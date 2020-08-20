Company Information Affected

Metropolitan Community College of Kansas City (US) An investigation into a recent ransomware attack revealed that attackers may have had access to the personal data of students and employees from March 10th through June 4th, 2020. This includes names, Social Security numbers, drivers’ license information, and more. It could not be determined whether any data was exfiltrated by the attacker. Unknown

Multiple Websites (US) On August 10th, 2020, a threat actor posted databases from a range of sites based out of Utah. The hacker claimed that the databases contained 195,651 user records from Utah Gun Exchange, 45,956 user records from the Utah Gun Exchange’s video site, 24,666 user records from Deep Jungle Kratom, and 15,726 user records from Muley Freak. The exposed data varies between each site. Unknown

Unknown (US) A misconfigured Amazon S3 storage bucket containing more than 61,000 patient records was discovered online. The accessible data, which totalled 33GB, was composed of scanned faxes containing medical records. The impacted patients were seen by or involved with BioTel Heart, however, the faxes appear to be handled by SplashRx/HealthSplash. The data may have been accessible since May 2019. Unknown

CIBanco SA (Mexico) In a blogpost, the operators of REvil ransomware claim to have breached CIBanco SA and released ‘Part 1’ of data allegedly stolen from the bank. The group also threatened to publish more data in a further two instalments. The current data leak is relatively small in size and includes sensitive company information, such as bureau credit reports, industrial analysis reports, and more. Unknown

GCKey services and Canada Revenue Agency Credential stuffing attacks were carried out to target passwords and usernames of 9,041 GCKey accounts, which were then used to try and gain access to government services. A third of the attacks successfully accessed targeted services. The GCKey attack and another similar incident also targeted 5,500 CRA accounts. Access to the targeted accounts, which contain taxpayer information, has been disabled. 14,541

Brown-Forman (US) On August 14th, 2020, the operators of Sodinokibi ransomware stated that they had spent over a month examining the company’s cloud data storage, general structure, and user services. The attackers claim to have stolen roughly 1TB of data, including contracts, internal correspondence, financial statements, and more. The company confirmed the attack and exfiltration of data. Unknown

Momentum Metropolitan (South Africa) The company stated that the attackers managed to steal information related to administrative and financial data at one of its subsidiaries on August 13th, 2020. No client information was stolen. Unknown

Multiple Organisations According to The Straits Times, documents containing military-related information were stolen from a number of countries and defence contractors and have now been leaked on the dark web. The data was reportedly stolen from hacked email accounts of military personnel. Leaked data includes documents from the Royal Malaysian Navy, the US army and US Air Force, as well as the Nigerian navy. Unknown

Arabian Industries LLC (Oman) Maze ransomware operators claim to have successfully targeted the company and have leaked 1.8GB of data. The exposed information contains records of completed and ongoing jobs dating back three years, purchase orders, employee contracts, and more. The leak has also exposed bank-related documents of The Oman Construction Company LLC. The hackers claim that they have published 5% of stolen data. Unknown

Multiple Healthcare Companies (US) DataBreaches[.]net, in collaboration with security researcher Jelle Ursem, published a report into Ursem’s discovery of nine US entities leaking patient records on GitHub. The data came from Xybion, MedPro Billing, Texas Physician House Calls, VirMedica, MaineCare, Waystar, Shields Health Care Group, AccQData, whilst the ninth entity has not been named as the data has not been secured. 200,000

Ritz (UK) The Ritz is investigating a potential data breach with its food and beverage reservation system after customers who had already made reservations were contacted by scammers posing as hotel staff. The fraudster possessed the exact details of their victims’ bookings and requested that they confirm card details. Unknown

Carnival Corporation (UK and US) On August 15th, 2020, Carnival Corporation and Carnival plc reported that a ransomware attack was detected on one of its brand’s IT systems, which accessed and encrypted data. The personal data of guests and employees was reportedly impacted. Bad Packets stated that Carnival used multiple Citrix servers that are vulnerable to CVE-2019-19781, and Palo Alto Network firewalls that are impacted by CVE-2020-2021. Unknown

Interstate Restoration (US) Maze ransomware published about 800MB of data they supposedly stole from the company. The leaked data includes details about current and former employees, such as employment agreements, background checks, and more, as well as company data, including trademark agreements, asset purchase agreements, and more. The group claims this to be about 5% of the total data stolen. Unknown

Hoa Sen Group (Vietnam) Maze ransomware operators posted about 1.64GB of data that they claim to have stolen from the steel sheet company. The group claims that this represents about 5% of the total stolen data. The leaked data consists of employee-related data, including photos of employees, resumes, academic documents, identity cards, and more. Unknown

New South Wales Police (Australia) Following a complaint filed by Samuel Leighton-Dore regarding an incident at a Sydney Black Lives Matter protest, the New South Wales Police Force accidentally sent out an email containing the email addresses of over 150 complainants who had contacted them about the same matter. 150

Cense AI (India) Security researcher Jeremiah Fowler discovered an unsecured database that appeared to hold Cense client data and listed multiple clinics, insurance providers and accounts. The database has since been secured. It contained 2.5 million records of sensitive medical data and personally identifiable information, including names, insurance records, medical diagnosis notes, and more. Unknown

Aura Sequential Testing (US) According to an Albion College student, the AWS keys for the backend servers of the Android version of the COVID-19 tracing app were accessible within the app’s code. This allowed for access to backend data and virtual machines in the Amazon-hosted US-West-2 region, which included private health data. It remains unclear if data had already been compromised. Unknown

National Identity Management Commission (Nigeria) Mobile Identification Application (MWS) users reported several issues with the app, including missing sections of their identification information, or accessing someone else’s ID details instead of their own, thereby exposing the data of an unidentified number of individuals. Unknown

Royal Military College of Canada Following a ransomware attack against the college in July 2020, the operators of DoppelPaymer ransomware have begun leaking some of the data they claim to have stolen. The leak is about 1GB in size and contains documents related to donations made to RMC, purchase invoices of equipment and restaurant supplies, student acceptance and rejection letters, and more. Unknown

Pinnacle Clinical Research (US) Pinnacle Clinical Research detected a data breach in April 2020, when a company email account was accessed by an unauthorised actor. The potentially exposed data includes information such as names, mailing addresses, telephone numbers, medical history, and treatment information. In some cases, the data contained Social Security numbers, driver’s licence numbers, credit card information, associated PIN numbers, and similarly sensitive information. Unknown

Unknown (India) Cyble Inc researchers discovered a threat actor leaking 305,834 banking records, which appear to have come from an aggregator. The data consists of user records from Axis Bank and ICICI Bank, but the researchers found no evidence the companies were breached. The leaked data included customer names, dates of birth, mobile numbers, data medium exchange codes, cities of residence, credit card numbers, account numbers, and more. Unknown

Experian (South Africa) The South African branch of Experian confirmed a data breach in which a threat actor obtained private data by posing as a client. According to Sabric, the breach affects 24 million individuals and 793,749 businesses. The exposed data contained personal information, yet no financial or credit-related details were affected. Experian stated that the perpetrator had been identified and that authorities have secured the misappropriated data before it could be used for fraudulent purposes. Unknown