Monthly Breach Report: January 2019 Edition

From cities to schools, we have compiled a list of data breaches that occurred in the last month of 2018.

1. Saint John, New Brunswick, Canada

December 28, 2018 – Saint John, a Canadian city, is the latest victim of a data breach. As per the official statement, a third-party software product, Click2Gov, which allows residents to pay parking tickets through the Saint John website, was breached by hackers who compromised users’ sensitive information. The city administration said that it has suspended the payment site temporarily and contacted CentralSquare Technologies, the operator of Click2Gov, to investigate the incident.

The security officials at Saint John stated the breach could have affected a number of municipalities across North America, exposing around 6000 users’ personal information, including addresses, names as well as credit card information. The people of Saint John have been advised to check their financial statements to look for any unauthorized activity.

The city recommends citizens to closely monitor their financial accounts and if any unauthorized activity is discovered, promptly contact their financial institution. Anyone who believes they may have been a victim of identity theft must contact the police.

“The City of Saint John takes protection of our data systems very seriously and sincerely apologizes for the inconvenience this incident may have caused,” the public statement states.

Source: CISO Mag

2. Bevmo

December 27, 2018 – BevMo, a California-based retailer of alcoholic beverages, is notifying thousands of customers about a data breach that affected the online store and exposed credit card information which used between August 2 and Sept. 26.

A disclosure BevMo filed with the California Attorney General’s office on December 14 indicated that hackers were able to capture names, expiration dates, credit/debit card numbers, shipping addresses, security codes, billing addresses, and phone numbers.

“We believe that an unauthorized individual was able to gain access to the BevMo website and install malicious code on our checkout page.” BevMo wrote in the disclosure. “BevMo takes the privacy of our customers’ personal information seriously and we deeply regret that this incident occurred.”

BevMo stated that the company is conducting its own independent investigation, and has contacted law enforcement and payment card companies. It’s also advising customers to keep an eye on their credit reports as well as payment card accounts.

Source: NBC

3. Bruegger’s Bagels

December 21, 2018 – Famous US-based restaurant chain, Bruegger’s Bagels, recently informed about a data breach that they identified on November 28, 2018, which exposed its customers’ data– names, debit/credit card numbers, expiration dates, and card security code. Bruegger’s stated that the information of the customers visiting the restaurant between August 28, 2018, and December 03, 2018, may have been compromised. However, the company did not say how many customers may have been affected by the breach.

Bruegger’s approached cybersecurity company Mandiant to investigate the incident and they found unauthorized access to Bruegger’s point-of-sale systems that compromised the customers’ data. Bruegger’s said, it was continuing to investigate the breach and was in contact with the FBI as well. The security professionals at Bruegger’s have also been advising its customers to check their payment card information to find any unusual transactions.

Tyler Ricks, the President of Bruegger’s Bagels said that the company is working on to strengthen its network and payment systems to prevent any future attacks.

Source: CISO Mag

4. San Diego School District (SDSD)

December 26, 2018 – California’s second largest– The San Diego Unified School District (SDUSD), discovered in October 2018 that PII of more than a half million students and staff were compromised. Well, this may be the result of a phishing attack that would have occurred in January 2018.

On December 21st, the school district disclosed the attack on its website with additional details on the linked “Data Safety” page, which stated that the impacted individuals were given notice via email by district staff, although it didn’t say when it happened. The potential data on risk included student and parent/guardian names, Social Security numbers, date of birth, home addresses and phone numbers as well as select staff payroll and compensation information. It also included some members’ health benefits enrollment information, beneficiary identify information, dependent identity information, savings or flexible spending account information.

However, the SDUSD has taken the necessary steps to eliminate the threat to the personal data and implemented improvements to prevent such attacks in the future. The district also notified that police have identified “a subject of the investigation” and blocked all stolen credentials. Meanwhile, those staff members whose accounts were compromised had the security of their accounts reset.

Source: SC Magazine

4. Saint John, New Brunswick, Canada

December 28, 2018 – Saint John, a Canadian city, is the latest victim of a data breach. As per the official statement, a third-party software product, Click2Gov, which allows residents to pay parking tickets through the Saint John website, was breached by hackers who compromised users’ sensitive information. The city administration said that it has suspended the payment site temporarily and contacted CentralSquare Technologies, the operator of Click2Gov, to investigate the incident.

The security officials at Saint John stated the breach could have affected a number of municipalities across North America, exposing around 6000 users’ personal information, including addresses, names as well as credit card information. The people of Saint John have been advised to check their financial statements to look for any unauthorized activity.

The city recommends citizens to closely monitor their financial accounts and if any unauthorized activity is discovered, promptly contact their financial institution. Anyone who believes they may have been a victim of identity theft must contact the police.

“The City of Saint John takes protection of our data systems very seriously and sincerely apologizes for the inconvenience this incident may have caused,” the public statement states.

Source: CISO Mag

Dataguise understands the importance of data privacy and how frustrating data breaches can be for consumers and the businesses entrusted with their data. Although anyone can be a target, Dataguise DgSecure provides enterprise solutions for businesses small and large to combat these threats while ensuring all sensitive data across an organization is accounted for, protected, and compliant with industry and global data privacy laws. To learn more about Dataguise DgSecure, contact us for additional information.

DgSecure OnDemand

Free Trial Offer!
Enjoy DgSecure OnDemand FREE for 7 days when you signup today. No credit card required!

Signup / Login

Datasheets

DgSecure GDPR Datasheet