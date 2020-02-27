Company Information Affected

ClevGuard (Cyprus) Developer Till Kottmann discovered a publicly accessible database hosted on Alibaba cloud storage that contained data collected by the spyware app KidsGuard. The name of the database suggests that only data collected from Android devices was stored on it. It has since been closed. The app itself, developed by ClevGuard, masquerades as an Android ‘system update’ app after installation and is not visible to the victim. An analysis by TechCrunch found that the app nearly continually collects data from a victim’s phone, including photos, videos, and recordings of phone calls. Unknown

Defense Information Systems Agency (US) In a letter, the US Defense Information Systems Agency (DISA) informed potentially affected individuals of a data breach that took place between May and July 2019. The letter states that personally identifiable information may have been compromised, including Social Security numbers, due to a breach on a system hosted by DISA. No evidence was found that any potentially stolen personal data has been misused. ~200,000

Overlake Medical Center (US) The private health information of about 109,000 Overlake Medical Center patients may have been compromised following a phishing attack on several employee email accounts. The attack was first discovered on December 9th, 2019. Potentially compromised data includes names, contact information, dates of birth, diagnoses, treatment information, and more. Social Security numbers and financial data were not affected. 109,000

Slickwraps (US) Security researcher Lynx discovered that a path traversal vulnerability in an upload script granted full access to the Slickwraps website, including to employee resumes, API credentials, 9GB of customer photos, and customer information. The exposed customer data included addresses, email addresses, phone numbers, hashed passwords and more. Following the public disclosure of the flaw, an unknown intruder exploited the issue and sent an email to 377,428 customers using the company’s ZenDesk help system. The email informed customers of the breach and urged them to contact Slickwraps. Unknown

Personal Touch Home Care (US) The home healthcare company filed data breach reports for 17 of its offices to HIPAA. The reports concern a data breach that occurred as a result of an attack on its cloud-based electronic health records vendor, Crossroads Technologies, in December 2019. Potentially exposed data includes names, addresses, telephone numbers, dates of birth, Social Security numbers, medical treatment information and insurance information. 156,409

Ministry of Education (Canada) An investigation by the Sûreté du Québec found that the private data of 360,000 teachers in Quebec may have been stolen in a data breach. The investigation revealed that two men from Montreal, who were arrested for identity theft in 2018, had had access to a database containing the personal details. According to Quebec’s Treasury Board, the attackers gained access to the database via a stolen user code and password. 360,000

Tetrad (US) Researchers at UpGuard identified an Amazon S3 bucket that belonged to market analysis company Tetrad. The data came from sources such as Experian Mosaic, Claritas/Nielsen’s Prizm, and Tetrad clients such as Chipotle and Kate Spade. Each data set contained a variety of information which could be used to construct profiles for marketing purposes. Three large files contained 130 million rows of Mosaic data related to US households. The exposed information included addresses, names, gender, and a code assigned by Mosaic. The database was closed by Tetrad on February 10th, 2020. >120,000,000

Ordnance Survey (UK) A system breach, most likely resulting from a phishing attack, was discovered at Ordnance Survey in January 2020. According to Verdict, the attacker may have compromised the email account of the chief financial officer to send payroll files to an external email address. Ordnance Survey did not disclose when the breach started or what type of data was compromised. About 1,000 employees are believed to be affected, of which less than five could ‘potentially’ have had their bank details compromised. No customer data was impacted. 1,000

Samsung (South Korea) A Samsung spokesperson told The Register that the details of less than 150 users were displayed to other customers due to a technical error. The incident impacted customers who used Samsung’s UK websites. The information was displayed after a random ‘Find My Mobile’ notification was sent to customers, however, a Samsung spokesperson stated that the two events are not linked. 150

Pacific Speciality Insurance Company (US) Company stated that they found suspicious activity on an employee email account on June 14th, 2019. An investigation revealed that an unauthorised party had access to the accounts between March 20th and March 30th, 2019. Potentially exposed information includes customer names, Social Security numbers, financial information, medical information, and more. Unknown

