You can find October 2020’s list of cyber attacks and data breaches here.
September saw students around the globe returning to classes, only to be met with an avalanche of cyber attacks.
The education sector accounted for 20 of the 102 publicly disclosed incidents listed this month – with the majority being ransomware.
Indeed, ransomware was the most common threat across all sectors. Because organisations can rarely calculate the extent of the damage, these attacks accounted for relatively few of the 267,277,828 breached records that we tallied, but incidents can have much wider-reaching consequences.
Notably, a patient at Dusseldorf University Hospital died during a ransomware infection after the facility was unable to provide urgent medical assistance.
You can find our full list of publicly disclosed data breaches from September in this blog, with incidents affecting UK organisations listed in bold.
Meanwhile, you can stay up to date with the latest news by subscribing to our Weekly Round-up or visiting our blog.
Contents
Cyber attacks
- UK investigating cyber attack leaking Syria propaganda operations (unknown)
- Norway’s parliament attacked by criminal hackers (unknown)
- No personal data affected in cyber attack on OH’s Manfield City Schools (0)
- Criminal hackers infiltrate Canada’s Justice Department’s system (unknown)
- Oregon State University reports IT security breach (unknown)
- Miami high schooler charged with cyberattacks that stopped online learning (unknown)
- Sensitive data compromised in attack on Georgian Ministry of Health and the Lugar laboratory (unknown)
- CNN-News18 allegedly hacked to deny PayTM hack claims (unknown)
- Chile’s Banco Estado confirms malware infection (unknown)
- Israeli chip manufacturer Tower Semiconductor halts operations amid cyber attack (unknown)
- Philippines police nab four Nigerians who allegedly hacked banks (unknown)
- Hackers shut down first day of Toledo Public Schools’ online classes (unknown)
- PA’s Trinity Area School District reports security breach in fifth-grade cyber classroom (unknown)
- Russian state hackers suspected in targeting Biden campaign firm (unknown)
- Idaho’s Fort Dodge Community School District reopens after cyber attack (unknown)
- Virginia’s Chesterfield County Public Schools battles hackers as school year begins (unknown)
- SC’s Roper St. Francis Hospital notifies patients of BEC scam (6,000)
- US Department of Veterans Affairs confirms cyber attack (46,000)
- Chinese tech giant Alibaba’s servers hit by criminal hackers (unknown)
- Carmel’s official city website knocked offline in cyber attack (unknown)
- TX-based Skidmore-Tynan Independent School District consults FBI after attack (unknown)
- India’s National Informatics Centre hit by malware (unknown)
- Benjamin Franklin Middle School student arrested after hacking school systems (unknown)
- Luxottica hacker attack returns (unknown)
- Alabama’s St. Clair County is latest victim of cyber attack (unknown)
- Ohio-based Stark Summit Ambulance discloses security incident (unknown)
- Norwegian unit of shipbuilder Fincantieri SpA allegedly defrauded after cyber attack (unknown)
- CISA confirms that a cyber criminal broke into an unnamed federal agency (unknown)
- Nebraska Medicine systems knocked offline in cyber attack (unknown)
- Singapore-based ecommerce platform ShopBack breached (unknown)
- Tech start-up RedDoorz investigating security incident (unknown)
- Martin County, Florida, website hacked (unknown)
- NY-based Century Specialty Script says employee Office account compromised (unknown)
- Hungarian banks and telecoms services hit by DDoS (unknown)
- Montgomery County, TN, government networks knocked offline in cyber attack (unknown)
- Swatch shuts down some technology systems after cyber attack (unknown)
- Flight tracking services Flightradar24 and PlaneFinder both hit by multiple attacks (unknown)
- Pell City, AL, utility service hit by cyber attack (unknown)
- Religious group People of Praise attacked after one of its members nominated for SCOTUS (unknown)
- Houston-based Legacy Community Health says it was the victim of a phishing scam (unknown)
Ransomware
- Hackers hold Newcastle University to ransom (unknown)
- Massachusetts’ Somerset Berkley Regional High School hit by ransomware attack (unknown)
- Ransomware attack halts Argentinian border crossing for four hours (unknown)
- Netwalker ransomware hits K-Electric, Pakistan’s largest private power utility (unknown)
- Thailand’s Saraburi Hospital hit by ransomware (unknown)
- NorthShore University HealthSystem notifying patients affected by Blackbaud attack (348,000)
- Spain’s SegurCaixa Adeslas activates its contingency plan due to a ransomware attack (unknown)
- Data centre and colocation giant Equinix has been hit with a Netwalker ransomware attack (unknown)
- CA’s Enloe Medical Center notifying patients after Blackbaud ransomware incident (unknown)
