- The Division of Public Health announced a data breach Sunday affecting approximately 10,000 people, although the agency noted there is no evidence of any attempt to misuse any of the information.
- According to DPH, a temporary agency staffer accidentally sent unencrypted emails containing COVID-19 test results for around 10,000 Delawareans on Aug. 13 and Aug. 20 to an unauthorized user. The Aug. 13 email included test results for individuals tested between July 16 and Aug. 10, while the Aug. 20 email had results for people tested on Aug. 15.
- The emails, meant for distribution to call center staff who assist individuals in obtaining their test results, were sent to a single unauthorized user by mistake.
- Matt Bittle | November 15, 2020
- “It’s all too easy to get caught up in the headlining data breaches that we’re seeing so frequently today and to think “we’re not that dumb””
- Criminals are lazy. They won’t fight tooth and nail to get into a target if they can sneak in elsewhere, and oftentimes, the job is actually made quite easy for them.
- Whether it’s ransomware, malware, SQL injection or even phishing, it seems as though we’re reading about brand new breaches every few days.
- Protecting modern IT systems is surprisingly easy.
- First, it all starts with an attitude to not be apathetic about security, to not assume that “everything will be ok” when using default settings for software and hardware.
- Second, it is important to discard the obsolete notions that the default behavior of security systems is to trust everybody.
- Kevin Kline | November 13, 2020
- Vertafore claimed in a notification this week that, due to human error, three files were stored in an unsecured third-party service which was subsequently accessed without authorization.
- The firm was unable to say exactly when this happened — only that it occurred at some point between March 11 and August 1. Having detected the incident in mid-August, it’s unclear why it then took the firm three months to notify those affected.
- “The files, which included driver information for licenses issued before February 2019, contained Texas driver license numbers, as well as names, dates of birth, addresses and vehicle registration histories..."
- The firm said in its FAQs that “we are not aware of any way this information could be used to commit fraud.
- Phil Muncaster | November 13, 2020
- With remote workers facing distractions from childcare to delivery drivers ringing the doorbell, employees are likely to make simple mistakes such as sending an email to the wrong person, possibly exposing sensitive data.
- Due to the pandemic, 93% of businesses have reported an increase in outbound emails, with one-in-two IT leaders reporting an increase of over 50%.
- Data breaches as a result of outbound email are often overlooked and underreported, meaning businesses and people aren’t aware of the true scale of the problem. In fact, the ICO recently reported misdirected emails are the #1 cause of categorised incidents reported, and responsible for 44% more incidents than phishing attacks.
- The breach was uncovered by Website Planet, which found that Prestige Software, a company responsible for a hotel reservation system used by booking.com and Expedia, had been storing years’ worth of credit card data from hotel guests and travel agents without any protection in place.
- Extremely sensitive data from as far back as 2013 was being incorrectly stored, with details including credit card and CVV numbers, full names, addresses and ID numbers of guests and comprehensive details about customers’ reservations all unprotected.
- Other companies that use Cloud Hospitality and whose customers may have been at risk include Agoda, Amadeus, Hotels.com, Hotelbeds, Omnibees and Sabre.
- Helen Coffey | November 11, 2020
San Diego Cyber Incident Response Guide
Learn more about San Diego’s region-wide cyber incident response guide and available local, state and federal resources.