Data Leaks of the Week – July 26, 2019

News

Avatar CybelAngel • July 26, 2019

A curated list of the top stories of the week concerning data leaks and digital threats.

Brazilian banking users exposed by 250GB data leak

By Angelica Mari, July 25, 2019, ZDNet

An unprotected server belonging to a Brazilian financial services firm exposed customers’ personal information, including IDs and social security cards, as well as documents provided as proof of address and service request forms.

Crypto loans firm left thousands of users’ financial data exposed

By Daniel Palmer, July 25, 2019, Coindesk

Cryptocurrency loans platform YouHodler exposed 86 million records containing private financial data belonging to thousands of users. These records included users’ names, email addresses, home addresses, phone numbers, birthdays, credit card numbers, CVV numbers, bank details, and crypto wallet addresses.

Swedish crypto exchange QuickBit leak spills 300,000 customer records

By Benjamin Vitáris, July 26, 2019, CCN

Swedish crypto exchange QuickBit confirmed that 300,000 records were leaked from a MongoDB database left exposed by a third-party contractor during a security update.

AMCA breach: many more impacted healthcare firms come forward

By Eduard Kovacs, July 22, 2019, SecurityWeek

Several healthcare companies in the United States informed customers that they had been impacted by a data breach suffered by the American Medical Collection Agency. Threat actors gained access to some customers’ names, addresses, phone numbers, dates of birth, dates of service, balance information, payment card or banking information, and treatment provider information.

Equipment benefits administrator reports data breach

By Marianne Kolbasuk McGee, July 24, 2019, InfoRiskToday

A medical equipment benefits administrator reported a large health data breach affecting both patients and healthcare providers. The information impacted could include names, addresses, dates of birth, dates of service, provider names, medical record numbers, patient identification numbers, medical device descriptions, diagnoses, diagnosis codes, treatment information, member health plan identification, and in a very small number of instances, Social Security numbers and driver’s license numbers.

Cancer Treatment Centers of America alerts 3,900 patients of data breach

By Mackenzie Garrity, July 22, 2019, Becker’s Hospital Review

Cancer Treatment Centers of America discovered that an employee’s email account was compromised in a phishing attack. The compromised information may include addresses, phone numbers, dates of birth, medical record numbers, other patient identifiers, medical information, and health insurance information.

Phishing attack: students’ personal information stolen in university data breach

By Danny Palmer, July 23, 2019, ZDNet

Threat actors have stolen the personal data of prospective and current students at Lancaster University after gaining access to databases that contained personal information, including names, addresses, telephone numbers, and email addresses.

Russia’s secret intelligence agency hacked: ‘largest data breach in its history’

By Zak Doffman, July 20, 2019, Forbes

Threat actors have successfully stolen 7.5 terabytes of data from a major contractor of FSB—Russia’s Federal Security Service. These threat actors exposed secret FSB projects to de-anonymize Tor browsing, scrape social media, and help the state split its internet off from the rest of the world.

Leaks are inevitable. Damage is optional.
Where has your enterprise's data leaked to?

See Your Data Leaks