Cybersecurity

Canada – College of Nurses Ontario

The College of Nurses of Ontario (CNO), which oversees about 188,000 members, discovered that it had been impacted by ransomware on Sept. 8. CNO is still trying to figure out if the personal information of its 300 employees and 195,500 members has been compromised as has been reported by cybersecurity researchers who spotted information on…

Read more
Cybersecurity

United States – Garmin

Garmin has had a difficult and damaging week. A ransomware attack wreaked havoc on its operations and manufacturing capability, encrypting its internal network and some production systems. The company plans to deal with the mess a multi-day maintenance operation including shutting down many essential business components for restoration and security updates. Those components include its…

Read more
Cybersecurity

United Kingdom – CaptainU

Cybersecurity researchers recently uncovered an unsecured Amazon S3 (Simple Storage Service) bucket containing nearly 1 million records of sensitive high school student academic information. The exposed data included GPA, ACT, SAT, and PSAT scores, unofficial transcripts, student IDs, students’ and parents’ names, email addresses, home addresses, and phone numbers – plus pictures and videos of students’ athletic…

Read more
Cybersecurity

United States – National Cardiovascular Partners

Patient data was exposed after hackers were able to gain access to the Excel spreadsheet where it was stored through an employee account compromise. Undetected for over 3 weeks, the spreadsheet contained patient information, including names, contact information, and a host of other sensitive data that varied by patient. No word on what else the…

Read more
Cybersecurity

United Kingdom – BMW UK

A customer database containing information for BMW owners in the UK was recently discovered for sale by cybersecurity researchers, The database was offered in an underground forum by the Kelvin Security Group, a well-known hacking group responsible for several major data sales in the last few months. The available information included customer names, emails, addresses, vehicle numbers, dealer names, and other information. The…

Read more
Cybersecurity

United States – Twitter

Twitter sent a notification to business clients last week acknowledging a data breach that exposed the personal and billing information of some users. The breach occurred due to an issue that led to some users’ sensitive information being stored in the browser’s cache. Twitter explained that it recently became aware of this issue. Business users were warned that prior to May 20, 2020, if you viewed…

Read more
Cybersecurity

United States – Ambry Genetics

An employee failed to identify a phishing scam, interacting with the message and giving hackers access to patient data between January 22, 2020, and January 24, 2020. However, the incident wasn’t reported until March 22nd, as the company struggled to dedicate resources to cybersecurity while it transitioned to remote work. In total, the breach is…

Read more
Cybersecurity

United States – CivicSmart

A ransomware attack encrypted CivicSmart’s network and exfiltrated company and customer data. The attack, which took place in March, was identified when hackers threatened to publish 159 gigabytes of sensitive data online. To prevent publication, the company paid an undisclosed ransom, and the files were brought offline. However, CivicSmart can’t rest easy. Despite promises to delete the information, it’s…

Read more
Cybersecurity

United States – GoDaddy

A spear phishing attack tricked a customer service employee into providing information that ultimately allowed hackers to view and modify customer records. As a result, several GoDaddy clients, including Escrow.com, which provides escrow services for several prominent websites, were impacted. The breach will have costly implications for both GoDaddy and its customers, who will have to decide if…

Read more