- Fairfax County Public Schools in Virginia confirms cyber attack (unknown)
- Artech Information Systems says data breached in ransomware attack (unknown)
- SC’s Roper St. Francis in second data breach this month after learning of its involvement in Blackbaud incident (93,000)
- Development Bank of Seychelles learns of ransomware incident (unknown)
- Netherlands-based Veiligheidsregio Noord- en Oost-Gelderland hit by ransomware (unknown)
- Ransomware threat actors claim theft of University Hospital New Jersey files (48,000)
- NJ-based Somerset Hills School District suspends classes amid ransomware attack (unknown)
- NJ-based Millstone Township School District hit by ransomware (unknown)
- Systems of GA-based Jekyll Island Authority infiltrated with ransomware (unknown)
- NY’s Floral Park-Bellerose School District hit with ransomware attack (unknown)
- Woman dies during a ransomware attack on a German hospital (unknown)
- The College of Nurses of Ontario investigating suspected ransomware attack (195,000)
- NC’s Guilford Technical Community College hit with ransomware (unknown)
- Non-profit Anglicare Sydney held to ransom after cyber attack (unknown)
- Leading U.S. laser developer IPG Photonics hit with ransomware (unknown)
- ArbiterSports referees’ data stolen in ransomware attack (540,000)
- Tyler Technologies appears to have been hit by RansomExx ransomware (unknown)
- Universal Health Services hit by massive ransomware attack (unknown)
- French container line CMA CGM confirms ransomware attack (unknown)
- Ransomware threat actors dump data on Clark County School District employees and students (unknown)
- International insurance brokerage firm Arthur J. Gallagher & Co confirms ransomware attack (unknown)
- Hackers hit South African government fund for children and missing people (unknown)
- The Medisys Health Group and its affiliate Copeman Healthcare pay ransom (60,000)
Data breaches
- Virtual Mail Room gaffe exposes letters from banks and local authorities (50,000)
- Public Health Wales accidentally publishes coronavirus patients’ data (18,105)
- Prison phone service Telmate exposes personal info of inmates and clients (11,289,042)
- The world’s biggest webmaster, Digital Point, suffered a massive data breach (62,858,144)
- Razer, purveyor of high-end gaming gear, embroiled in data leak (100,000)
- Japan regulator set to ask Nomura to report on how competitor had its data (unknown)
- West Mifflin Area School District recalls student devices for ‘urgent security updates’ (unknown)
- Joe Biden’s campaign app vulnerability exposed sensitive voter information (191 million)
- West County School District announces data breach that occurred last year (unknown)
- Regina clinic failed to notify patients of privacy breach, says commissioner (unknown)
- Ministry of Internal Affairs of Belarus responds after breach of law enforcement officers’ data (1,000)
- University of Tasmania IT bungle leads to mass student data breach (19,900)
- Spokane health district apologises for accidental disclosure of personal health info (unknown)
- New York Sports Clubs exposes customer data (600,000)
- Indian medical student accuses websites of leaking students’ data (unknown)
- Security lapse exposes hundreds of addresses of Minnesotans infected with COVID-19 (unknown)
- Australia’s Department of Foreign Affairs and Trade accidentally leaks data of people stranded overseas (2,727)
Financial information
- Staffordshire-based Stone Refurb says bank details were stolen in cyber attack (unknown)
- The Jewish Federation of Greater Washington reports $7.5 million hack (unknown)
- Hackers foiled in attempted $90,000 email compromise scam (unknown)
- CU Collections notifies customers of security incident (unknown)
- Magento says 2,000 online stores attacked by malware (unknown)
- Hackers drain KuCoin cryptocurrency exchange’s hot wallets (unknown)
Malicious insiders and miscellaneous incidents
- Smith Clinic employee fined and given community service after improperly accessing patient data (unknown)
- Secure Data Technologies sues former employee for hacking its systems (unknown)
- PA’s Geisinger Berwick notifying patients after employee improperly accessed records (700)
- Montefiore employee terminated after stealing patient records (4,000)
- Shopify says two ‘rogue’ employees involved in data breach to obtain customer records (unknown)
In other news…
- Russian national indicted for conspiracy to introduce malware into a computer network
- Windows 10 themes can be abused to steal Windows passwords
- Meet the middlemen who connect cyber criminals with victims
- You’re fired: Dutch hackers broke into Trump’s Twitter account in 2016
- International sting against dark web vendors leads to 179 arrests — Europol
- When coffee makers are demanding a ransom, you know IoT is screwed
Really is fascinating that there are so many breaches in 2020 with GDPR, other DP legislation etc. Great work Luke