Evolver News Round-Up: Amazon Announces Customer Data Leak
News Round-Up – Get a Quick Rundown of What You Need to Know
Evolver’s Cyber News Round-Up looks into recent reports and journalism covering cyber threats and trends affecting all industries. You can suggest articles to us on LinkedIn and on Twitter at @EvolverInc. Visit our cybersecurity services page to learn more about cyber risk assessment and threat protection.
Amazon Announces Customer Data Leak
Amazon has warned customers of a leak involving names and email addresses as a result of a “technical error”, says CSO Online. Despite both the specific issue as well as number of affected customers remaining a mystery, the company assures that the problem has been resolved. It was also stated that anyone that was a victim of the breach has already been notified, according to CSO.
Internal Negligence is the Leading Cause of PHI Breaches
According to a recent Help Net Security article, breaches involving the exposure of personal health information (PHI) are most often caused by internal negligence rather than hacking or other attacks. Furthermore, 33% of hospitals facing breaches ended up experiencing more than one. Since 53% of attacks were found to have been caused by internal issues, the article recommends for organizations to tighten internal procedures and protocols.
LinkedIn Found Violating Data Protection Rules With Non-User Emails
LinkedIn has admitted to using 18 million emails of non-members in order to place targeted ads on Facebook during the lead up to GDPR, according to Tech Crunch. In addition to this practice violating data protection rules, the social network highlighted another internal privacy issue of pre-computation as well, says the article. LinkedIn has since taken action to eliminate these issues and protect consumer privacy.
Ohio Hospitals Turn Away Patients Due to Ransomware Attack
East Ohio Regional Hospital and Ohio Valley Medical Center both were attacked by ransomware over the weekend, resulting in both facilities being unable to treat emergency patients according to Times Leader Online. The attack started on Friday, but failed to expose patient information. However, the article notes, both facilities will begin paper charting to eliminate this risk. Computer systems were taken offline and the attackers were unable to break through the hospitals’ second layer of security.
Uber Faces Additional $1.2 Million in Breach Fines From EU
Uber has been slapped with two more additional fines for late disclosure of its 2016 data breach, says Bank Info Security. $490,000 of these fines come from the UK, while the Netherlands tacked on an additional $680,000. The attack left 2.7 million UK and 174,000 Dutch riders’ data exposed, while the rideshare company also neglected to report the breach within the Netherlands’ 72 hour reporting window.
Market For IoT Security Predicted to Reach $9.88 Billion By 2025
After being valued at $1.24 billion in 2017, TechRepublic states, the Internet of Things security market will skyrocket to $9.88 billion by 2025. This predicted increase will come as a result of the rising number of security threats as the use of IoT in businesses and personal lives continues to grow. In addition, the article notes, professional services will continue to lead the IoT trend, likely reaching $2.11 billion spent on IoT security.
60% Jump in Cyberattacks Likely This Holiday Season
As reported by Tech Republic, experts have predicted that this holiday season will bring a 60% increase in cyberattacks. This trend begins with the spike in attacks on Cyber Monday, which are then expected to maintain a heightened level for the rest of the season. Tech Republic states that the most attacks take place right after Christmas, usually involving a combination of spear-phishing and malware. Consumers are advised to pay the upmost attention to verifying the senders of the emails that they receive, while companies should take extra strict measures to protect consumer data.
Dell May Have Been Hit With Data Breach
Dell revealed that it discovered strange activity on its network on November 9th, says Info Security Magazine. While Dell’s staff was able to find and stop the activity, it is unknown whether any information was obtained by the attackers. Information affected includes names, emails, and hashed passwords that may or may not have been fully exposed, according to the article. No number has been revealed by the company as to how many users were affected, but financial data was not a target in this case. User passwords have since been reset.
Approximately 57 Million U.S. Residents’ Data Exposed
Full names, employers, emails, job titles, addresses, states, zip codes, IP addresses and phone numbers of millions of U.S. residents were exposed by an ElasticSearch server database that was not protected by a password, according to SC Magazine. The exposure was found by the director of cyber risk research for Hacken, Bob Diachenko, on November 20th. Data & Leads Inc., a management firm, was found to be the source of the breach and the databases are now secured.