The total number of data breaches and cyberattacks identified by the ITRC as on 2nd November, 2018 is 1,027 and the total number of records exposed has crossed more than 57 million records (57,667,911 to be precise).

The first half of 2018 was dominant by the likes of Aadhar data breach, Jason’s Deli, Under Armour’s fitness app, to data breach and cyberattacks disclosed by Facebook, TicketFly, MyHeritage etc. Today we have look at the top list of data breaches and cyberattacks in the third quarter of 2018.

Who’s been Hacked? List of Q3 Data Breaches and CyberAttacks

NHS data breach

Date disclosed: July 2, 2018

The National Health Service (NHS) blamed a coding error that resulted in a data breach of 150,000 patients in England. The flaw was revealed to exist in the app developed by SystmOne.

 

21 Connecticut Higher Education Trust (CHET)

Date disclosed: July 3, 2018

In what appeared to have been the 1st instance of fradulent activity in CHET’s 20 plus year history, hackers breached 21 Connecticut Higher Education Trust (CHET) accounts and withdrew $1.4 million through a total of 44 unauthorized withdrawals.

In response to the breach, TFI upgraded its system, internal controls and manual reviews. It’s offering two years of identity fraud protection to affected account holders, $1 million in identity theft insurance coverage and is set to restore the hacked accounts “as if the unauthorized withdrawals never occurred,” said Denise Nappier, Connecticut’s State Treasurer.

 

Timehop

Date disclosed: July 4, 2018

Timehop, the application for smartphones that collects old photos and posts from Facebook, Instagram, Twitter, and Dropbox, experienced a network intrusion that led to a breach of around 21 million users. These include names, email addresses, dates of birth, gender of users, country codes, and some phone numbers.

The breach occurred because an access credential to Timehop’s cloud computing environment was compromised. That cloud computing account had not been protected by multifactor authentication. The company further added that they have now taken steps that include multifactor authentication to secure their authorization and access controls on all accounts.

 

Cosmos Bank of India

Date disclosed: August 15, 2018

Cosmos Bank in India revealed that hackers made off with $13.4m in stolen funds over the past weekend. Further reports out of the country disclosed that a group of attackers used cloned cards to withdraw cash from ATMs at a set time and perform a fraudulent SWIFT money transfer. Together, the efforts resulted in about Rs 94 crore ($13.4m) being stolen from the bank and its account holders.

The attack was believed to have taken place in two phases. The first, on Saturday between 1500 and 2200 local time, was an international effort with money mules in 28 different countries, all extracting cash from their local ATMs. According to the Hindustan Times, 15,000 transactions were carried out over the seven-hour period. The second phase took place Monday, when a SWIFT transaction saw Cosmos move Rs 13.5 crore ($1.93m) to an account at a bank in Hong Kong.

While no official culprit for the attack has been named, the Economic Times has reported that North Korea’s Lazarus Group (who have previously targeted banks in the region) is the likely offender.

 

GOMO

Date disclosed: Aug 14, 2018

GOMO, one of the leading mobile application developer and mobile advertising platform in China, leaked more than 50 million consumers’ information due to a misconfigured backup, a lot of those 50 million consumers were children.

The vulnerability was discovered by the security researcher known as Flash Gordon on May 17 and fixed by the company on May 30.

Some of the data exposed by the leak indicated that the most frequent user languages represented in the files were English, Spanish, Indian, and French. There were 273 languages and 301 countries represented in the data.

The leaked data comprised of the following:

50,553,664 unique accounts
47,415,210 unique devices
4,379 distinct mobile numbers in account
51,426,769 distinct email addresses in accounts,
48,255,172 profiles, and
4 system users.

 

myPersonality

Date disclosed: August 22, 2018

Facebook notified that close to 4 million of its user data may have been misused by myPersonality, a third party app that allowed Facebook users to participate in psychological research.

The company further added that they “currently have no evidence” that myPersonality obtained data from friends of those 4 million users, but added that they will contact everyone affected if that is the case.

 

Texas Voters

Date disclosed: August 23, 2018

More than 14 million voter records containing personal information of Texas residents was found online. TechCrunch first reported that the data — a single file containing an estimated 14.8 million records — was left on an unsecured server without a password. Texas has 19.3 million registered voters.

 

British Airways 

Date disclosed: September 5, 2018

In the most serious attack on British Airways’s website and app, the credit card details of hundreds of thousands of its customers were stolen over a two-week period.

The attack came 15 months after the carrier suffered a massive computer system failure at London’s Heathrow airport, which stranded 75,000 customers over a holiday weekend.

 

Facebook

Date disclosed: September 28, 2018

The billion dollar social media giant was once again in the middle of another cybersecurity incident which was the largest in the company’s 14-year history. The Facebook security breach was a result of an attack on its computer network that had exposed the personal information of nearly 50 million users.

Click here to know more why the data breach was more harmful than you think.

 

Appknox | Mobile App Security, Resources, Best Practices & News appnox-detect Top List of Q3 Data Breaches And CyberAttacks Security