Hello, and thank you for joining us for our October 2022 recap of cyber assaults and data breaches. Throughout the month, we discovered 102 security events, which is the second highest number this year, behind only August’s 153. (112)
By comparison, just a small amount of personally identifiable information was exposed, with our numbers proving that at most 9,990,855 records were compromised. Due to Amazon’s unencrypted database including Prime members’ viewing habits, that figure might have been far higher.
Researchers at Tech Crunch discovered that the 215 million hacked information could not be used to identify consumers by name, which is good news for the tech giant.
We have not included this number in our calculation since we do not know how much harm would result from the exposure of the data at this time. However, it’s a warning sign for all firms about the hazards of misconfigured Internet-facing servers.
The complete list of data breaches and cyber assaults has been provided below,
Cyber attacks
- Mexico confirms hack of military records (unknown)
- Randolph-area school district disables its own website following transphobic hack (unknown)
- Australia’s Telstra hit by data breach, two weeks after attack on Optus (unknown)
- Patient details compromised in cyber attack on health provider Pinnacle (unknown)
- CHI Health faces ‘IT security incident’ impacting Omaha-area online systems (unknown)
- Russian-speaking hackers knock US state government websites offline (unknown)
- City of Tucson discloses security incident (123,513)
- CSI Laboratories falls victim to phishing scam (244,850)
- Criminal hacker steals $566 million worth of crypto from Binance Bridge (unknown)
- Grain Valley School District investigates malware attack (unknown)
- Cyber attack on Colorado state website follows Russian hacktivist threat (unknown)
- Colombia’s National Institute for Drug and Food Surveillance hit by cyber attack (unknown)
- US hospital chain CommonSpirit Health says ‘IT security issue’ is disrupting services (unknown)
- Cardiac Imaging Associates notifying patients of security incident (unknown)
- 2K Games warns users their stolen data is now up for sale online (unknown)
- State Bar of Georgia notifies members and employees of cyber security incident (unknown)
- Aesthetic Dermatology Associates notifies patients of security incident (33,793)
- Eventus WholeHealth notifies patients of security breach (unknown)
- Australia’s Medibank reports cyber incident (unknown)
- Cyber attack breached some Latter-day Saint member data (unknown)
- Australian police secret agents exposed in Colombian data leak (unknown)
- Costa Rica’s Municipality of Belen victim of cyber attack (unknown)
- New Mexico’s Cybersecurity Office investigating unauthorised access to information systems at state agency (unknown)
- Phishing incident at Seton Medical Center may have exposed patient names (unknown)
- Woolworths says MyDeal customers’ data was hacked (2.2 million)
- Keystone Health notifies patients of data security breach (235,237)
- Canadian MPs warned to change email passwords after cyber attack on government (unknown)
- Verizon notifies prepaid customers their accounts were breached (unknown)
- Wine dealer Vinomofo hit by cyber attack (500,000)
- EnergyAustralia hit by cyber attack (323)
- Spain’s National Renewable Energy Center targeted by cyber criminals (unknown)
- Online marketplace Carousell breached by cyber criminals (1.95 million)
- Wholesale giant METRO hit by IT outage after cyber attack (unknown)
- Resource Anesthesia of California confirms security incident (16,001)
- The Scoular Company says it was hacked (unknown)
- GEE Group reports security breach following encryption event (unknown)
- Diodes Incorporated confirms recent security incident affecting SSNs and health information (unknown)
- Neurology Center of Nevada reports security breach (1,000)
- Choice Health Insurance, LLC confirms recent cyber attack (unknown)
- Northern Data Systems, Inc. files notice of security breach (unknown)
- Chemonics International suffers cyber attack (unknown)
- VisionWeb Holdings reports recent security breach (35,900)
- Massachusetts-based Mativ Holdings confirms security breach (unknown)
- Buffalo MRI by Windsong Radiology reports security incident (unknown)
- Lake Nona Estates Management reports breach after unauthorised party accesses computer network (unknown)
- Amerigroup Insurance Company says customers’ SSNs and insurance data has been compromised (unknown)
