List of data breaches and cyber attacks in October 2020 – 18.4 million records breached

A useful reference list from IT Governance. Is your organisation’s name on the naughty list?…:

With 117 publicly reported security incidents, October 2020 is the leakiest month we’ve ever recorded.

The good news is that those data breaches and cyber attacks accounted for just 18,407,479 breached records.

However, it’s worth noting that, in very few incidents, the number of affected records is revealed – either because the organisation doesn’t know or because it’s not required to disclose that information.

With that in mind, here is our complete list of October’s cyber attacks and data breaches. As usual, incidents affecting UK organisations are in bold.

---

Contents

• Cyber attacks
• Ransomware
• Data breaches
• Financial information
• Malicious insiders and miscellaneous incidents
• In other news…

---

Cyber attacks

• Cyber attack on UJIA to be investigated by the Charity Commission (unknown)
• Brit accused of spying on people via webcam CCTV software (772)
• Transport Malta says that five-day outage was caused by a cyber attack (unknown)
• FL-based Gulf Coast State College says its systems were hacked (unknown)
• Two Long Island school districts hit by DDoS attacks (0)
• Hacker uploads own fingerprints to crime scene in dumbest cyber attack ever (1)
• Chinese hackers steal personal data of half of Taiwan’s workforce (6 million)
• United Nations International Maritime Organization says it was hacked (unknown)
• Hackers targeted 20 Israeli cryptocurrency executives (20)
• FBI investigating after cyber attack targets Wayne County School District (unknown)
• Security incidents at Heartland Community College shuts down IT systems (unknown)
• Exams at the University of Mumbai postponed amid cyber attack (8,000)
• Hackers post Fairfax County Public Schools employees’ SSNs online (+200)
• Hackers breach personal data from Georgia Department of Human Services (unknown)
• Longmont NextLight customers’ service affected by DDoS attack (unknown)
• Michigan’s Walled Lake Consolidated School District says it has suffered cyber attack (unknown)
• Home security cams hacked in Singapore, and stolen footage sold on adult websites (50,000)
• Lexington city employees’ data at risk after breach at contractor (570)
• Online proctor service ProctorTrack disables service after hack (unknown)
• Hackers dumped student and employee data from Toledo Public Schools (23,000)
• Greek mobile network operator Cosmote says it suffered a cyber attack last month (unknown)
• Commission Kings hit suffers outage in suspected DDoS attack (unknown)
• Medicaid billing provider Timberline Billing Services discloses security incident (unknown)
• Two Westchester school districts were targeted by a cyber security attack (unknown)
• German online advisory firm Scalable Capital says data stolen in cyber attack (unknown)
• Rajasthan man hacks schools’ servers (130)
• Centerstone patients, employees impacted by security incident (unknown)
• Cyber security incident causes Indian River County network to shutdown (unknown)
• Hackers steal personal data of Google employees after breaching US law firm (unknown)
• Swedish security group Gunnebo targeted by attackers (38,000)
• Media monitoring provider Isentia experiences security incident (unknown)
• Picture of man’s genitalia shows up on screen during virtual class for students in Virginia Beach (0)
• Japan’s nuclear regulator halts email after suspected cyber attack (unknown)
• Security incident reported at Rady Children’s Hospital (unknown)
• German infectious disease agency hit by DDoS days before arson attack (0)
• Fort Zumwalt School District investigating a cyber attack perpetrated by a student (unknown)
• Arkansas Methodist Medical Center says third-party system was hacked (unknown)
• Jewish General Hospital suffers cyber attack (unknown)
• University of Vermont Health Network hit by major power outage (unknown)
• RedMart customers’ data stolen and put up for sale (1.1 million)
• Personal data from eatigo accounts accessed in a security incident (2.8 million)

