Skip to content

Recent Data Breaches You Should Know About - November 2019

More Than 28 Million Canadians Affected

Untitled design (8)-3

According to the Office of the Privacy Commissioner of Canada (OPC), the personal information of about 28 million Canadians has been affected by corporate hacks or mismanagement in the last 12 months. The evaluation was issued last week after analyzing the first full-year data provided by private sector firms that had to report security breaches. Until new regulations to the Personal Information Protection and Privacy Act (PIPEDA) came into force on November 1, 2018, companies had to report violations to the OPC only voluntary.

Currently, the estimation of the OPC is about 2 million short. Desjardins said data on all 4.2 million of its credit union customers were affected in the June data breach it suffered on Friday, the day after the assessment was released. At first, it said that only 2.7 million people were affected. The reported incidents break down as follows: 397 (58%) of the 680 incidents were due to "unauthorized access" (data breaches and employee snooping), 147 were due to "accidental disclosure" (including information sent by BCC to the wrong email address, or multiple people instead of just one person), 54 were due to theft, 82 incidents were due to "loss" (probably including losses of laptops, USB devices, and hard drives).The OPC collected 680 violation reports in those first 12 months – which concluded on October 31; six times the amount it obtained from voluntary reporting.

The new legislation allows businesses that fall under PIPEDA to disclose security breaches to the OPC and victims that contain personal information and pose a real risk of significant harm to persons (shortened to RRoSH by privacy pros). They also need to keep a record of any security checks breach whether it hits the RRoSH threshold.

Untitled design (7)-4Small Businesses Need More Security

"Many small businesses think they're safe if they have a firewall and antivirus software, but that's not the case," said Michael Ball, Performance Advantage CISO. Furthermore, a Statistics Canada survey shows that 10% of firms say they have no security at all. There is not enough security in place for most small businesses to protect against potentially devastating cyber-attacks. Twenty-one percent of Canadian companies say that cyber-security issues have impacted them. Most of the companies were hacked, Ball said. "We just don't know it yet." Small businesses are gradually being marketed for larger businesses as a path through the supply chain.

Small and medium-sized enterprises must practice good cyber routines, as Michael Ball says, "all of the time." They must be proactive in security measures, including password management, multi-factor authentication, patching, monitoring, detection and backup of intrusion - There must be continuous monitoring. "You have to understand what's going on day in and day out inside the network," Ball said. Monitoring allows companies to identify, contain, analyze, remedy and report the threats.

For small and medium-sized businesses, a managed detection and response (MDR) service is a good option. It is a subscription-based service offered by experts working with companies to identify key vulnerabilities and put in place best-of-breed monitoring tools. "Once you know the networks are secure and any security issues will be handled and resolved, you can rest easy. Commercial products can be implemented, with the necessary defenses of 24/7 support, but the price for small businesses is often too steep.

Other Breaches:

Below are other notable, global cyber-security breaches for November:

Social Graphic 9.23.19 copy

 

Name of the Organization Type of Exploitation Type of Company Location
7-Eleven Accidental Data Exposure Convenience Store and Gas Station Chain Australia
Boardrider Ransomware Action Sports Retailer United States
Brooklyn Hospital Center Ransomware Full-Service Community Teaching Hospital United States
City of San Marcos Cyber-Attack Local Government Municipality United States
Datrix Phishing Attack Network Services and Cloud Solutions Provider United Kingdom
DeBella's Subs Malware Attack Rochester-Based Restaurant Chain United States
Disney+ Compromised User Accounts Media Streaming Service New Zealand
Everis Ransomware Managed Service Provider Spain
Exchange for Change Accidental Data Sharing Coordinator of Litter Reduction Program Australia
Florida Blue Phishing Attack Health Insurance Provider  United States
Great Plains Health Ransomware Local Hospital United States
InterMed Compromised Email Account Maine-Based Physician Group United States
James Fisher and Sons PLC Unauthorized Database Access Marine Services Provider United Kingdom
Lending Crowd Unauthorized Database Access Online Peer-to-Peer Lending Company United Kingdom
Liver Wellness Phishing Attack Medical Testing Company Ireland
Ma Ransomware Facility Services Retailer United States
Magellan Rx Management  Phishing Attack Full Service Pharmacy United States
Monash IVF Compromised Email Server  IVF Clinic and Fertility Program Australia
Nunavut Ransomware Local Government Canada
Ontario Science Center Credential Stuffing Attack Antivirus Software Provider Canada
PayMyTab Accidental Data Exposure Hospitality Payment Platform United States
Perth Compromised Email Account Capital of Western Australia Australia
Pipestone Kin-Ability Centre Unauthorized Network Access Non-Profit Serving Adults with Mental and Physcial Disabilities Canada
Prosegur Ransomware Cash Logistics and Private Security Company Spain
Rouen University Hospital Ransomware Full-Service Medical Facility France
Select Health Network Unauthorized Email Account Access Indiana-Based Collection of Healthcare Providers United States
Sixth June Malware Attack Online Fashion Store France
SmartASP.NET Ransomware Web Hosting Platform United States
Solara Medical Supplies Compromised Email Account Supplier of Diabetes-Related Treatment Products United States
Sport Australia  Compromised Email Account Government Agency Aiming in Support and Investment for Athletics Australia
sPower Cyber-Attack Renewable Energy Provider United States
Starling Physicians  Phishing Attack Conneticut-Based Healthcare Group United States
TD Canada Trust Unauthorized Account Access Financial Services Provider  Canada
UniCredit Exposed Database Banking and Financial Services Company Italy
University of Hertfordshire Accidental Data Exposure UK-Based Academic Institution United Kingdom
Utah Valley Eye Clinic Unauthorized Database Access Utah-Based Eye Clinic United States
Vistaprint Exposed Database Small Business Marketing Product Provider  Netherlands
Waterloo Brewing Company Phishing Attack Ontario-Based Brewing Company Canada
Waterloo Catholic District Ransomware Local Academic Institution Canada
Web.com Unauthorized Database Access Domain Name Registration and Web Services Provider United States

 

Come back next week to learn more about interesting topics with our next blog!

As one of Calgary’s top-rated IT service providers, GAM Tech specializes in delivering “big business” managed IT services to small and medium-sized organizations in Alberta and beyond. From disaster recovery and cloud solutions to VCIO services and strategic around-the-clock network security, GAM Tech has reliable, affordable solutions to keep you up and running.