Data Leaks of the Week – June 21, 2019

News

Avatar CybelAngel • June 21, 2019

A curated list of the top stories of the week concerning data leaks and digital threats.

Oregon DHS sending 645,000 notices of data breach

By KTVZ Team, June 18, 2019, KTVZ

The Oregon Department of Human Services announced Tuesday it is sending notices by mail to approximately 645,000 clients, notifying them that their personal information was compromised during a previously announced January data breach. The DHS said it is providing 12 months of identity theft monitoring and recovery services, including a $1 million insurance reimbursement policy, to individuals whose information was accessible.

Data breach forces medical debt collector AMCA to file for bankruptcy protection

By Charlie Osborne, June 19, 2019, ZDNet

US medical bill and debt collector American Medical Collection Agency (AMCA) has filed for bankruptcy protection in the aftermath of a disastrous data breach. At least 20 million US citizens have been impacted by the security incident, in which the hacker responsible ransacked AMCA’s internal systems to pillage user data including names, Social Security numbers, addresses, dates of birth, and payment card information.

Mermaids transgender charity data breach exposed confidential emails

By Charlie Osborne, June 17, 2019, ZDNet

Mermaids UK has apologized for an “inadvertent” data breach which exposed private messages between the charity and the parents of gender variant and transgender children. Over 1,000 pages of confidential emails were leaked online, including “intimate details of the vulnerable youngsters it [the charity] seeks to help.” The letters, sent between 2016 and 2017, also contained the names, addresses, and telephone numbers of those reaching out to the charity.

Job portal database exposed

By Jim Wilson, June 17, 2019, Safety Detective

A research lab discovered a leak online that exposed an elastic server containing 3GB of data with over 1.6 million users affected. The database exposed personal contact information and other PII for employers and job seekers alike. With ethnic background, gender, and other potentially sensitive information about high profile professionals, it may be possible for malefactors to utilize this as a method for blackmail, and they can also use this data for a massive phishing campaign.

Missouri Southern State University suffered data breach following phishing attack

By Abeerah Hashim, June 18, 2019, Latest Hacking News

The Missouri Southern State University (MSSU) has disclosed a security incident following a phishing attack. The security attack followed a phishing email that targeted several employees. The details contained in the emails and attachments with the compromised accounts included first names, last names, birth dates, phone numbers, email addresses, home addresses, and Social Security numbers.

Leaks are inevitable. Damage is optional.
Where has your enterprise's data leaked to?

See Your Data Leaks