Security Breach Report: July 9, 2015

The latest reports on cyber security and data breaches that ensue from network vulnerabilities, social engineering attacks, and insider threats.

• The U.S. Government’s Office of Personnel Management has notified the public about two cyber breaches in the past month. The first incident involved the compromise of at least 4.2 million current and former federal employees’ personally identifiable information, including Social Security numbers. More recently, there are reports of a separate system intrusion that some sources say could increase the total number of affected people to 21.5 million, which includes current, former, and prospective federal employees who applied for security clearances and background checks. The types of information allegedly compromised in the second breach include family and criminal history, as well as other extremely personal details. Both breaches continue to be investigated, and more federal employees are being notified of possible stolen personal information. Last week, OPM Director Katherine Archuleta notified President Obama of her decision to resign, and the deputy director of management Beth Cobert is set to temporarily replace her until a permanent replacement is hired. 
• In an ironic turn of events, the Italian company Hacking Team has reportedly been hacked. Attackers claimed to have breached all of the company’s records and information, and began releasing large amounts of information online, including a list of customers. It is still unclear who hacked the company, but sources are reporting the hackers went through the computers of the two systems administrators. In addition, passwords were leaked, including those of Christian Pozzi, a security engineer. More trouble may be on its way for the Italian company, since the customer list allegedly contains Sudan, which is a country with a strong EU embargo.
• Recently, Florida-based tech support company Advanced Tech Support, managed by Inbound Call Experts, announced on its website that fraudsters were trying to gain access to customers’ bank accounts. They later removed the warning online, and stated that they had found the scammer and stopped the attack.
• Last month, New York–based Montefiore Health System issued a statement saying that 12,517 patients’ personal information had been breached by a former employee. Compromised information — including names, addresses, dates of birth, Social Security numbers, and more — had been collected between January and June 2013.
• Suspicious activity on password manager LastPass’s website lead to the compromise of users emails, along with a few other pieces of information. LastPass is cautioning users to be aware of potential phishing emails, or other scams trying to gain access to their master password.
• A breach on a state server that contained information about the North Dakota Workforce Safety and Insurance agency may have compromised data in about 43,000 incident reports and 13,000 payroll reports.
• Current and former employees, along with those made a formal offer of employment, of Detour Gold, a Canadian gold mining company, have had their personal information exposed during a cyber attack.
• In June, Medical Informatics Engineering, an Indiana-based healthcare IT solutions provider, detected suspicious activity on a server that may have resulted in a breach of some clients’ protected health information (PHI). Affected clients include Concentra, Fort Wayne Neurological Center, Franciscan St. Francis Health Indianapolis, Gynecology Center, Inc. Fort Wayne, and Rochester Medical Group.
• Fred’s Inc, a discount retail chain that operates in several southern and midwestern U.S. states, may be the latest victim of card-stealing malware installed on POS systems. The company is currently investigating the potential breach, and how many of its 650 stores may have been infected.
• Around 6,600 Medicaid patients were affected by a data breach at the Texas Department of Aging and Disability Services. The breach allowed PHI, including Social Security numbers, to be made accessible online.
• A hacker going by the alias of “Mufasa,” recently compromised over 50,000 customer records from Illinois-based pharmaceutical company Akorn Inc. According to Mufasa, the stolen information will be sold to the highest bidder.
• The internal server of Germany’s federal parliament was hacked and infected during a cyber attack. Officials are not sure yet what information has been compromised, or where the attacks came from.
• California-based U.S. HealthWorks — which operates in more than 200 locations in 20 states — recently announced that a laptop was stolen, putting employees’ personally identifiable information at risk for a data breach. The laptop was password protected but not encrypted.
• Woolworths, a large Australia-based supermarket chain, accidentally emailed an Excel spreadsheet containing redeemable gift card codes, along with customers’ names and e-mail addresses, to more than 1,000 people. The online gift card vouchers have since been cancelled by Woolworths, but some gift card balances had already been inappropriately spent by those who received the spreadsheet.
• Early in July, reports of a credit card breach involving the Trump Hotel Collection came to surface. There are alerts of suspicious and fraudulent charges on accounts that were used at the luxury U.S. hotel properties, and the breach appears to extend back to at least February 2015.
• Approximately 3,200 patient records were accessed by an Orlando Health nursing assistant who should not have been viewing the records. The records included names, addresses, medications, test results, and parts of Social Security numbers of patients treated in multiple locations of the Florida-based organization. The employee has since been fired, and the incident is being investigated.
• FireKeepers, a casino hotel in Michigan, announced that a breach of their POS and payment systems may have affected 85,000 credit and debit card accounts of guests and current and former employees who made food, beverage, and retail purchases between September 2014 and April 2015. It’s also possible that the compromise included a breach of a file storage server that contained customers’ tax-reportable winnings, names, Social Security numbers, and other personal information.