Welcome to our October 2022 review of data breaches and cyber attacks. We identified 102 security incidents throughout the month, which is the second largest figure so far this year – trailing only August (112).
By contrast, comparatively little personal data was breached, with our figures confirming that at least 9,990,855 records were compromised. That number could have been much higher, after Amazon was found to have left a database containing Prime members’ viewing habits unprotected.
Fortunately for the tech giant, researchers at Tech Crunch found that the 215 million compromised records couldn’t be used to identify customers by name.
For now, it’s unclear what damage the data could cause if exposed, so we’ve omitted the figure from our tally. However, it’s a warning sign for all organisations about the dangers of misconfigured Internet-facing servers.
As always, you can find the full list of data breaches and cyber attacks below, divided into their respective categories.
Meanwhile, be sure to subscribe to our Weekly Round-up to receive the latest cyber security news and advice delivered straight to your inbox.
Cyber attacks
- Mexico confirms hack of military records (unknown)
- Randolph-area school district disables its own website following transphobic hack (unknown)
- Australia’s Telstra hit by data breach, two weeks after attack on Optus (unknown)
- Patient details compromised in cyber attack on health provider Pinnacle (unknown)
- CHI Health faces ‘IT security incident’ impacting Omaha-area online systems (unknown)
- Russian-speaking hackers knock US state government websites offline (unknown)
- City of Tucson discloses security incident (123,513)
- CSI Laboratories falls victim to phishing scam (244,850)
- Criminal hacker steals $566 million worth of crypto from Binance Bridge (unknown)
- Grain Valley School District investigates malware attack (unknown)
- Cyber attack on Colorado state website follows Russian hacktivist threat (unknown)
- Colombia’s National Institute for Drug and Food Surveillance hit by cyber attack (unknown)
- US hospital chain CommonSpirit Health says ‘IT security issue’ is disrupting services (unknown)
- Cardiac Imaging Associates notifying patients of security incident (unknown)
- 2K Games warns users their stolen data is now up for sale online (unknown)
- State Bar of Georgia notifies members and employees of cyber security incident (unknown)
- Aesthetic Dermatology Associates notifies patients of security incident (33,793)
- Eventus WholeHealth notifies patients of security breach (unknown)
- Australia’s Medibank reports cyber incident (unknown)
- Cyber attack breached some Latter-day Saint member data (unknown)
- Australian police secret agents exposed in Colombian data leak (unknown)
- Costa Rica’s Municipality of Belen victim of cyber attack (unknown)
- New Mexico’s Cybersecurity Office investigating unauthorised access to information systems at state agency (unknown)
- Phishing incident at Seton Medical Center may have exposed patient names (unknown)
- Woolworths says MyDeal customers’ data was hacked (2.2 million)
- Keystone Health notifies patients of data security breach (235,237)
- Canadian MPs warned to change email passwords after cyber attack on government (unknown)
- Verizon notifies prepaid customers their accounts were breached (unknown)
- Wine dealer Vinomofo hit by cyber attack (500,000)
- EnergyAustralia hit by cyber attack (323)
- Spain’s National Renewable Energy Center targeted by cyber criminals (unknown)
- Online marketplace Carousell breached by cyber criminals (1.95 million)
- Wholesale giant METRO hit by IT outage after cyber attack (unknown)
- Resource Anesthesia of California confirms security incident (16,001)
- The Scoular Company says it was hacked (unknown)
- GEE Group reports security breach following encryption event (unknown)
- Diodes Incorporated confirms recent security incident affecting SSNs and health information (unknown)
- Neurology Center of Nevada reports security breach (1,000)
- Choice Health Insurance, LLC confirms recent cyber attack (unknown)
- Northern Data Systems, Inc. files notice of security breach (unknown)
- Chemonics International suffers cyber attack (unknown)
- VisionWeb Holdings reports recent security breach (35,900)
- Massachusetts-based Mativ Holdings confirms security breach (unknown)
- Buffalo MRI by Windsong Radiology reports security incident (unknown)
- Lake Nona Estates Management reports breach after unauthorised party accesses computer network (unknown)
- Amerigroup Insurance Company says customers’ SSNs and insurance data has been compromised (unknown)
- Vivendi announces breach stemming from incident at the company’s See Tickets business (92,074)
- Eventus WholeHealth reports breach after email compromise (unknown)
- Lifespire Services reports security breach (15,375)
- Massachusetts Mutual Life Insurance Company says consumers’ financial data compromised (1,472)
- Advocate Aurora Health announces security breach (3 million)
- Financial Dimensions Group in security incident affecting Royal Alliance clients (unknown)
- BBRG TR and related entities embroiled in security breach (unknown)
- Aurubis says it was target of cyber attack (unknown)
- Slovak parliament suspends voting due to suspected cyber attack (unknown)
- Police called after South Australian Liberal Party caught up in alleged security breach (2,000)
- Taiwan’s Ministry of Interior denies being source of leaked data (200,000)
- Bed Bath & Beyond reviewing effects of phishing attack (unknown)
- Polish parliament hit by cyber attack (unknown)
- Urology of Greater Atlanta announces security breach (unknown)
- WakeMed Health & Hospitals announces security breach (495,808)
- Phoenix Programs of Florida experienced security breach stemming from email compromise (unknown)
- Patient files of Rainier van Arkel also captured in a hack (184)
If you’re facing a cyber security disaster, IT Governance is here to help. Our Cyber Incident Response service provides the help you need to deal with the threat, as our experts guide you through the recovery process.
