A curated list of the top stories of the week concerning data leaks and digital threats.
By Angelica Mari, July 25, 2019, ZDNet
An unprotected server belonging to a Brazilian financial services firm exposed customers’ personal information, including IDs and social security cards, as well as documents provided as proof of address and service request forms.
By Daniel Palmer, July 25, 2019, Coindesk
Cryptocurrency loans platform YouHodler exposed 86 million records containing private financial data belonging to thousands of users. These records included users’ names, email addresses, home addresses, phone numbers, birthdays, credit card numbers, CVV numbers, bank details, and crypto wallet addresses.
By Benjamin Vitáris, July 26, 2019, CCN
Swedish crypto exchange QuickBit confirmed that 300,000 records were leaked from a MongoDB database left exposed by a third-party contractor during a security update.
By Eduard Kovacs, July 22, 2019, SecurityWeek
Several healthcare companies in the United States informed customers that they had been impacted by a data breach suffered by the American Medical Collection Agency. Threat actors gained access to some customers’ names, addresses, phone numbers, dates of birth, dates of service, balance information, payment card or banking information, and treatment provider information.
By Marianne Kolbasuk McGee, July 24, 2019, InfoRiskToday
A medical equipment benefits administrator reported a large health data breach affecting both patients and healthcare providers. The information impacted could include names, addresses, dates of birth, dates of service, provider names, medical record numbers, patient identification numbers, medical device descriptions, diagnoses, diagnosis codes, treatment information, member health plan identification, and in a very small number of instances, Social Security numbers and driver’s license numbers.
By Mackenzie Garrity, July 22, 2019, Becker’s Hospital Review
Cancer Treatment Centers of America discovered that an employee’s email account was compromised in a phishing attack. The compromised information may include addresses, phone numbers, dates of birth, medical record numbers, other patient identifiers, medical information, and health insurance information.
By Danny Palmer, July 23, 2019, ZDNet
Threat actors have stolen the personal data of prospective and current students at Lancaster University after gaining access to databases that contained personal information, including names, addresses, telephone numbers, and email addresses.
By Zak Doffman, July 20, 2019, Forbes
Threat actors have successfully stolen 7.5 terabytes of data from a major contractor of FSB—Russia’s Federal Security Service. These threat actors exposed secret FSB projects to de-anonymize Tor browsing, scrape social media, and help the state split its internet off from the rest of the world.