- Vivendi announces breach stemming from incident at the company’s See Tickets business (92,074)
- Eventus WholeHealth reports breach after email compromise (unknown)
- Lifespire Services reports security breach (15,375)
- Massachusetts Mutual Life Insurance Company says consumers’ financial data compromised (1,472)
- Advocate Aurora Health announces security breach (3 million)
- Financial Dimensions Group in security incident affecting Royal Alliance clients (unknown)
- BBRG TR and related entities embroiled in security breach (unknown)
- Aurubis says it was target of cyber attack (unknown)
- Slovak parliament suspends voting due to suspected cyber attack (unknown)
- Police called after South Australian Liberal Party caught up in alleged security breach (2,000)
- Taiwan’s Ministry of Interior denies being source of leaked data (200,000)
- Bed Bath & Beyond reviewing effects of phishing attack (unknown)
- Polish parliament hit by cyber attack (unknown)
- Urology of Greater Atlanta announces security breach (unknown)
- WakeMed Health & Hospitals announces security breach (495,808)
- Phoenix Programs of Florida experienced security breach stemming from email compromise (unknown)
- Patient files of Rainier van Arkel also captured in a hack (184)
Ransomware
- Internap loses customer data, shrugs, doesn’t apologise (unknown)
- Tata Power, a top power producer in India, confirms cyber attack (unknown)
- Saskatoon gynaecology clinic hit with ransomware attack (20,000)
- Healthcare centres in Catalonia affected by a “ransomware-type” attack (unknown)
- Bank of Brasilia attacked by ransomware demanding 50BTC (unknown)
- Johnson Fitness and Wellness hit by DESORDEN Group (unknown)
- Mars k-12 district in Pennsylvania victim of ransomware attack (unknown)
- CommonSpirit confirms ransomware attack (unknown)
- NHS vendor Advanced won’t say if patient data was stolen during ransomware attack (unknown)
- Ransomware attack halts circulation of some German newspapers (unknown)
- French maternity hospital hit by ransomware attack (unknown)
- Argentina’s Armed Forces Joint Chiefs of Staff computer system hit by ransomware (unknown)
- Brazil’s RecordTV allegedly a victim of a ransomware attack (unknown)
- Unimed Belem Cooperative hit by ransomware (unknown)
- Massy Stores investigates cyber attack information leak (700,000)
- St. Amant Centre victim of ransomware attack (unknown)
- Tufts community members’ health insurance information compromised in vaccine clinic security breach (unknown)
- Ransomware attack on Indianapolis Housing Agency has landlords, tenants concerned (unknown)
- Colombia’s Universidad Piloto de Colombia hit by ransomware (unknown)
- The joint armed forces command of Ecuador infected with ransomware (unknown)
- Ascension St. Vincent’s Coastal Cardiology announces data breach stemming from ransomware attack (unknown)
Data breaches
- University of Limerick in email data breach gaffe (1,000)
- Bankrupt crypto lender Celsius reveals users’ transaction histories in court filing (unknown)
- Healthcare firm Ro says it ‘inadvertently’ exposed employees’ personal information (unknown)
- UK Home Office warned after sensitive documents left at London venue (unknown)
- Wisconsin Department of Health Services notifying some Medicaid members of breach (unknown)
- Hamilton City ‘inadvertently’ shares personal information, breaches privacy in mass-email (450)
- Thumb drive with confidential Yukon government case files found in Whitehorse pawn shop (unknown)
- Students caught up in University of Otago data breach (unknown)
- Amazon accidentally exposed an internal server packed with Prime Video viewing habits (unknown)
- School software firm iLeadr exposes personal data on misconfigured Cloud database (unknown)
- Security breach in Shas Party database could expose information of millions (unknown)
Malicious insiders and miscellaneous incidents
- Detroit Health Department provides notice of data security incident (unknown)
- Doctor admits criminal HIPAA scheme for wrongful disclosure of protected patient health information (unknown)
- Baie Verte hospital investigating after inappropriate photos taken of patients (unknown)
- Ex Louisville police officer used law enforcement tech to hack sexually explicit photos (25)
- Federal and state authorities investigate a data breach at Philadelphia-area OB/GYN practice (800)
- Mount Laurel officer suspended from force, accused of hacking into woman’s social media accounts (unknown)