Breach Guide

The 13 Biggest Data Breaches of 2019 (So Far)

Source: CRN
By: Michael Novinson
Published: July 16, 2019

* Nearly 31 million records were exposed in the 13 biggest breaches in the first half of 2019, with 11 of the top 13 breaches occurring at medical or healthcare organizations.

Facebook's Libra is a terrorist's best friend, thunders US Treasury: Crypto-coins dubbed 'national security risk'

Source: The Register
By: Kieren McCarthy
Published: July 15, 2019

* The US Treasury Secretary today put a big dent into Facebook's Libra cryptocurrency plans, by claiming it would be a "national security risk," as well as a likely source of money laundering for - among others - terrorists.
* Steven Mnuchin held a press conference to make sure his attack got wide coverage. In it, he criticized all cryptocurrencies for having "been exploited to support billions of dollars of illicit activity like cybercrime, tax evasion, extortion, ransomware, illicit drugs and human trafficking."

House passes bills to boost small business cybersecurity

Source: The Hill
By: Maggie Miller
Published: July 15, 2019

* The House passed legislation by voice vote on Monday intended to increase cybersecurity at the Small Business Administration (SBA) and separately approved a bill to help small businesses defend against cyber attacks.
* The SBA Cyber Awareness Act, sponsored primarily by Rep. Jason Crow (D-Colo.), would require the SBA to produce an annual report to Congress that assesses the quality of its information technology, and that details any equipment used by the SBA that was manufactured in China.

Evite Invites Over 100 Million People to Their Data Breach

Source: Bleeping Computer
By: Lawrence Abrams
Published: July 15, 2019

* The data breach monitoring service Haveibeenpwned.com has added a database dump of almost 101 million Evite users who had their information exposed when attackers gained unauthorized access to their servers.
* In May 2019, Evite posted a data incident notice that disclosed an unauthorized third-party had gained access to their servers starting on February 22, 2019 and were able to access member's personal data. No financial information or social security numbers, though, were part of the breach.

Hackers Demand $2 Million From Monroe

Source: Inside Higher Ed
By: Lindsay McKenzie
Published: July 15, 2019

* A cyberattack disabled many of Monroe College's technology systems and platforms last week. * Students and faculty and staff members were locked out of the college's website, learning management system and email, with hackers demanding payment of around $2 million in Bitcoin to restore access.

GE anesthesia machines can be exposed to hackers: DHS

Source: FOX News
By: Brooke Crothers
Published: July 11, 2019

* GE anesthesia machines are ripe for tampering, according to a new DHS advisory.
* GE Healthcare is aware of the vulnerability, issuing a statement that says there is "potential ability to modify gas composition parameters...modify device time and silence alarms after the initial audible alarm," according to the GE Healthcare website.

Israel Cyber Body Issues Warning on AI Phishing Attack that Uses AI to Imitate Voices

Source: News18
By: IANS
Published: July 11, 2019

* In a warning, an Israeli cyber body has unearthed a new type of attack where hackers are using Artificial Intelligence (AI) technology to impersonate senior company executives.
* The main innovation is the attacking software, which learns to mimic the voice of a person defined for it and makes a conversation with an employee on behalf of the Chief Executive Officer (CEO).

People 'have no clue' how much data Facebook and Google collect, antitrust advocate says

Source: Yahoo! News
By: Jon Ward
Published: July 10, 2019

* Facebook and Google have reached so far into the private lives of their users without their knowledge that they are committing "a fraud on the American people," said a prominent advocate of stricter government regulation for the tech giants.
* "The amount of data that Facebook and Google are collecting about the average person is absolutely insane, massive, widespread, ubiquitous, and I think honestly, a fraud on the American people that the people don't understand that this is happening," said Sally Hubbard of the Open Markets Institute, an organization that advocates curbing the power of monopolies.

K12.com exposed 7 million student records for a week

Source: Engadget
By: AJ Dellinger
Published: July 10, 2019

* K12.com, an online education platform, inadvertently exposed the personal information of nearly seven million students, according to security researchers at Comparitech.
* The exposed database contained full names, email addresses, birthdates and gender identities, as well as the school that the students attend, authentication keys for accessing their accounts and other internal data.

Arlington Investigating Cyber Attack on County Payroll System

Source: ARLnow
By: FNU LNU
Published: July 10, 2019

* In a statement, the county says a number of employees were impacted by the intrusion, but did not specify the exact number or impacts. The intrusion appears to be the result of a "phishing" email targeting county employees and not a hack, the press release suggests.
* Arlington's cybersecurity division previously told ARLnow that it was staffing up and training county employees in light of the growing number of cyber attacks. The county budgeted $60,000 for the department to teach county employees how to avoid phishing emails, among other security best practices.