Coleman Technologies Blog

Coleman Technologies Blog

We can give your organization comprehensive IT services and 24/7/365 live support for a predictable monthly fee. Stop stressing about technology, and start focusing on growing your business.

Recent Data Breaches You Should Know

September

9/5 

Providence Health Plan - 122,000 members of the Providence Health Plan had personal information leaked when an unauthorized party accessed the company’s servers. Information that was stolen included plan member names, addresses, email addresses, dates of birth, Social Security numbers, member ID numbers, and subscriber numbers.

Facebook - Facebook had an unprotected server with over 419 million records accessed.  Users had their Facebook’s user ID and phone number exposed. In some cases, user’s names, genders, and locations were also leaked.

9/16

Dealer Leader, LLC. - 198 million prospective car buyers were left exposed by an unprotected server. The information that was left out there included names, email addresses, phone numbers, addresses, and IPs.

9/27

DoorDash - The popular food delivery app had 4.9 million customers’ information breached by a third-party. The information left exposed included the names, delivery addresses, phone numbers, hashed passwords, order history, and the last four numbers of each’s credit card number. In the same hack, over 100,000 delivery drivers had their driver's license information leaked. 

9/30

Zynga - The mobile game maker, Zynga, the developer of popular mobile games such as Farmville and Words with Friends has announced that 218 million players had their data exposed after their network was breached by a hacker.  The company had player names, email addresses, login IDs, phone numbers, Facebook IDs and more left exposed.

October

10/17 

Methodist Hospitals of Indiana - The Methodist Hospitals of Indiana fell victim to an email phishing scam and it allowed hackers to steal 68,000 records that included names, addresses, dates of birth, Social Security numbers, driver’s licenses, and more. 

10/21

Autoclerk - Autoclerk, a hotel property management software developer had an open database infiltrated exposing data that included names, dates of birth, home addresses, phone numbers, dates of travel, travel costs, room numbers, and some masked credit card details of hundreds of thousands of guests. 

10/22

Kalispell Regional Healthcare - Over 130,000 Social Security numbers, addresses, medical record numbers, dates of birth, medical histories and treatment information, and names of treating physicians were exposed by hackers.

10/26

Adobe - Data was exposed that included email addresses, usernames, location, Adobe product licenses, account creation dates, and payment statuses. 7.5 million users were affected.

10/27

Network Solutions - The world’s oldest domain name provider has been exposed in a hack. Millions of individuals’ data that included names, addresses, phone numbers, email addresses, and service information was compromised.

November 

11/9 

Texas Health Resources - The Texas-based health care provider reported a data breach where 82,000 patient records were exposed. Included in the breach were names, addresses, email information, health information, and more. 

11/16 

Disney Plus - The brand-spanking-new Disney+ streaming service had new user account information hijacked by hackers. Login credentials wound up on the Dark Web soon after. 

Magic the Gathering - The popular online strategy game has reported that an unsecured website database has exposed 452,000 player records that include names, usernames, and more. 

11/18

State of Louisiana - The State of Louisiana has been a victim of a ransomware attack that took down many state agencies’ servers. Although no data is said to be lost, the state’s crucial computing infrastructure was down for several days as systems were restored from backup.

11/19

Macy’s - Macy’s had their ecommerce site hacked. Hackers embedded malicious code into their checkout page and put a skimming code on the company’s Wallet page. The malware retrieved names, addresses, phone numbers, email addresses, payment card numbers, card security codes, and card expiration dates.

11/22 

T-Mobile - T-Mobile had over a million customers’ information accessed by a hacker. Information accessed included names, billing addresses, phone numbers, rates, and calling features.

Unknown - An unsecured server containing over 622 million email addresses and 50 million phone numbers, and millions of pieces of other information was discovered. It is unknown what organization this data is tied to as the time of writing.

With hundreds of millions of records being exposed each month, it’s hard to feel confident about giving your personal or financial information to anyone in the current threat landscape. If your business needs help trying to be secure, call us today at (604) 513-9428.

0 Comments
Continue reading

Former Trend Micro Employee Sold 68,000 Customer Records to Scammers

How Does This Happen?

An employee had access to data that they weren’t authorized to have. According to Trend Micro, they were able to “gain access to a customer support database that contained names, email addresses, Trend Micro support ticket numbers, and in some instances telephone numbers. There are no indications that any other information such as financial or credit payment information was involved…”

This employee, who remains unnamed, apparently had planned to steal data, and ended up being able to bypass the internal protections Trend Micro had in place.

Since the data had more than enough information for a scammer to use to trick a user into believing they were calling from Trend Micro (all it really takes is a name and phone number, and knowing that they use the product), this kind of data has a great deal of value to scammers. It gives them an easy way in to steal money from unsuspecting people under the guise of Trend Micro tech support.

Be Wary of Any Unsolicited Tech Support Calls

This isn’t a new problem, and it definitely isn’t only a problem for Trend Micro customers. Fake tech support scammers have been around for years, often preying on older, less-technically-savvy users. They use scare tactics and feign urgency to get their victim to hand over credit card information or allow remote access to the PC. 

