Between Facebook and a unsecured database on an Microsoft cloud server, April saw two mega breaches exposing more than 600 million consumers. However, as we’ve become accustomed to, no industry was spared. Read on below to see if you or someone you know was affected.
Here are the recent data breaches that made headlines in April 2019:
Faculty, staff, students, and applicants of Georgia Tech had their personal information exposed in a data breach compromising 1.3 million individuals. Hackers accessed the school’s central database system and extracted people’s names, addresses, dates of birth, and Social Security Numbers.
In yet another data security incident, Facebook third-party apps left user data, including passwords, unprotected online. More than 540 million records including names, Facebook IDs, user activity, photos, events, groups, check-ins, and more were left on an unsecured server.
Patients of the Springfield, MA-based hospital BayState Health had their personal and protected health information exposed after several employees had their email accounts accessed through a phishing attack. Names, dates of birth, health information, and some Medicare and Social Security numbers were included in the breach.
In another healthcare phishing attack, South Carolina’s Prisma Health experienced a data breach to the tune of 23,811 patients. Names, health insurance information, Social Security numbers, and financial information were exposed as a result.
City of Tallahassee
Hackers broke into the payroll system of the city of Tallahassee, FL, and diverted nearly $500,000 from employee’s direct deposits to a different account.
Microsoft Email Services
Microsoft admitted a data breach of its web-based email services including @msn.com, @hotmail.com, and @outlook.com. Between January 1st and March 28th, 2019, hackers used a compromised support agent’s credentials to access users email accounts.
Steps to Recovery
Nearly 150,000 patients of addiction rehabilitation center had their medical records exposed in a data breach. The information was discovered on an unsecured online database by security researcher, Justin Paine.
Plantation, Fla-based EmCare announced a data breach after several employees had their email accounts accessed by an unauthorized third party. As many as 60,000 people had their name, date of birth, clinical information, Social Security number, and driver’s license number exposed.
Fitness enthusiasts who shop at Bodybuilding.com may have had their information stolen after hackers conducted a phishing attack to gain access the company’s servers. The site has more than 7 million registered users whose name, email address, billing and shipping address, phone number, order history, and publicly shared information could have been compromised.
The eCommerce website of the Atlanta Hawks was infiltrated by Magecart, a hacking network that targets online shopping portals. By installing a skimming code onto the payment page, cybercriminals were able to steal names, dates of birth, credit and debit card details of anyone who shopped on the site between April 20th and 25th, 2019.
A popular cloud-based service for app developers, Docker Hub notified its users of a data breach after hackers accessed one of its databases. Usernames, hashed passwords, Github and Bitbucket tokens for 190,000 users were stolen.
Microsoft Cloud Server
Security researchers at vpnMentor discovered a database containing information on more than 80 million U.S. households sitting unprotected on a Microsoft cloud server. Names, ages, full addresses, marital status, geographical, income, and other demographic data were among the information exposed. Microsoft has since taken the database offline, but nobody knows who it originally belonged to.