IKANOW’s major breach index along with a recap of the major data breaches that took place in April 2015 are listed below.
HSBC Financial Corporation – Unknown # of records – Accidental Loss
The financial services company discovered the breach on March 27th and began sending letters to their customers on April 9th. The breach affected 10 HSBC subsidiaries and compromised social security numbers, account numbers, and some phone numbers. The data was accidentally made available online.
“HSBC regrets this incident, and we take our responsibility for the security of customer information very seriously,” said bank spokesman Rob Sherman in a statement. “We responded immediately to ensure the information was no longer publicly accessible on the Internet, and are notifying all affected customers as well as offering one year of free credit monitoring. We have also implemented additional security measures designed to prevent a recurrence of such an incident.”
Lufthansa Airlines – Unknown # of records – Hacked
Deutsche Lufthansa AG, the largest airline in Europe, has reported that is its website was hacked and customer data compromised. The attackers stole frequent flyer miles in order to obtain vouchers and redeem awards.
It is believed the hackers used a botnet attack to crack and match passwords.
Costa Coffee – Unknown # of records – Hacked
Costa Coffee, a British multinational coffeehouse company headquartered in Dunstable, United Kingdom, is warning customers it may have suffered a security breach.
The Register contacted Costa after readers alerted us to the breach.
A spokesperson offered the following statement: “We can confirm contact information from a very small number of loyalty card holders (around 0.02 per cent) was accessed. We do not hold any financial data on the Costa loyalty card system. We immediately contacted the customers affected and we are continuing to remain vigilant.”
Philadelphia Fire Department – 82,000 records exposed – Insider Threat
Philadelphia ambulance patients may be at risk after a rogue Intermedix employee (Advanced Data Processing Inc alias) disclosed account information in a fraudulent IRS tax return scheme in 2012. This breach affected more than 20 agencies in 17 states, including the Philly Fire Department.
This insider illegally distributed patient names, birth dates, dates of service, social security numbers and more.
Auburn University – 370,000 records exposed – Accidental Loss
Auburn University is investigating a data security incident that could have exposed the personal information of about 370,000 current, former and prospective students.
The university learned on March 2nd that some information stored on one of their servers mistakenly became accessible online. They have launched an investigation to correct this issue however the university hasn’t seen any evidence that the information was misused.
Seton Healthcare Family – 39,000 records exposed – Hacked
Seton Healthcare Family, also known as Seton Family of Hospitals, is a Roman Catholic-affiliated hospital network in the Greater Austin area. Seton was the victim of a phishing attack targeting employee emails. About 39,000 patients received letters about the breach in which hackers accessed patient information, such as – demographics, record numbers, insurance information, and social security numbers.
Once discovered, usernames and passwords were immediately shut down. Computer experts were able to conduct an analysis of information contained in the affected email accounts, determine the scope of the incident and identify all the individuals affected.
SendGrid – Unknown # of records – Hacked
The SendGrid account of a Bitcoin-related customer was compromised and used to send phishing emails. The hackers accessed an employee’s account and were able to get usernames, email addresses and hash passwords of customers.
After a forensic investigation, there wasn’t evidence that the customers email lists or contact information were stolen. The attack was discovered after an April 8 hack against a customer, reported by The New York Times, in an apparent attempt to steal cryptocurrency.
Saint Agnes Healthcare – 25,000 records exposed – Hacked
Hackers accessed information on about 25,000 patients from Saint Agnes, a 407-bed teaching hospital, with nursing home, and physician offices. Located in Baltimore. The breach was the result of an email phishing attack that targeted employee email accounts. Saint Agnes said it has sent letters to the 25,000 individuals notifying them of the incident. The hackers were able to get names, birth dates, gender, medical record numbers, insurance information and more.
Ryanair – $5 million stolen – Hacked
Ryanair Ltd. is an Irish low-cost airline headquartered in Swords, Dublin has been the victim of an attack where hackers managed to steal almost US $5 million via a fraudulent electronic transfer to a Chinese bank. Graham Cluley posted on HotforSecurity.com, “Additionally, no details of how the hack was perpetrated have been made public, although in a statement the airline says that it has taken steps to prevent a reoccurrence:
‘Ryanair confirms that it has investigated a fraudulent electronic transfer via a Chinese bank last week. The airline has been working with its banks and the relevant authorities and understands that the funds – less than $5 million – have now been frozen. The airline expects these funds to be repaid shortly, and has taken steps to ensure that this type of transfer cannot recur.’
Rakuten and LINE Corp – 7,850,000 records exposed – Hacked
The Metropolitan Police Department of Japan said that the IDs and passwords of several million online shoppers were found on a computer seized in an investigation of unauthorized access through proxy servers by a Chinese group. Shopping mall operator, Rakuten and messaging application LINE Corp are the organizations affected by this breach. The stolen information includes usernames, passwords, names, birth dates, and credit card numbers. Read more here.
TV5Monde – 100,000 records exposed – Hacked
Per BBC news, “The French television network TV5Monde says it has suffered an “unprecedented” attack from hackers claiming to belong to Islamic State (IS).”
It’s TV station, website, and social media accounts were all attacked. It took about 2 hours to regain control of the accounts.
“A message posted by the hackers on TV5Monde’s Facebook site read: “The CyberCaliphate continues its cyberjihad against the enemies of Islamic State.”
They replaced TV5Monde’s social media profile pictures with a masked Islamist fighter.
France is part of the US-led coalition carrying out air strikes against IS in Iraq and Syria.”
Click on one of the buttons below to help prevent your organization from being on this list in the future.VISIT THE LEARNING LIBRARY