Decathlon Spain Researchers at vpnMentor discovered an unsecured database belonging to Decathlon Spain that was over 9GB in size and contained over 123 million records. Data from other regional Decathlons may also have been present, including data from Decathlon United Kingdom. Exposed data included employee usernames, unencrypted passwords, API logs, API username and unencrypted passwords, as well as personally identifiable information. Unencrypted email and login information of customers was also present. Unknown

Financial Conduct Authority (UK) The private information of complainants was accidently exposed by the UK Financial Conduct Authority (FCA) after a Freedom of Information request sought the number and nature of complaints lodged between January 2nd, 2018, and July 17th, 2019. The FCA discovered the exposed information in February 2020 and removed the data. The data, which was published as part of a spreadsheet in November 2019, exposed names and in some cases phone numbers and addresses. ~1,600

Transmit Security Inc (US/Israel) Attackers reportedly gained access to NextCloud, which is a file sharing support system that Transmit Security uses to distribute binaries to customers. A security researcher contacted some of Transmit Security’s customers to report unauthorised access to the exposed data, which included over a thousand email addresses, phone numbers and other sensitive information. The researcher also stated that passwords were affected, however, Transmit Security have denied this. The breach also impacted source code, binaries, and emails communicated between Transmit Security and clients. Unknown

Remine (US) A misconfiguration was discovered in Remine’s development environment, which allowed anyone outside the company to register an account and log in. The space contained private keys, secrets and passwords which were accessible to anyone, and could have allowed access to the company’s Amazon Web Services storage servers, databases and the company’s private Slack. The storage servers contained information including title deeds, rent agreements and addresses of customers and sellers. One document reportedly contained personal information such as names, home addresses and other sensitive information belonging to a rental tenant. Unknown

United Regional Health Care (US) The Texas-based company acknowledged a data breach incident relating to an unauthorised party accessing an employee email account in July 2019. An investigation revealed that patient information could have been accessed through the account. The organisation stated that there was no evidence to suggest that the data had been viewed or misused. Unknown

Clearview AI (US) The Daily Beast reported that Clearview AI, which specialises in facial-recognition technology, informed its customers of an unauthorised party gaining access to company data. Data exposed during the incident included the company’s list of customers, the number of user accounts each customer had, and the number of searches performed by customers. The company asserted that the incident did not compromise Clearview AI’s systems or networks. Unknown

Rotherwood Healthcare (US) An unidentified security researcher discovered an open Amazon Web Services S3 bucket belonging to the Rotherwood Care Group, trading as Rotherwood Healthcare. The unsecured bucket exposed 10,000 records that contained staff, patient, and company information. The files contained care plans which listed patient names, health conditions and their resuscitation choices. The bucket also contained scans of employees’ passports and birth certificates, and emails from the council detailing how much was paid for residents’ care. Unknown

Rady’s Children’s Hospital (US) The San Diego hospital notified affected patients of unauthorized access to their information via an open port on the Internet. The unauthorized access first occurred in June 2019 and was discovered in January 2020. The affected information includes patient names, gender, and type and date of imaging studies. In some cases, impacted information also included the date of birth, medical record number, description of the imaging studies, and the referring physician’s name. Unknown

Advocate Aurora (US) The Illinois- and Wisconsin-based health system disclosed a data breach that may have affected the personal information of some current and former employees. This information includes employee Social Security numbers and bank accounts. According to their statement, the incident was the result of an email phishing campaign leading to an unauthorized party having temporary access to Advocate Aurora’s human resource system. Unknown

Bretagne Télécom (France) Bretagne Télécom was targeted in a DoppelPaymer ransomware attack, in which the perpetrators exploited the Citrix vulnerability CVE-2019-19781. According to the company, the attackers managed to compromise its servers before patches for the flaw were made available. Some of the company’s data has since been uploaded to the DoppelPaymer operator’s recently launched website Dopple Leaks. Unknown