Ransomware

• London’s Hackney Council suffers ‘serious’ cyber attack (unknown)
• Insurance firm Ardonagh Group responds as ransomware infection takes hold (unknown)
• Non-profit Recover Our Youth appears to have paid ransom to delete data (unknown)
• California’s Cache Creek Casino Resort confirms that outage was caused by cyber attack (unknown)
• University Hospital New Jersey paid huge ransom to end disruption (48,000)
• Clinical trials disrupted amid attack on eResearchTechnology (unknown)
• MS-based AAA Ambulance Service experienced ransomware attack (unknown)
• Hall County, Georgia reports ransomware attack (unknown)
• Massachusetts’ Springfield Public Schools District hit by ransomware (unknown)
• Software AG falls prey to ransomware attack (unknown)
• Lake George Land Conservancy recovered from a ransomware without paying (unknown)
• Seyfarth Shaw LLP discloses ransomware attack (unknown)
• City of Mt. Pleasant, Michigan, falls victim to remote ransomware attack (unknown)
• Facilities services provider Spotless Group suffers ransomware attack (unknown)
• Michigan’s Dickinson County Healthcare System responding to ransomware (unknown)
• OSF Healthcare joins those affected by Blackbaud incident (unknown)
• Barnes & Noble says customer data may have been stolen in cyber attack (unknown)
• Montreal’s STM public transport system hit by ransomware attack (unknown)
• Caribbean’s biggest conglomerate, Ansa McAl hit by ransomware (unknown)
• Hackers hold Fin’s patient information for ransom in psychotherapy data breach (unknown)
• European IT services group Sopra Steria falls victim to ransomware attack (unknown)
• Parker County, TX, discloses security incident (unknown)
• Sonoma Valley Hospital computer systems shut down in suspected ransomware attack (unknown)
• Haldiram’s Snacks discloses cyber attack that occurred in July (unknown)
• Japanese pharmaceutical firm Shionogi & Co affected by ransomware (unknown)
• Chenango County says it will restore systems from backups after ransomware attack (unknown)
• Boyne Resorts ski resort operator hit by ransomware (unknown)
• Press Trust of India services disrupted by LockBit ransomware attack (unknown)
• Another Noida sweets manufacturer attacked by ransomware (unknown)
• Enel Group given seven days to pay ransom demand (unknown)
• Furniture giant Steelcase hit by Ryuk ransomware (unknown)
• NY State confirms cyberattack at St. Lawrence County hospitals (unknown)
• Sensitive data exposed as Salem, NH, suffers cyber attack (unknown)
• Sodinokibi ransomware group hits the Hanover Chamber of Crafts (unknown)
• North Carolina’s Piedmont Community College confirms ransomware attack (unknown)
• REvil adds Gaming Partners International to its list of victims (unknown)

Data breaches

• Greater Manchester Police accidentally publishes crime victims’ personal details (unknown)
• Magnolia Pediatrics contacts patients after discovering data breach (12,000)
• 0x00sec contacts users after learning that database was publicly available (unknown)
• A security flaw in Grindr let anyone easily hijack user accounts (unknown)
• University Hospital Limerick writing to patients after Twitter gaffe (630)
• Dr Lal PathLabs, one of India’s largest blood test labs, exposed patient data (+2 million)
• Prison video visitation service exposed private calls between inmates and their attorneys (unknown)
• Potential data breach exposed in Hawaii’s travel exemption request system (150)
• Dutch health service GGD under investigation after data leak (unknown)
• Oswego Health discloses data leak three and a half month later (unknown)
• Dr Richard Freeman admits losing rider blood data from a third computer (unknown)
• Misconfigured database belonging to Pfizer leaked drug-safety reports (unknown)
• Passavant Memorial Homes Family of Services notifies those affected by data breach (25,000)
• Vulnerability in Twitter-Owned SDK is leaking users’ location data (10 million)
• Breach at India-based Dr Reddy’s forces lab to temporarily shut operations across globe (unknown)
• Missouri Virtual Academy inadvertently released students’ data (unknown)
• Employee at Japan Post Trading Service Co sent sensitive data to partner firms (unknown)
• Private information of child sex crime victims was illegally made public in Cook County court records (21)
• Mount Diablo Unified District responds to SchoolMessenger leak (30)
• Massive Nitro data breach impacts Microsoft, Google, Apple (1.8 million)
• Vulnerability in social networking app True leaks users’ data (500,000)
• Boxes of records belonging to DaVita Florissant Dialysis found in street (unknown)
• Home Depot has exposed the private order confirmations of Canadian consumers (660)

Financial information

• School payments service Wisepay hit by cyber attack(unknown)
• TX: Odessa residents suffer from second Click2Gov breach (unknown)
• Visa says that two of its merchants suffered POS breach earlier this year (unknown)
• Hackers steal employee salary payments at several Swiss universities (unknown)
• Medical data of Toronto hospital patients allegedly used to extort money from company (150)
• 11 charged in conspiracy to steal account information, money from bank customers (unknown)
• Cyber attack on WI’s unemployment system exposes banking information (116)
• Wisconsin Republican Party says hackers stole $2.3 million (unknown)

Malicious insiders and miscellaneous incidents

• Edinburgh nurse sacked from RIE after being caught viewing records of neighbours and friends (28)
• Scottish Ambulance Service apologises to staff in Moray after data breach (unknown)
• Hacker brought malware in to Boston-based Tyngsborough school (unknown)
• Hennepin Healthcare employees fired for ‘improperly’ accessing George Floyd records (1)
• Criminals broke into WA-based Health and Wellness Clinic and stole sensitive data (unknown)
• Vengeful former Century 21 employee charged with alleged computer tampering (unknown)
• Amazon sacks insiders over data leak, alerts customers (unknown)
• Ex-Trillium Health employee accused of hacking co-workers, stealing nude photos (unknown)

In other news…

• How a Chinese malware gang defrauded Facebook users of $4 million
• Amid an embarrassment of riches, ransom gangs increasingly outsource their work
• An interview with UNKN sheds light on REvil’s operations and future victims

The post List of data breaches and cyber attacks in October 2020 – 18.4 million records breached appeared first on IT Governance UK Blog.

Original article here