We counted 97 security incidents resulting in 91,127,815 million compromised records in September 2021.
What makes this month so remarkable is that a single incident is responsible for the majority of the exposed records; in this case, 61 million records were leaked due to a vulnerable database.
Website Planet’s investigators claim that GetHealth, a New York City startup that synchronizes data from many IOT health and fitness trackers including FitBits and Apple’s Healthkit, was responsible for creating the database.
Users’ “first and last name, display name, date of birth, weight, height, gender, geo location, and more” were among the information that was compromised.
There have now been 996 security incidents and 4,132,751,378 records compromised so far this year.
Cyber attacks
-
Hackers steal Covid test data of 1.4 million people from Paris hospital system (rfi.fr) (1,400,000)
Dallas Independent School District reveals breach, but details are still missing (databreaches.net) (0)
Cyberattack on DHSS website includes HIPAA and APIPA breach (alaska.gov) (unknown)
PA: Penelec customers must reset passwords after security breach (databreaches.net) (0)
Hacked hospital patients’ data ‘not important’ (bangkokpost.com) (10,000)
Nevada Restaurant Services, Inc. Provides Notice Of Data Privacy Event | | djournal.com (0)
Hacked student email threatens high school – ABC 36 News (wtvq.com) (unknown)
Desorden Group claims to have stolen 200 GB of data from ABX Express (databreaches.net) (15,000,000)
Vermont radio stations dealing with fallout from cyberattack (wcax.com) (1)
Report: Fitness Tracker Data Breach Exposed 61 Million Records and User Data Online (websiteplanet.com) (61,000,000)
Vermont radio stations dealing with fallout from cyberattack (wcax.com) (1)
Texoma Community Center notifies 24,030 patients of email hack in September, 2020 (databreaches.net) (24,030)
SC: Dorchester County Government Notice of February Security Incident (databreaches.net) (0)
CMA CGM hit by another cyber attack – Splash247 (unknown)
MD: Groove threat actors claim to have hit Robinwood Orthopaedic (databreaches.net) (unknown)
ALTDOS claims to have hacked one of Malaysia’s biggest conglomerates (databreaches.net) (1,000)
UN Computer Networks Breached by Hackers Earlier This Year (yahoo.com) (0)
VA: Greensville County Public Schools hit by Grief threat actors (databreaches.net) (unknown)
Anonymous leaks gigabytes of data from alt-right web host Epik | Ars Technica (unknown)
Notice of Data Event – Simon Eye (14,400)
Ransomware
-
African Bank warns of data breach with personal details compromised (businesstech.co.za) (1,400,000)
Office of the Maine AG: Consumer Protection: Privacy, Identity Theft and Data Security Breaches (49,476)
CYBER INCIDENT – Queen Creek, AZ: Desert Wells Family Medicine (35,000)
Ransomware attack under investigation at Howard U, online classes canceled Sept. 8 | WJLA (0)
Hacker puts stolen data online because college refuses to pay (databreaches.net) (0)
After Biden Warning, Hackers Define ‘Critical’ as They See Fit – Bloomberg (unknown)
Mass data leak after Bar Ilan University refuses to pay hacker $2.5m | The Times of Israel (0)
PA: Horizon House notifying patients of ransomware attack in March (databreaches.net) (27,823)
Department of Justice (twimg.com) (0)
Technology giant Olympus hit by BlackMatter ransomware | TechCrunch (0)
Tamil Nadu Public Department comes under ransomware attack – The Hindu (unknown)
Indian Creek Foundation Provides Notice of Data Event (prnewswire.com) (0)
Customer Care Giant TTEC Hit By Ransomware – Krebs on Security (0)
Two more ransomware attacks on medical entities impact 56,000 patients in Florida and Texas (56,000)
Hacker Makes Off with $12 Million in Latest DeFi Breach (govinfosecurity.com) (0)
Exabytes Falls Victim To Ransomware Attack: Causes Disruptions To Certain Services – Lowyat.NET (0)
MN: Crystal Valley Computer Systems Infected By Ransomware Attack (databreaches.net) (0)
Major European call center provider goes down in ransomware attack – The Record by Recorded Future (0)
Unauthorised access and vulnerabilities
-
Personal Data of 2 Million Moroccans Leaked Online (moroccoworldnews.com) (2,000,000)
Hacker steals 40,000 patients’ data from kidney hospital (bangkokpost.com) (40,000)
Rehabilitation Support Services(rehab.org) (0)
Anonymous Hacks Texas GOP Website, Floods it with Memes (dailydot.com) (0)
Hacker Compromises Personal Info Of NEISD Employees (databreaches.net) (5,000)
Northern Light Health reports data breach | WGME (0)
Council on Aging notifies impacted clients of data security issue (help4seniors.org) (unknown)
SEC fines three companies over hacked employee email accounts – The Record by Recorded Future (4,900)
Guntrader Data Breach Claims | Gun Trader’s Database Hacked & Exposed (celsolicitors.co.uk) (100,000)
Hacker claims to have stolen information of 7 million Israelis – The Jerusalem Post (jpost.com) (7,000,000)
80,000 MyRepublic mobile users’ data exposed by breach (yahoo.com) (79,388)
UAE: Moorfields Eye Hospital in Dubai sees more staff and patient data dumped (databreaches.net) (1,100)
Walgreens’ Covid-19 test registration system exposed patient data – Vox (0)
SEC fines three companies over hacked employee email accounts – The Record by Recorded Future (2,177)
Report: Data Exposure discovered at EventBuilder company (clario.co) (100,000)
Sandhills Center LME/MCO Provides Notice of Potential Data Theft (prnewswire.com) (0)
Elon Musk’s top-secret ‘full self-driving’ AI car software leaked to hackers – Daily Star (0)
SEC fines three companies over hacked employee email accounts – The Record by Recorded Future (4,388)
Chinese hackers behind July 2021 SolarWinds zero-day attacks – The Record by Recorded Future (0)
Texas Right to Life website exposed job applicants’ resumes | TechCrunch (300)
Hackers leak passwords for 500,000 Fortinet VPN accounts (bleepingcomputer.com) (500,000)
Internal error and malicious insiders
-
Private information of 2,841 students accidentally released: Sask. privacy commissioner (yahoo.com) (2,841)
Credit unions demand assurances from Central Bank after data leak blunder – Independent.ie (50)
Dallas police data loss nearly triple initial estimate (ksla.com) (15 terabytes)
700,000 French pharmacy Covid test results left publicly available (connexionfrance.com) (700,000)
McDonald’s email blunder broadcasts database creds to comedy competition winners • The Register (0)
Ottawa Hospital apologizes to unvaccinated staff for privacy breach | CBC News (400)
Mankato Clinic notifies patients of health data breach (keyc.com) (535)
Second MOD data breach uncovered putting safety of Afghan interpreters at risk – Mirror Online (55)
Police investigating City of Helsinki data breach involving over 140 victims (helsinkitimes.fi) (144)
Afghanistan: MoD shared more than 250 Afghan interpreters’ details on email – BBC News (250)
Fired NY credit union employee nukes 21GB of data in revenge (bleepingcomputer.com) (21 GB)
Ashland City Elementary PTO President faces theft, computer crimes charges (tennessean.com) (1)