Monthly Breach Report: February 2019 Edition Feb 8, 2019
The first month of 2019 witnessed some massive breaches and pointed out to the flaws in the data security of the states. Here is a glimpse of these top breaches of January 2019.
January 21, 2019 -Google has been fined approximately $57 million by French regulators for violating Europe’s tough new data-privacy rules, marking the first major penalty brought against a U.S. technology giant since the region-wide regulations came into existence in 2018.
France’s top data-privacy agency, known as the CNIL, said that Google failed to wholly reveal to users as how their personal data is collected and what happens to it then. The Giant also did not correctly obtain users’ consent for the purpose of showing them personalized ads, the watchdog agency said.
Users’ “consent” is presently set as the global default setting that fails to meet the regulator’s requirement, which companies obtain “specific” consent.
In response, Google said it is “studying the decision to determine our next steps,”. The Giant further said, “People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR.”
In another case, Google has also been accused of GDPR violations by consumer groups across Europe over what they claim are “deceptive practices” around its location tracking.
Source: Washington Post
2. Oklahoma Securities Commission
January 17, 2019 – A major data breach was uncovered at the Oklahoma Securities Commission that exposed an unsecured pathway leading to millions of files encompassing decades’ worth of confidential case file intelligence from the agency along with sensitive FBI investigation source materials potential hackers and scammers.
“By the best available measures of the files’ contents and metadata, the data was generated over decades, with the oldest data originating in 1986 and the most recent modified in 2016,” read a report summary released by California-based cybersecurity firm UpGuard.
UpGuard said it had uncovered the breach in December and had notified the affected government agency, the Oklahoma securities department. The exposed data was kept on a state-agency server, which wasn’t properly secured with a password, making the information accessible for anyone to see and download.
One database contained about 10,000 Social Security numbers of the brokers and another contained birth information, gender and other identifying characteristics like eye color for 100,000 brokers. The cybersecurity firm stated that it also found a database which contained information about people with AIDS who were selling life insurance benefits, including names and T cell counts.
Source: Business Insider
3. German Politicians
January 04, 2019 – Sensitive information of around hundreds of German politicians, celebrities as well as public figures was published online via a Twitter account in one of the largest leaks in the country’s history.
The huge cache of documents included personal phone numbers, addresses, credit card details, internal party documents, and private chats. The data including financial details, contact information, memos, and private chats, was leaked in December but was only recently spotted.
A government spokeswoman, Martina Fietz, said the leaks affected politicians of all levels including those in the European, national and regional parliaments. “The German government is taking this incident very seriously,” she said, adding that faked documents could be among the cache.
Politicians from Germany’s far-left Linke party were the first ones to confirm that their information has been compromised, but then it increased as details from almost all parties were found to have been leaked.
A defense ministry spokesman also said the ‘armed forces’ had not been affected by the breach.
Source: The Guardian
4.Minnesota Department of Human Services
January 30, 2019 – The Minnesota Department of Human Services informed about a data breach that potentially exposed personal information of up to 3,000 people. Commissioner Tony Lourey informed the legislative leaders that the breach took place on September 28, 2018, when an employee fell for a phishing scam by clicking on a malicious link, which caused employee’s email account to send spam.
Lourey says technicians were not able to identify what kind of personal information might have been accessed. Although, the affected account contained data on DHS employees and clients, including their names, dates of birth, phone numbers, emails and information on child protection cases. The information also included Social Security and driver’s license numbers as well as financial data of about 30 people.
“We respect and value the privacy of the Minnesotans we serve and sincerely regret any concern or other negative impact this incident may cause,” Lourey said in his letter to legislators.
In October 2018, the same state agency had reported that scammers compromised two state email accounts over the summer, giving them access to the private information of about 21,000 Minnesotans, although there was no evidence of the information being “viewed, downloaded, or misused.”
Source: Twin Cities
Dataguise understands the importance of data privacy and how frustrating data breaches can be for consumers and the businesses entrusted with their data. Although anyone can be a target, Dataguise DgSecure provides enterprise solutions for businesses small and large to combat these threats while ensuring all sensitive data across an organization is accounted for, protected, and compliant with industry and global data privacy laws. To learn more about Dataguise DgSecure, contact us for additional information.