Recent Cyber Security Breaches: Microsoft, Shopify and More

cyber security
As a managed IT service provider it is important to us to make sure to stay in know about the latest cyber security breaches. Every few weeks we like to share our findings with you here on our blog. Please take a peek below to learn more about some of the most recent cyber attacks here and around the world.

Microsoft (United States)

Technology Conglomerate

The Hack: Unsecured Database

Quick Summary: “In a rare security blunder, Microsoft failed to secure a backend server for Bing. The server is estimated to have leaked more than 6.5TB of log files containing 13 billion records originating from the Bing search engine. The leak included the server exposed technical details, such as search queries, details about the user’s system (device, OS, browser, etc.), geo-location details (where available), and various tokens, hashes, and coupon codes.” -Kevin Lancaster

Read More Here >> Microsoft secures backend server that leaked Bing data

 

Shopify (Canada)

e -Commerce Platform

The Hack: Malicious Insider

Quick Summary: “The data of customers for an estimated 200 merchants on Shopify was exposed in an insider incident at the e-commerce giant. Two employees who were working a scheme to steal transaction data are to blame. The data exposed includes client details like email, name, and street address, as well as order details, but does not involve complete payment card numbers or financial information. The company hosts over one million businesses across more than 175 countries on its platform.” -Kevin Lancaster

Read More Here >> Shopify says customer data likely exposed as employees accessed records

 

University Hospital New Jersey (United States)

Healthcare Provider

The Hack: Unauthorized Systems Access

Quick Summary: “The SunCrypt ransomware operation has leaked data allegedly stolen from University Hospital New Jersey (UHNJ) in a ransomware attack. The attackers have leaked 1.6 GB ff the 240 GB of data containing over 48,000 documents. The documents contain patient information release authorization forms, copies of driving licenses, Social Security Numbers (SSNs), date of birth (DOB), and records about the Board of Directors.” -Kevin Lancaster

Read More Here >> University Hospital New Jersey hit by SunCrypt ransomware, data leaked

 

Public Health Wales (Wales)

Government Agency

The Hack: Accidental Data Exposure

Quick Summary: “Personal data concerning 18,105 residents of Wales who tested positive for COVID-19 was uploaded by mistake to a public server and spent 20 hours online in August, Public Health Wales said on Monday. The agency says that for the majority of cases, 16,179 people, the information consisted of initials, dates of birth, geographical area, and sex. For 1,926 people living in nursing homes and supported housing, the information also included the names of the homes.” -Kevin Lancaster

Read More Here >> Wales says personal data of 18,000 COVID patients accidentally published

 

Staples (United States)

Office Supply Retailer

The Hack: Ransomware

Quick Summary: “Staples has notified some customers of a cybersecurity incident that occurred earlier this month around 9/02 and consisted of unauthorized access to a system. Little information is available, but the event. The letter notes that “a limited amount” of order data for customers of Staples.com was obtained, and may contain names, addresses, email addresses, phone numbers, last four credit card digits, details about the order (delivery, cost, product), and other non-sensitive information.” -Kevin Lancaster

Read More Here >> Staples discloses data breach exposing customer info

 

University of Tasmania (Australia)

Institution of Higher Learning

The Hack: Accidental Data Exposure

Quick Summary: “That classic human error is to blame for the accidental exposure of students’ personal data to faculty members at the University of Tasmania. In a security bungle, the personal information of 19,900 students was made public through a misconfigured Microsoft Office365 SharePoint site that was accessible to anyone with a utas.edu.au email address.”
-Kevin Lancaster

Read More Here >> University of Tasmania students’ personal information exposed in email bungle

To learn more about how to keep your company safe and secure, click here to explore our San Diego IT Services & IT Security plans that are offered by SDTEK.

Leave a Reply