Hackers Fool Bitpay Execs and Expose Lloyds Premier Account Holders, While Insiders Accidentally Leak Patient Records on Amazon Cloud
Just another week in ThreatWatch, our regularly updated index of noteworthy data breaches.
In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:
Hacker Cons Virtual Currency Processor Bitpay Out of $1.8M
Bryan Krohn, the company’s chief financial officer, got an email from someone purporting to be an editor at a digital currency magazine. The message asked Krohn to discuss a bitcoin industry document saved as a Google Doc.
Unknown to Krohn or Bitpay, a hacker had sent the email after compromising the real editor’s computer.
The fraudulent email directed Krohn to a website controlled by the hacker, where Krohn provided the Google credentials for his Bitpay corporate email account to access the document.
After capturing the credentials, the hacker used them to crack open Krohn's email account and fraudulently prompt transfers of bitcoin valued at $1,850,000.
Contractor Mistakenly Publishes 1.5 Million Confidential Patient Records on Amazon Web Services
A tech enthusiast, who had heard strange data dumps could turn up on the cloud computing platform, started combing through and, in early September, found the assemblage.
Human error left the private medical information of millions of Americans sitting open on the World Wide Web. The data included police injury reports, drug tests, detailed doctor visit notes, and Social Security numbers, among other items.
After Chris Vickery, the techie, downloaded the data and realized what it was, he started contacting the organizations affected. Among those affected: Kansas’ State Self Insurance Fund, CSAC Excess Insurance Authority, and the Salt Lake County Database.
Shortly after Vickery reached the victim organizations, the database disappeared from the Amazon cloud subdomain
N.C. School District Leaks Details on Potential Hires
Charlotte-Mecklenburg Schools notified individuals who applied for positions in the district that their personal information was inappropriately shared with a contractor. The information was cataloged for an online database of potential new employees.
The personal data that was exchanged includes applicant names, addresses and Social Security numbers.
Stolen Device Held Personal Data on Thousands of Lloyds Bank Customers
The breach affects customers who opened a Premier Account with Lloyds between 2006 and 2012, and then made a claim on the account's emergency home insurance policy.
The pilfered storage device is described as being the same size as an old-school video recorder -- perfectly portable.
It contained customer names, addresses, account numbers and sort codes.
(Image via Julia Tsokur/ Shutterstock.com)