- A Snapchat employee in the payroll department fell for a phishing attack, and ended up exposing information of several current and former employees. In response, Snapchat contacted affected employees and offered two years of identity-theft monitoring and insurance. Additionally, Snapchat says it has improved its security education efforts for employees.
- Seagate suffered a similar incident to Snapchat, when an employee was tricked into giving away W-2 tax documents of all current and former U.S. employees. Seagate in response is offering affected employees “at least two-years membership to Experian’s ProtectMyID service, paid for by the company.”
- Main Line Health hospital system suffered a breach after an employee exposed personal information of other employees due to a spear phishing attack. According to officials, no patient information was compromised due to the breach. Main Line Health responded by setting up a call center to “answer questions and provide information on how to monitor their financial accounts.”
- Charles Harvey Eccleston, a former scientist at the U.S. Nuclear Regulatory Commission and Department of Energy, plead guilty to an attempted spear-phishing attack in January 2015. Before the attempted attack, Eccleston went to a foreign nation’s embassy and offered to sell a list of ~5,000 U.S. energy employee’s email addresses. The embassy official reported the incident to the FBI who sent a series of undercover agents to meet with Eccleston.
- A growing number of incidents at hospitals across the country have revealed PHI, PII, and other sensitive information. According to this article, three recent incidents were caused by a phishing attack, unauthorized access to a database, and an improper mailing, revealing the cost of human error in breaches.