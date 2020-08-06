Company Information Affected

Scentbird (US) Scentbird issued a data breach notification informing users that their names, email addresses, encrypted account passwords, and more, may have been exposed. 5,800,000

New Zealand Police The New Zealand Police announced that they had terminated their contract with research firm Gravitas, after data they sent the company was involved in a hacking incident. The information related to people who phoned the Police to report low level crimes such as burglary. The potentially exposed data contained names, phone numbers, addresses, and short descriptions of the crimes. 5,700

Flintshire County (UK) According to the Welsh county’s statement, the personal data of individuals who responded to a consultation were uploaded to the Local Development Plan section on the council’s website and left publicly exposed. The data included names and addresses. Unknown

Pivot Technology Solutions (Canada) The managed service provider reported that it suffered a ransomware attack last month that impacted data held by the parent company, its subsidiaries, and former and current affiliates. The perpetrators weren’t able to encrypt any of the files but managed to access sensitive data of US employees and consultants, including names, addresses, dates of birth, banking details, Social Security numbers, and more. Unknown

IndieFlix (US) CyberNews researchers discovered an unsecured data bucket on a publicly accessible Amazon S3 server that contained 90,000 files. This includes confidential motion picture acquisition agreements, tax ID requests including filmmakers’ Social Security numbers and employer identification numbers, contact information of film professionals, and thousands of video files and movie clips. Unknown

Gujarat Technological University (India) Students of the university complained that their personal details were leaked on GTU’s website during mock tests that were held on July 28th. The data that was allegedly leaked contained college IDs, government IDs, including PAN or Aadhaar cards, and potentially bank account information. Unknown

Government of Iran Lists and medical records leaked to the BBC by an anonymous source included names, age, gender, symptoms, time spent in hospital, and more. The leaked files revealed that the Iranian government’s coronavirus death toll stood at nearly 42,000 as of July 20th, 2020. The figure that was publicly reported by the health ministry was only 14,405. Unknown

CWT (US) The travel agency confirmed it suffered a ransomware attack, which according to security researcher ‘JAMESWT’ involved Ragnar Locker. JAMESWT also stated that the attackers demanded $4.5 million in Bitcoin in return for recovering 2TB of data. This includes information of CWT’s clients such as AXA Equitable, Abbot Laboratories, AIG, Amazon, Boston Scientific, Facebook, and others. Unknown

Havenly (US) The interior design website stated that it suffered a data breach after a database containing 1.3 million user records was leaked on a hacker forum. The database contained users’ logins, full names, MD5 hashed passwords, email addresses, phone numbers, ZIP, and other data related to the usage of the site. Unknown

Sheldon Independent School District (US) The Texas-based school district notified current and former staff and students of an incident in which an unauthorised party accessed their computer network and was able to view and download documents. The affected information includes student names, year in school, school name, teacher name, sex, race, and more. Unknown

Kiwibank (New Zealand) The bank sent 4,200 customers an email or bank statement with their own account number, name and address, but another customer’s transaction history. 4,200

Elkins Rehabilitation & Care Center (US) The West Virginia-based nursing home is notifying residents and employees of a data breach that was discovered in February 2019 and involved unauthorised access to some employee email accounts. The affected data included first and last names, limited protected health information, and more. Unknown

Zello (US) On July 8th, 2020, Zello identified unusual activity on one of their servers. The company stated that it was possible that the intruder could have accessed the hashed passwords and email addresses employed by users on their Zello accounts. Zello asserted that they have no evidence that accounts have been improperly accessed. Unknown

The Blacklist Alliance (US) The Blacklist Alliance leaked client information via its own website. The exposed data, which was available until last week, included API keys, phone numbers, employer, username and MD5 hashed passwords for 388 Blacklist customers. The site also exposed thousands of documents, emails, images, spreadsheets, and names tied to mobile phone numbers. Unknown

Summit Medical Associates (US) The Indiana-based clinic was hit by a ransomware attack on June 5th, 2020. An investigation revealed that an unauthorised individual may have accessed its servers between January 24th and June 5th, 2020. The servers contained private patient data, including names, medical information, and Social Security numbers. No evidence was found to suggest that the data was accessed or stolen. Unknown

Beaumont Health (US) On July 25th, 2020, Beaumont Health began to notify its patients of a data breach incident caused by a phishing attack. An investigation revealed that an unauthorised individual accessed employee email accounts between January 3rd and January 29th, 2020. Data accessible through the compromised accounts included patient names, dates of birth, diagnosis codes, treatment locations, prescription information, and more. 6,000

British Dental Association (UK) The British Dental Association (BDA) notified its members of an attack against its servers, during which the attacker may have stolen private member data. The attack was first discovered on July 30th, 2020, after the trade union’s website went offline. Names, contact details, transaction histories, direct debit details, including account numbers and sort codes, logs of correspondence, and notes of cases lodged with BDA may have been accessed. Unknown

UberEats (US) Researchers at Cyble reported that a threat actor leaked nine TXT files containing details of UberEats drivers, delivery partners, and customers. The leak included login credentials for 579 UberEats customers, as well as login credentials, names, contact numbers, bank card details, trip details, and account creation dates of 100 delivery drivers. ~700

Allison-Smith Company LLC (US) The operators of REvil ransomware claim to have breached Allison-Smith Company LLC and shared screenshots and sample data as proof of their attack. This includes electrical commercial permits, certificates of liability insurance, accounting data folders, and more. The attackers have threatened to release more data. Unknown

Netzsch Group (Germany) Clop ransomware operators published a leak post in which they claim to have obtained sensitive data belonging to the Netzsch Group. Screenshots and a sample leak were uploaded as evidence, which includes email conversations, personal images, multiple users’ details, and more. The operators also threatened to release a large amount of the data on August 4th, 2020. Unknown

Canon (US) Canon issued a company-wide notification informing its employees that Canon USA was ‘experiencing widespread system issues affecting multiple applications.’ Bleeping Computer obtained a partial screenshot which allegedly shows a ransomware note displayed on Canon systems by Maze ransomware, whose operators have since claimed responsibility. The attackers claim to have exfiltrated 10TB of data. Unknown

Corporate Renaissance Group (Canada) The operators of Netwalker ransomware claim to have breached the Corporate Renaissance Group and posted screenshots on their blog as proof. The screenshots show data folders that appear to include credit card statements, accounting documents, company policies, client data, and more. Unknown