In September 2021, there have been very few security incidents in the UK compared to normal. What’s more, despite 97 security incidents, comprising 91,127,815 million breached records, there is something unusual in that a single incident accounted for most of those records – 61 million – which were exposed via an unsecured database:
Fitness Tracker Data Breach Exposed 61 million Records and User Data Online
Website Planet’s research team has discovered that Get Health, a New York City company that syncs data from numerous IOT health and fitness trackers, including FitBits and Apple’s Healthkit exposed user data through an unsecured database. The non-password protected database identified by Website Planet, contained over 61 million records belonging to users from around the world. Data exposed included users’ names, display name, date of birth, weight, height, gender, geo location, and more. Website Planet have contacted Get Health and they are now resolving the issue.
Fitness trackers by their design are intended to understand and improve our health by providing critical information that could indicate health risks. In the process of collecting this information on users, the device must be able to access very private information about our lives, health, and much more. In a recent study conducted by Pew Research Centre, 20 percent of adults in the United Stated report owning some type of wearable device or fitness tracker. These devices will produce a massive amount of health-related data points over the years and create long term privacy risks, particularly as they seemingly become easier to hack into.
Hackers steal Covid test data of 1.4 million people
Hackers stole the personal data of around 1.4 million people who took Covid-19 tests in the Paris region. This incident occurred in the middle of 2020, but has only been revealed now, because of worries it would stop people getting a Covid test. The hack of a service of the Paris public hospital system, AP-HP, is the latest in a growing number of cyberattacks on French health institutions and Covid data breaches.
The data stolen includes the names, social security numbers, contact information and results for those tested in mid-2020 in the Paris area, as well as the names and contact information for the health professionals treating them. Everyone who was affected has been contacted and AP-HP have apologised. No other health information was stolen, said AP-HP as the attack was a system used only in September 2020 to transmit information to the national Covid contact-tracing system, SI-DEP, which was having problems at the time. That system was affected by the hack.
The Paris hospital system say that the compromised service has stopped, and investigations continue to find the origin and the mode of the hack. Hospital officials have filed a complaint with the Paris prosecutor’s office, and have notified the French data watchdog, the CNIL, which has opened its own investigation into the attack.
French hospitals have been the target of hackers and ransomware attacks since the start of the Covid epidemic. It has been a huge problem.
Desorden Group claims to have stolen 200 GB of data from ABX Express
DataBreaches.net was contacted this month by a threat actor or group calling themselves “Desorden Group”. The group claims to have hacked ABX Express Enterprise servers in Malaysia on 23 September 2021. They said, “We have stolen more than 200 gigabytes of files and databases, tens of millions of customers’ personal data from their servers, wiped their drives and left a note about the data breach on their servers.”
ABX immediately shut down their services entirely and informed customers that they were “performing system maintenance” instead of announcing the data breach. To this day there is still no evidence on ABX’s website of any maintenance notice.
As proof of their claims, Desorden uploaded two files to a file-sharing service for journalists to download. One showed directories of folders and files on drives C, D, and E. There was also a file with a report that dealt with shipping orders. Desorden claims the breach involves millions of Malaysian customers’ personal data, with the airway bill database containing more than 15 million records that each contain information on both sender and receiver. Other databases reportedly include financial information, and customer and corporate records.
In addition to contacting journalists, Desorden Group also created a listing on a popular forum for buying, trading, or selling data. In that listing, they offered 100,000 airway bills, and said they would be uploading more data.
DataBreaches.net asked Desorden how they were able to access ABX, they explained “We breached their intranet servers through their front-facing server and maintained APT on servers. They recovered most of their source codes with backups and are still recovering databases.”
The threat actors also told DataBreaches.net that their victim did not respond at all to their notes. DataBreaches.net have not been able to contact ABX about the incident and they refuse to comment on the situation currently as investigations are still ongoing.
Data Breach for African Bank
African Bank has confirmed that one of its appointed professional debt recovery partners, Debt-IN, was targeted by cybercriminals in April 2021. This large breach was only revealed this month, because at the time expert security advice concluded that there was no evidence that the ransomware attack had resulted in a data breach. However, Debt-IN is now aware that the personal data of 1,4000,000 customers, including several African Bank Loan customers under debt review, has been compromised. No data after the 1st April 2020 has been breached.
