Phishing attacks and unsecured databases continue to pose a serious risk to Personally Identifiable Information (PII) of millions of individuals. In September, we saw an increased risk to children’s sensitive information with gaming companies and children’s hospitals being targeted.
IdentityForce has recently received the Parent Tested Parent Approved Seal of Approval for the 7th year in a row. Our ChildWatch product is the first of its kind identity theft protection designed for children’s developing identities, delivers alerts and messages directly to parents and safeguards against child identity theft.
Here are the recent data breaches that made headlines in September 2020:
Over 1 million inmates that have used the prison phone service, Telmate, have had their personal information exposed in an unsecured database. The information of both inmates and their contacts that was disclosed included names, gender, offense, religion, facility location, relationship status, medication history, emails, physical and IP addresses, phone numbers and driver’s license details.
A phishing attack led to the protected health information of 140,000 medical patients of Imperium Health Management to be exposed. The information accessed through the attack includes patient names, addresses, dates of birth, medical record numbers, account numbers, health insurance information, Medicare numbers, Medicare Health Insurance Claim Numbers (which can include Social Security numbers), and limited clinical and treatment information.
NorthShore University HealthSystem
The Chicago based healthcare system, NorthShore University HealthSystem, disclosed the protected health information of 348,000 medical patients was exposed through a third-party data breach. The data breach exposed patient names, dates of birth, addresses, phone numbers, e-mails, admission and discharge dates, locations of services, and physician names and specialties.
A database with the customer information of 100,000 gamers who have made purchases with the game tech company, Razer, was found online and unprotected. The exposed information included name, email, phone number, customer internal ID, order number, order details, billing and shipping address.
An undisclosed number of customers of the office retail giant, Staples, received email notification disclosing their information has been exposed in a data breach. The breached information includes customer names, addresses, email addresses, phone numbers, last four credit card digits, and order details.
Children’s Hospitals and Clinics of Minnesota
Children’s Hospitals and Clinics of Minnesota sent notification that a third-party data breach exposed over 160,000 patient records. The patient impacted in the breach includes names, addresses, phone numbers, ages, dates of birth, genders, medical record numbers, dates of treatment, locations of treatment, names of doctors and health insurance status.
Over 500,000 gamer accounts of Activision, the video game publisher, were targeted in a credential stuffing attack. It has been reported that login data, such as email and password, was published publicly online, granting hackers access the Call of Duty accounts, often locking the rightful owner out of their account.
A researcher at Comparitech discovered an unsecured online database containing records of 600,000 gym members of the fitness chain, Town Sports International. Town Sports has 185 clubs under various brands, including New York Sports Clubs, Philadelphia Sports Clubs, Boston Sports Clubs, Washington Sports Clubs. The database exposed customer names, postal addresses, email addresses, phone numbers, check-in data, gym location, notes on customer accounts, last four digits of credit card, credit card expiration date, and billing history.
Warner Music Group
A recent legal filing revealed entertainment and record label conglomerate, Warner Music Group (WMG), suffered a three-month long Magecart attack that exposed an undisclosed number of customers’ personal and financial information. Hackers accessed customers’ details from Warner Music’s e-commerce websites hosted and supported by a third-party, capturing customer’s names, email addresses, telephone numbers, billing addresses, shipping addresses, and payment card details such as card numbers, CVC/CVV, and expiration dates.