The month of hearts and flowers didn’t only have Valentine’s Day lodged in the center — we also had a number of data breaches to worry about.
Here are the top breaches that were making headlines in February 2016:
University of Central Florida
A recent data breach at the University of Central Florida (UCF) shows that even educational institutions aren’t immune to hackers.
In an announcement about the incident, UCF President John C. Hitt said the breach was discovered in January and reported to law enforcement. An initial investigation has indicated that hackers gained unauthorized access to social security numbers for 63,000 current and former students, staff and faculty members. However, they did not get access to credit card information, medical records, or grades.
The breach is similar to other major attacks at universities in the past couple years, which have affected institutions like University of Maryland, North Dakota University, and Arkansas State University.
Radiology Regional Center
With the prevalence of medical identity theft, it’s no surprise that cyber attacks on healthcare systems and insurance companies are increasing. But it looks like the tried-and-true method of going through the trash still works, too.
At the Radiology Regional Center in Fort Myers, Fla., the records of more than 483,000 individuals were exposed because of improper disposal of paper files. Recently announcing the breach, the company noted that a disposal truck accidently “released” records onto the street because the driver failed to properly secure the container door.
Just after Christmas, hackers attempted to access online Neiman Marcus accounts by using software that automated various login and password combinations, the retailer announced recently.
Although only about 5,000 accounts were compromised, security experts noted that the incident puts a spotlight on the vulnerabilities than can crop up with using only usernames and passwords for online authentication. Multiple verification strategies like biometrics and two-factor authentication can help prevent breaches, and in turn, lower identity theft risks.
Although the VTech data breach happened in December, the company recently took an interesting approach that’s worth noting, since other companies may decide to go the same route.
Rather than issuing the type of apology we’re used to seeing, along with promises to investigate, VTech announced that European customers will now have to agree to a Terms of Service clause that basically punts responsibility onto the user, not the company. The sentence notes, “You acknowledge and agree that any information you send or receive during your use of the site may not be secure and may be intercepted or later acquired by unauthorized parties.”
Despite widespread backlash, VTech is keeping the clause. For consumers, this serves as a good reminder to read privacy policies before giving information to an online source. This is particularly important with kid-centric sites like VTech, since child identity theft continues to be a major problem.
Check back next month to stay up to date on the most recent data breaches.