There were a massive 99 data breaches and cyber attacks in August, making it the third-biggest monthly total of the year by number of security incidents.
But, by contrast, only 36,673,575 records were confirmed to have been leaked, which is the fewest we’ve recorded since May 2018.
The true figure, as always, will be higher than this – in part because organisations rarely disclose how many records were involved in security incidents. But we’ll take a positive however we can take it, particularly given how leaky organisations have been throughout lockdown.
You can find our full list of publicly disclosed data breaches from August in this blog, with incidents affecting UK organisations listed in bold.
Meanwhile, you can stay up to date with the latest news by subscribing to our Weekly Round-up or visiting our blog.
Cyber attacks
- 15-year-old Merseyside boy arrested for hacking UK PayPal accounts (unknown)
- Leeds-based Luminate Education Group hit by cyber attack (unknown)
- Myerscough College hit by cyber attack on exam results day (unknown)
- Mexican delivery startup iVoy experiences data breach (127,432)
- Cyber attack affects website of Texas-based Hudson Independent School District (unknown)
- Hacker leaks passwords for enterprise VPN servers (913)
- Intel investigating breach after 20GB of internal documents leak online (unknown)
- FX broker Pepperstone has updates its clients over third-party malware attack (unknown)
- Scholarship America notifies individuals of breach (unknown)
- Indiana-based Community School Corporation of Southern Hancock County hit by cyber attack (unknown)
- Ohio-based Premier Health Partners discloses data breach (unknown)
- The SANS cybersecurity training organisation hit by phishing scam (unknown)
- Pakistani intelligence agencies have tracked a major security breach by Indian hackers (1,400)
- North Korean hacking group attacks Israeli defence industry (unknown)
- Canada Revenue Agency records breached in a pair of cyber attacks (5,500)
- Germany’s military-run transport fleet hacked (unknown)
- Rochester City School District reopening forum hacked on Zoom (unknown)
- Experian SA incident affects millions of South Africans (24 million)
- Incident at Louisiana’s Jefferson Parish public school affects students (86)
- Mitsukoshi and MI Card confirm that its systems were hacked (19,000)
- Kariyer.net customers hit by security incident (55,149)
- Hacker breaks into royalty-free photo site Freepik (8.3 million)
- CO-based Mental Health Partners says an employee’s account was hacked (unknown)
- Sumitomo Forestry Co., Hitachi Chemical Co. among Japanese firms affected by VPN vulnerability (unknown)
- CA-based North Okanagan Pediatric Clinic informs patients of cyber attack (unknown)
- New Zealand stock exchange disrupted by fourth ‘offshore’ cyber attack (unknown)
- Nevada’s Clark County School District provides few details of security incident (unknown)
- Utah Pathology Services notifying patients of security incident (112,000)
Ransomware
- British Dental Association records leaked on the dark web (5,524)
- Australian aged care firm Regis hit by ransomware (unknown)
- Canon suffers ransomware attack that impacts numerous services (unknown)
- Lafayette, CO, gov pays $45,000 in ransom after computer systems were disabled (unknown)
- Coronavirus ventilator manufacturer Boyce Technologies targeted by ransomware gang (unknown)
- Three US medical practices hit by ransomware (unknown)
- Multiple systems impacted by ransomware attack on California-based Imperial Valley College (unknown)
- Jack Daniel’s manufacturer target of apparent ransomware attack (unknown)
- Medical debt collection firm R1 RCM hit in ransomware attack (unknown)
- OK-based Ponca City Schools had backups to prevent ransomware disaster (unknown)
- Baugo Community Schools in Indiana dealing with cyber attacks (unknown)
- Canadian land developer Brookfield Residential hit with ransomware (unknown)
- Delivery firm Canpar Express faces delays amid ransomware attack (unknown)
- NC’s Haywood County schools shut down by ransomware (unknown)
- No ransomware paid after Ventura Orthopedics hit by ransomware (1,850)
- Arkansas’ Gosnell School District is recovering from a ransomware attack (unknown)