They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.
Ransomware
- Internap loses customer data, shrugs, doesn’t apologise (unknown)
- Tata Power, a top power producer in India, confirms cyber attack (unknown)
- Saskatoon gynaecology clinic hit with ransomware attack (20,000)
- Healthcare centres in Catalonia affected by a “ransomware-type” attack (unknown)
- Bank of Brasilia attacked by ransomware demanding 50BTC (unknown)
- Johnson Fitness and Wellness hit by DESORDEN Group (unknown)
- Mars k-12 district in Pennsylvania victim of ransomware attack (unknown)
- CommonSpirit confirms ransomware attack (unknown)
- NHS vendor Advanced won’t say if patient data was stolen during ransomware attack (unknown)
- Ransomware attack halts circulation of some German newspapers (unknown)
- French maternity hospital hit by ransomware attack (unknown)
- Argentina’s Armed Forces Joint Chiefs of Staff computer system hit by ransomware (unknown)
- Brazil’s RecordTV allegedly a victim of a ransomware attack (unknown)
- Unimed Belem Cooperative hit by ransomware (unknown)
- Massy Stores investigates cyber attack information leak (700,000)
- St. Amant Centre victim of ransomware attack (unknown)
- Tufts community members’ health insurance information compromised in vaccine clinic security breach (unknown)
- Ransomware attack on Indianapolis Housing Agency has landlords, tenants concerned (unknown)
- Colombia’s Universidad Piloto de Colombia hit by ransomware (unknown)
- The joint armed forces command of Ecuador infected with ransomware (unknown)
- Ascension St. Vincent’s Coastal Cardiology announces data breach stemming from ransomware attack (unknown)
Data breaches
- University of Limerick in email data breach gaffe (1,000)
- Bankrupt crypto lender Celsius reveals users’ transaction histories in court filing (unknown)
- Healthcare firm Ro says it ‘inadvertently’ exposed employees’ personal information (unknown)
- UK Home Office warned after sensitive documents left at London venue (unknown)
- Wisconsin Department of Health Services notifying some Medicaid members of breach (unknown)
- Hamilton City ‘inadvertently’ shares personal information, breaches privacy in mass-email (450)
- Thumb drive with confidential Yukon government case files found in Whitehorse pawn shop (unknown)
- Students caught up in University of Otago data breach (unknown)
- Amazon accidentally exposed an internal server packed with Prime Video viewing habits (unknown)
- School software firm iLeadr exposes personal data on misconfigured Cloud database (unknown)
- Security breach in Shas Party database could expose information of millions (unknown)
Malicious insiders and miscellaneous incidents
- Detroit Health Department provides notice of data security incident (unknown)
- Doctor admits criminal HIPAA scheme for wrongful disclosure of protected patient health information (unknown)
- Baie Verte hospital investigating after inappropriate photos taken of patients (unknown)
- Ex Louisville police officer used law enforcement tech to hack sexually explicit photos (25)
- Federal and state authorities investigate a data breach at Philadelphia-area OB/GYN practice (800)
- Mount Laurel officer suspended from force, accused of hacking into woman’s social media accounts (unknown)