African Bank has now introduced a new precautionary step and they have improved their security measures to protect their customers. This breach is the latest in a line of high-profile data breaches and cyber-attacks to hit South Africa this year.
Hackers leak passwords for Fortinet VPN accounts
Almost 500,000 Fortinet VPN login names and passwords were leaked by hackers last summer. The same threat actor is now claiming that the exploited Fortinet vulnerability has been patched, but that many VPN credentials are still valid. This leak is a serious incident as the VPN credentials could allow threat actors to access a network to perform data exfiltration, install malware, and perform ransomware attacks. The list of Fortinet credentials was leaked for free by a threat actor known as ‘Orange,’ who is the administrator of the newly launched RAMP hacking forum and a previous operator of the Babuk Ransomware operation.
If anything looks suspicious, you should immediately make sure that you have the latest patches installed, perform a more thorough investigation, and make sure that your user’s passwords are reset.
Phetchabun Hospital Patient Records Taken
More than 10,000 patients’ personal details were taken by hackers from Phetchabun Hospital. Officials have rushed to downplay the theft by describing the information taken as not important. Initial reports on social media say that the data of 16 million patients of the Public Health Ministry had been hacked and had been put on sale. These rumours were started by the hacker, however, Phetchabun public health office as reporting that data was lost from Phetchabun Hospital but involved nowhere near as many as 16 million patients. The provincial health office doesn’t know yet how much the stolen data has been used. Hacked information also included databases of patient appointments, names, family names and phone numbers, along with doctors’ shifts and the cost of orthopedic surgery for 692 patients at the hospital. They have apologised for the incident and there is now an ongoing investigation into how it happened.
Carmel Clay Schools has employee email accounts hacked
On 24th February 2021, the employee accounts of Carmel Clay Schools were hacked, but employees were only notified on 20th September 2021. Carmel Clay Schools in Indiana, USA discovered suspicious activity involving employee email accounts and their investigation has shown that there has been unapproved access leading up to 24th February. It took the district, working with third-party forensic specialists, until 31st August to verify everyone who may have had personal information in the compromised accounts. Then on 20th September 2021 letters went out to 15,817 people who had their personal information in those compromised email accounts. The report does not show if everyone affected was an employee, or if some of those affected may have been students or parents. The information that could have been subject to unauthorised access includes name, address, medical information, and Social Security number.
Major European call centre affected by ransomware attack
GSS, one of Europe’s largest call centres, suffered a ransomware attack this month. It froze all their IT systems, which affected customer service support for numerous companies in Spain and Latin America. According to The Record, affected services included “Vodafone Spain, the MasMovil ISP, Madrid’s water supply company, television stations, and many private businesses”. Customers were told by GSS that it took down the affected systems and were using Google-based services as an alternative. A spokesperson for GSS’s parent company, Covisian, told The Record that “the attack was carried out by the Conti gang on Saturday, September 18” but that there was “no evidence of leakage of any personal data”. According to Crowdstrike, the threat group behind the Conti ransomware is known as ‘Wizard Spider’, based in St Petersburg.
Horizon House notifying patients of ransomware attack in March
Horizon House, a big support group for mental health in America, experienced a ransomware attack in March 2021 that encrypted their files and allowed the unknown threat actor to access and exfiltrate some data relating to employees and patients. According to their web site, they currently serve more than 5,000 adults annually in Pennsylvania and Delaware. In their statement they said that “names, addresses, Social Security numbers, driver’s license and/or state identification card numbers, date of birth, financial account information, medical claim information, medical record number, patient account number, medical diagnosis, medical treatment information, medical information, health insurance information, and medical claim information” were all taken. They do not know if any of the information was misused or disseminated by the unknown actor. They are currently offering credit monitoring and identity protection services to all impacted individuals.
Covid-19 Vaccine Records Stolen
In Washington D.C Covid-19 vaccine records have been stolen from a vaccine clinic held by Safeway. Whoever visited the clinic on the 8th September 2021 was a “victim of theft” and items stolen included 138 paper vaccination consent forms for patients by hackers into the computer systems. Safeway immediately notified the police and launched an internal investigation. All patients have been told about the hack and about the potential impact. This is another hack to add to the list of Covid-19 clinics having security incidents. This is becoming a huge issue around the World and clinics are being told to increase their computer security.
This brings the year’s running total to 996 security incidents and 4,132,751,378 records.