- CA-based Rialto Unified suspends online learning amid ransomware (unknown)
- Valley Health System recovering from ransomware attack while maintaining patient care (unknown)
- California’s Selma Unified School District hit by ransomware (unknown)
- North Carolina’s Greenville Technical College suffers ransomware attack (15,000)
- Houston’s United Memorial Medical Center hit by ransomware (unknown)
- Rocky Mount, North Caroline, hit by ransomware (unknown)
- Amphastar Pharmaceuticals learns that hackers exfiltrated employee data in ransomware attack (unknown)
- Cruise ship operator Carnival crippled by ransomware (unknown)
Data breaches
- Basingstoke Hospital investigating possible confidentiality breach (unknown)
- Password displayed in Plymouth government building window(unknown)
- Passer-by finds sensitive medical info belonging to Caithness General Hospital (19)
- Southern Water customers could view others’ personal data by tweaking URL parameters(unknown)
- Robocall legal advocate Blacklist Alliance leaks customer data (388)
- Twitter says security flaw may have exposed Android users’ direct messages (unknown)
- Canadian transport firm Metrolinx investigating privacy breach (2,000)
- MedEvolve finally discloses security incident two years after it occurred (unknown)
- Argentinian government exposes COVID-19 health data (115,000)
- Ireland’s Department of Employment Affairs and Social Protection leaks sensitive data (unknown)
- Researchers uncovered Alexa flaw that exposed personal information and speech histories (unknown)
- BioTel Heart leaves cardiac patient data exposed online (61,000)
- Hacker releases the databases of Utah-based gun exchanges (281,999)
- Researcher discovers Github databases from nine US medical entities (150,000)
- New South Wales Police force leaks emails relating to Black Liver Matter protest (150)
- Co Cork’s Union Quay Medical Centre sent STD and mental health diagnoses to the wrong patient (2)
- AI company Cense leaked information from car accident victims (2.41 million)
- Canada’s London Police Service snooped on records of people who tested positive for COVID-19 (10,475)
- Managed isolation facility security guard suspended over social media privacy breach (27)
- Records from West Texas Orthopedics found in recycling centre (unknown)
- South African social grant applications were found dumped on the street (unknown)
- India’s most popular travel booking hubs was left exposed (700,000)
- Wellington-Dufferin-Guelph Public Health notifies those affected by data breach (unknown)
- New South Wales driver’s licences found in open Cloud storage (54,000)
- Manitoba government confirms privacy breach at Children’s Disability Services (9,000)
- Philadelphia Archdiocese clergy abuse victims part of accidental email leak (47)
Financial information
- Toronto residents’ CERB payments on hold after fraudulent employment insurance claims (700)
- Kentucky’s unemployment system suffers another breach (unknown)
- Defence supplier PULAU Corporation says it has been hacked (unknown)
- American Payroll Association notifying those affected by cyber attack (unknown)
Malicious insiders and miscellaneous incidents
- Nova Scotia Health notifying patients affected by two separate incidents (211)
- Arkansas-based Ashley County Medical Center fires nurse for improperly accessing patient records (722)
- Iran cover-up of deaths revealed by data leak (200,000)
- Former employee at NC-based Coastal Preparatory Academy stole sensitive data (unknown)
- Rogue employee to blame for breach at Turkey’s Rezzan Günday (unknown)
- Employee at IL-based Villa at Palos Heights paid bills with patients’ info (unknown)
- Cisco engineer resigns then nukes WebEx accounts (16,000)
In other news…
- Author of FastPOS malware revealed, pleads guilty
- Cyber insurance: The moral quandary of paying criminals who stole your data
- For six months, security researchers have secretly distributed an Emotet vaccine
- Please stop hard-wiring AWS credentials in your code. Looking at you, uni COVID-19 track-and-test app makers
- Marriott faces London lawsuit over vast data breach
- Russian arrested for trying to recruit an insider and hack a Nevada company
No Responses