Compared to other months this year, August felt a little quiet in terms of data breaches. That does not mean, however, that hackers and identity thieves hung up their hats and found new professions. Though some may have been taking a little summer break, others were clearly still working full time.
In August, we saw a medical data breach at the nation’s largest OB/GYN practice, nearly 2 million voter records exposed, and multiple attempts to break into a premium cable network.
Here are the recent data breaches that were making headlines in August 2017:
Women’s Health Care Group of PA
In August, we learned that a data breach at the largest OB/GYN practice in the United States was found to be the third-largest reported this year to the U.S. Department of Health and Human Services—300,000 patients were affected. The Women’s Health Care Group of PA data breach was discovered in May, but patients were not notified until July 18.
At this point, only a few details about the breach have been made public. Ransomware was discovered in the group’s computer systems and may have been there as far back as January. The company said, “We have been unable to determine if any specific information was actually acquired or viewed in connection with this incident.” If information was taken, it likely would have included full names, addresses, dates of birth, and Social Security numbers.
August proved to be an extremely difficult month for the premium cable network, HBO. Hackers stole and leaked full episodes and scripts of upcoming shows, including the popular “Game of Thrones.” Entertainment Weekly reported that the hackers also claimed to have stolen approximately 1.5 terabytes of data containing financial statements, more shows, HR documents, and other sensitive information. A week later, HBO received a ransom letter from the hackers saying they’d only stop the leaks for one million dollars; they also included a screenshot to a file directory that implied they had access to information about other shows.
Later in the month, HBO accidentally breached itself. HBO Nordic and HBO España aired the week’s upcoming “Game of Thrones” for an hour, which gave people plenty of time to spread it around the Internet. This error appeared to originate with a third party vendor. Then, to close out the month, HBO’s social accounts were compromised by a company called OurMine. In that instance, they were able to regain control of their accounts within the hour.
Electronic Systems & Software
Electronic Systems & Software, a contractor that provides election equipment and software, exposed the personal information of about 1.8 million registered voters in Chicago. On August 11, a security researcher at Upguard discovered voter names, addresses, dates of birth, partial Social Security numbers, and other information exposed and publicly available on an Amazon cloud-computing server. Chicago election officials were notified on August 12 and the information was down within three hours. No one knows, however, how long the information was available online for anyone to take.
Electronic Systems & Software is reviewing all procedures and protocols, but right now, it’s impossible to know who may have gotten their hands on the exposed data.
Check back next month to stay up to date on the most recent data breaches.