

Source:
itnews

Sprint

Within two months, US-based mobile network operator Sprint suffered its second breach of customer accounts this year. The data leak took place using Samsung’s “Add a line” website, which allows the present Sprint and Samsung users to receive an extra line from the carrier. The breach allowed hackers to access customers’ online logins and view data visible in their accounts.

According to Sprint, the exposed data during the second breach included phone number, monthly recurring charges, device type, device ID, account number, subscriber ID, account creation date, upgrade eligibility, first and last name, billing address, and add-on services. It also clarified that sensitive data—such as credit card details and social security number—was not impacted by the leak.

Sprint, the fourth-largest American telecom company, sent out notifications about the data breach last month while the attack took place in June. During Sprint’s first data mishap with Boost Mobile, reporting delays resulted in customers not being informed until May.

Although the company is yet to ascertain the exact number of customers impacted, to ensure safety, pin-codes for the affected accounts were reset.

The incident has come at an inopportune time as the United States Justice Department gave a green signal to the $26 billion merger deal between T-Mobile and Sprint after facing a regulatory delay for more than a year.

Essentia Health

Over 1,000 patients’ protected health information (PHI) at Essentia Health may have been at risk after a former third-party vendor became victim to a phishing incident, stated in a press release from the healthcare system. Earlier this year Nemadji Research Corporation, a health data management business based in Minn., which assisted Essenti Health previously with billing services, had to bear the burden of a phishing attack allowing access to 14,591 patient medical records. Last month, Nemadji started notifying its clients after it found the first instance in which personal data may have been accessible.

According to Nemadji, after observing suspicious activity in an employee’s email account on March 28, a computer forensics expert was brought in to probe the matter. The investigation revealed the employee fell for a phishing scam and divulged login details to the attacker. Before deactivation of the affected email account, an unauthorized entity accessed the account for several hours.

The Department of Health and Human Services’ Office for Civil Rights breach portal is aware of the incident and Nemadji has also submitted a separate breach report to OCR under the business name of California Reimbursement Enterprises.

Recently Nemadji notified Essentia Health about this data compromise incident due to its contractual obligations and the stringent federal privacy rules. Since the impact of the breach has been widespread, Essentia Health has decided to offer free credit monitoring services.

Lancaster University

Lancaster University became the target of a cyber-attack last month when hackers gained access to student records by breaching its IT systems. The University didn’t share any information about the scale of the attack—like how many employees opened the malicious email—but it resulted in two data breaches. The first breach impacted the undergraduate applicant records for the years 2019 and 2020 and the second breach accessed the records and ID documents of a small number of students.

While the University learned its servers were hacked on July 19, acknowledgment to the full impact of the breach did not happen until July 22, after which the University formed an incident team to manage the situation.

Termed as a “sophisticated and malicious phishing attack,” the incident saw fraudulent invoices being sent to undergraduate applicants as well. Police and anti-fraud agencies are currently probing the incident to understand the scale of the breach as the University has not shared the exact number of individuals impacted.

Source:
BBC News

American Land Title Association (ALTA)

American Land Title Association (ALTA) issued a data breach alert stating the unfortunate incident allegedly happened followed a successful phishing attack. This US-based national trade association represents over 6,000 title insurance firms, title and settlement agents, real estate attorneys, and independent abstracters. ALTA also revealed that hackers accessed almost 600 data entries for title and non-title companies comprising of information related to domain identification, IP addresses, usernames, and passwords.

According to an official statement, ALTA learned about the attack from an ethical hacker and its information technology department is presently scrutinizing the information. Moreover, the association would contact businesses if the data connected to any particular title and settlement entities.

To protect the organizations’ data and systems from data theft and leaks, ALTA has advised organizations to keep a strict vigil on their systems and inform their IT teams in case of unauthorized access.

Phishers have attacked and targeted the national trade association in the past as well. In May this year, ALTA had shared a warning of a phishing campaign where hackers used emails to gain unauthorized access.

Source:
Cyware Labs

Sytech

A hacking crew stole 7.5 terabytes of data from SyTech, a contractor of Federal Security Service (FSB). Earlier last month, the incident came to the fore when the hackers gained access to the company’s complete network. The compromised data included information on the projects that SyTech had been working on for Russia’s main security agency from 2009. Reports suggest that the hacking group known as “0v1ru$” was the mastermind behind this breach. The scale of the attack is massive as unauthorized entry into the firm’s Active Directory server followed by the breach of the entire network.

Apart from stealing data, the hackers also defaced the Sytech website with a “yoba face” and shared screenshots of the company’s servers on Twitter. Furthermore, this data was shared also with Digital Revolution, a hacking group that breached FSB’s other contractor Quantum.

Source:
Security affairs

Quickbit

An alleged data leak of sensitive user data hit the Swedish digital currency exchange QuickBit. The breached data comprised names, addresses, email addresses, genders, date of birth, and card information—type of credit card and first six and last four digits.

It also stated that two percent of the traders who used QuickBit’s services faced the wrath of the breach. News reports suggest the data was available for public access for about six days after which Comparitech researcher Bob Diachenko informed QuickBit about the breach.

QuickBit clarified that no passwords or Social Security numbers, account or credit card information, cryptocurrency or private keys, or financial transactions were compromised.

On July 19, the cryptocurrency exchange listed on the NGM Nordic MTF market grew suspicious about a possible breach, but internal investigation failed to identify any signs of a data breach. However, later that day, the exchange confessed that some data were not protected.

Source:
CryptoGlobe

Orvibo

Chinese firm Orvibo’s database allowed access without password protection that resulted in the leak of billions of user records. The database encompasses over 2 billion logs that include a range of data such as usernames, emails, passwords, family names, precise locations of IoT devices, and account reset codes.

Discovered by security researchers at vpnMentor, Orvibo learned about the data breach in mid-June, however, it failed to take any action. The data was available on an ElasticSearch server owned by Orvibo that trades under the name of Smartmate.

The Chinese smart home device management platform has also said that there’s no indication of the leaked data misuse. For Orvibo, legal ramifications are on the cards as it failed to secure the data of its European customers and may bag penalty under the General Data Protection Regulation (GDPR).

Don’t be next month’s data breach headline. Protect your data with the help of PKWARE. Get a free demo now.

Share on social media
  • The Evolution from PKZIP and SecureZIP to PK Protect

    PKWARE December 12, 2024
  • Data Breach Report: November 2024 Edition

    PKWARE December 9, 2024
  • Harvest Now Decrypt Later Cybersecurity Attack

    PKWARE December 3, 2024
  • Top Cybersecurity Predictions for 2025

    Jason Dobbs November 18, 2024
  • The Evolution from PKZIP and SecureZIP to PK Protect
    PKWARE December 12, 2024
  • Data Breach Report: November 2024 Edition
    PKWARE December 9, 2024
  • Harvest Now Decrypt Later Cybersecurity Attack
    PKWARE December 3, 2024