2019 Breaches
Hackers breach e-Ticketing systems at 8 Major Airlines
Who: E-ticketing systems at Eight Airlines When: Reported 12 Mar 2019 # of records involved: undetermined What happened: Hackers intercept passengers Personally Identifiable Information (PII) using website link vulnerability. How did it happen: 8 major airlines...
Third Party Vendor Responsible for Release of Zoll’s Patients Information
Who: ZOLL Medical Corporation When: Reported 18 March 2019 # of records involved: 277,319 What happened: ZOLL discovered that some email archived by an unnamed third-party service provider been exposed during a server migration. How did it happen: Third-party service...
Publicly Accessible BOX folders leave Companies Vulnerable to Hackers
Who: 90 Major tech companies and Corporate Giants When: 8 Mar 2019 # of records involved: Undetermined What happened: Major tech companies and Corporate giants left data inadvertently exposed. How did it happen: Dozens of companies inadvertently leaking sensitive...
Ransomware Infects Records at Plastic Surgery and Skin Clinics
Who: Maffi Clinics When: 15 Mar 2019 # of records involved:10,500 Patient Records What happened: Maffi Clinics, Arizona, have revealed that a ransomware attack on their servers compromised the files of nearly 10,500 patients. How did it happen: Maffi Clinics, a...
Large Data Breach affects Chicago Hospital Chain
Who: RUSH Hospitals and Medical Centers When: 4 March 2019 # of records involved: 45,000 Patients What happened: The personal information of about 45,000 Rush patients may have been compromised in a data breach How did it happen: The exposed data may include names,...
School Department transfers Teacher PII Data to Testing Company
Who: Worcester School Department When: 8 Mar 2019 # of records involved: 2000 teachers What happened: The district’s IT department opted to use the last four digits of employees’ Social Security numbers as a password for their entry to a portal run by a testing...
Unencrypted and Unauthenticated Implantable Medical Devices Hackable
Who: Medtronic When: 21 March 2019 # of records involved: What happened: Critical flaw lets hackers control lifesaving devices implanted inside patients How did it happen: The federal government on Thursday warned of a serious flaw in Medtronic cardio defibrillators...
Title: NJ Students Gain Access to School Computers
Who: Elizabeth NJ Public School System When: Mar 22, 2019 # of records involved: Limited What happened: Several high school students are in hot water after they were able to log into their schools’ computer systems to change grades and attendance records. How did it...
CT Substance Abuse Counselor Stole Client Data for Personal Use
Who: An Unidentified Substance Use Disorder Treatment Center in North Haven, CT When: 19 March 2019 # of records involved: Limited number What happened: An employee of a substance use disorder treatment center in North Haven who is accused of stealing patients’...
Third Party Vendors Store Facebook Data on Unencrypted AWS Server
Who: Facebook When: April 3, 2019 # of records involved: 540 Million records What happened: Two third-party companies that had collected Facebook data on their own servers. How did it happen: Two Amazon cloud servers storing over 540 million Facebook-related records...
Third Party EMR Vendor Experiences Massive Breach
Who: Meditab Software Inc. and MedPharm Services When: Mar 19, 2019 # of records involved: 6,000,000 Medical records of 2,200 healthcare hospitals, pharmacies, and doctors offices) What happened: Meditab provides the electronic medical record (EMR) and practice...
Burgler’s Steal Four Desktop Computers from an Oklahoma Heart Hospital Clinic
Who: Oklahoma Heart Hospital # of Accounts Breached: 1,221 patients What was affected: Patient information like names, dates of birth, addresses, phone numbers, and clinical information. When it happened: January 2019 How it happened: A January burglary resulted in...
Islamic Bank Breached through Internal Systems
Who: Meezan Bank # of Accounts Breached: 260,000 Card Present payment cards What was affected: Card Present payment cards When it happened: Between October 26, 2018 and February 25, 2019 How it happened: Over the past few months, there have been reports suggesting...
700 Companies Served by Third Party Healthcare Provider Breached
Who: Wolverine Solutions # of Accounts Breached: More than 700 companies and 1.2 million patients. What was affected: Individual patient information (names, addresses, dates of birth, social security numbers, insurance contract information and numbers, phone numbers,...
Hackers Sell Company Websites Data on Dark Web
Who: Dubsmash, MyFitnessPal, MyHeritage, ShareThis, HauteLook, Animoto, EyeEm, 8fit, Whitepages, Fotolog, 500px, Armor Games, BookMate, CoffeeMeetsBagel, Artsy, and DataCamp. # of Accounts Breached: 617 million Dubsmash (162 million), MyFitnessPal (151 million),...