2019 Breaches
Unauthorized Access to Online Trading Firm in New Zealand results in Data
Who: Kathmandu Holdings # of Accounts Breached: Undetermined What was affected: Data breach at Kathmandu’s online trading websites When it happened: Between January 8 - February 12, 2019 How it happened: The company said an unidentified third party gained unauthorized...
Poorly Configured Elsevier Server, Left Access to Data Open
Who: Elsevier # of Accounts Breached: Undetermined What was affected: User email addresses and passwords When it happened: 18 Mar 2019 How it happened: Due to a misconfigured server, a researcher found a constant stream of Elsevier users’ passwords. Outcome: An...
Portable Radiology Service Maintains Unprotected Database and Loses Patient Data
Who: Home Health Radiology Services (HHRS) # of Accounts Breached: Estimated 37,000 people What was affected: Names, date of birth, phone numbers, addresses, diagnoses, notes, and we even saw Social Security Numbers (SSN) When it happened: March 1, 2019 How it...
Phishing Compromised Employee And Allowed Unauthorized Access to Insurance Agency Customers
Who: Hartwig Moss Insurance Agency # of Accounts Breached: 1,100 customers What was affected: Names, birthdates and driver’s license numbers. A “limited medical information” for a “small number of individuals" may have also been accessed. When it happened: March 20,...
PII Exposed from State Agency After Employees Fell Victim to Phishing Attack
Who: Oregon's Department of Human Services (DHS) # of Accounts Breached: More than 350,000 client’s data What was affected: First and last names, addresses, dates of birth, Social Security numbers, case numbers, and other information. When it happened: January 8, 2019...
Poorly Secured Server Leaked Real Time GPS Data From App
Who: Family Locator App # of Accounts Breached: More than 238,000 users. What was affected: User’s name, email address, profile photo, and their plaintext passwords. When it happened: 20 Mar 2019 How it happened: A popular family tracking app was leaking the...
Government Servers in Orange County Encrypted by Ransomware
Who: Orange County Government # of Accounts Breached: Undetermined What was affected: Servers and Network Orange County When it happened: March 2019 How it happened: Orange County located in the Los Angeles Metropolitan area of California has made an official...
CyberAttackers Used Ransomware to Encrypt Surgical Specialist Patient Data
Who: Columbia Surgical Specialists of Spokane # of Accounts Breached: 400,000 When it happened: January 9, 2019 What was affected: Patient names and, potentially, drivers’ license, social security numbers, and other protected health information. How it happened: The...
Email System at Navicent Health targeted in Cyber Attack
Who: Navicent Health When: 15 Mar 2019 # of records involved: 270,000 What happened: Navicent Health was the victim of a cyber attack that targeted its email system last July.How did it happen: Navicent Health was the victim of a cyber attack, in which an unauthorized...
Ransomware Attack Compromises Customer PHI at Direct Scripts
Who: Direct Scripts When: 13 Mar 2019 # of records involved: 9,319 What happened: Direct Scripts discovered that it was the victim of a ransomware attack that affected customers’ records. How did it happen: This ransomware attack locked the server that stored Direct...
Compromised Employee Email at MN Behavioral Health Center Allows Unauthorized Access
Who: Human Development Center When: 22 Mar 2019 # of records involved: Undetermined What happened: An employee’s email account was compromised and accessed by individuals outside HDC How did it happen: During a routine review of email logs on Jan. 25, it was...
Leaky Database at Third Party Medical Service Provider
Who: MediTab Software, Inc. When: 19 Mar 2019 # of records involved: Possibly up to 6 Million What happened: Meditab Software Inc. and MedPharm Services have suffered a massive breach of protected health information. How did it happen: Meditab also provides a fax...
Third Party Research and Legal Outsourcing Services Responsible for Leaky Legal Database
Who: Lex Machina or LexVisio When: 15 Mar 2019 # of records involved: 257,287 legal documents What happened: A database containing 257,287 legal documents, with some marked as "not designated for publication," was left exposed on the public internet without a...
Indian Political Parties Charge That IT Grid Officials Stole or Manipulated Data
Who: ITGrids When: 4 Mar 2019 # of records involved: The Aadhaar details of as many as 7.82 crore Indians have been found in possession of IT Grids Pvt. Ltd. What happened: Four company officials are believed to have stolen the data of about 3.5 crore people of Andhra...
Millions of Customer Records of e-Commerce giant Gearbest Exposed
Who: Gearbest When: 15 Mar 2019 # of records involved: 1.5 Million Customer Records What happened: An unsecured Elasticsearch server exposed information and orders of millions of its customers. How did it happen: The server was not protected with a password and anyone...