More often than not, these calls will come in saying they are “Microsoft Windows Support” or some general computer support. If the scammer thinks they are targeting an individual at a business, they might say they are from the IT department.

It’s important to be wary and educate your employees so they know the proper channels for getting support requests handled. 

The Other Lesson - Don’t Let Employees Access Data They Don’t Need

As a business owner, you need to ask yourself who has a little too much access. Can all employees wander into folders on your network that contain personal or financial information? 

An employee should only have access to the data that they need, although it’s also important to not make it too difficult for an employee to do their job. Establishing the policies for this can be tricky but setting up the permissions on your network just takes a little work with your IT provider.

Enforcing security policies, like controlling who has access to what data, requiring strong passwords, and setting up multi-factor authentication can go a long way in protecting your business and its customers from a rogue employee running off with data. An ounce of prevention is worth a ton of damage control, in this case.

Need help? Our IT experts can work with you to lock down your data. Give us a call at (604) 513-9428.

0 Comments
Continue reading

Biggest Data Breaches Since May

May

May 2, 2019 - Citrix

Conferencing and digital workplace software company, Citrix, revealed that hackers gained access to the company’s network between October 2018 and March 2019. Data stolen included Social Security numbers, financial information, and data of current and former employees.

May 3, 2019 - AMC Networks

1.6 million users of AMC Network’s Sundance Now and Shudder streaming services had their data left exposed through a database that was left unsecured. Names, email addresses, subscription details were compromised. 

May 9, 2019 - Freedom Mobile

Freedom Mobile, a Canadian mobile provider had an estimated 1.5 million customers’ personal and financial information left exposed on a third-party server. The types of data left exposed included names, email addresses, mailing addresses, dates of birth, and credit card information.

May 13, 2019 - Indiana Pacers

The legal team behind the National Basketball Association’s Indiana Pacers was the victim of a major phishing attack. Employee and customer names, addresses, dates of birth, Social Security numbers, passport numbers, driver’s license numbers, medical insurance information, card numbers, digital signatures and login information. No number of affected individuals has been given by the team.

May 14, 2019 - WhatsApp

WhatsApp has experienced a security flaw that provided access to an Israeli government surveillance agency, NSO Group. NSO Group had limited access to the microphone, camera, and WhatsApp message text of the app’s 1.5 billion users. 

May 20, 2019 - Instagram

Facebook-owned Instagram, fell victim to a data breach that exposed more than 49 million Instagram influencers, celebrities, and brands’ Instagram information when an Indian-based social media marketing company left it exposed. 

May 24, 2019 - Canva

The 139 million users of Canva, a cloud-based graphic design tool, had their names, usernames, and email addresses exposed when hackers infiltrated their server. 

May 24, 2019 - First American Financial Corporation

First American Financial Corp., a leading title insurer for the U.S. real estate market, had 885 million customers’ Social Security numbers, bank account numbers, mortgage and tax records, wire transaction receipts, and driver’s license images compromised for all customers as far as back as 2003.

Other May breaches: Inmediata Health Group, Uniqlo, Wyzant, Flipboard, Checkers (the fast food chain).

June

June 3, 2019 - Quest Diagnostics

Almost 12 million patient records have been compromised when hackers took control of the payments page of AMCA, a major payment vendor for Quest Diagnostics. Data such as financial account data, Social Security numbers, and health information (ePHI) were left exposed.

June 4, 2019 - LabCorp

In the same hack, LabCorp announced that 7.7 million of its customers were impacted. 

June 6, 2019 - Opko Health

In the same attack, Opko Health had 422.600 customer and patient records compromised. 

June 10, 2019 - Emuparadise

The gaming website Emuparadise had their users’ IP addresses, usernames, and passwords exposed in a data breach. 

June 11, 2019 - Evite

More than 100 million users of the Evite event planning app have had their information put up for sale on the dark web. Information that was stolen included names, email addresses, IP addresses, and cleartext passwords. Some even had their dates of birth, phone number, or postal address exposed.

June 11, 2019 - Total Registration

Kentucky-based Total Registration, a facilitator of scholastic test registrations had their entire service compromised. Victims, who were mainly students who had registered for PSAT and Advanced Placement tests, had their names, dates of birth, grade level, gender, and Social Security number exposed. 

June 12, 2019 - Evernote

A security vulnerability in Evernote’s Web Clipper Chrome extension gave hackers access to the online data of over 4.5 million users. Exposed data includes authentication, financial, all private communications, and more.

June 20, 2019 - Desjardins

Over 2.7 million individuals and 173,000 businesses had their data stolen by a single Desjardins employee. Canada’s largest credit union, the hack resulted in the exposure of names, dates of birth, social insurance numbers, addresses, phone numbers, and email addresses of customers

Other June breaches: Oregon Department of Human Services, U.S. Customs and Border Protection, EatStreet, Dominion National

July

July 17, 2019 - Clinical Pathology Laboratories

Due to the AMCA breach that affected Quest Diagnostics, Opko Health, and Labcorp, Clinical Pathology Laboratories had 2.2 million patients’ personal and medical information exposed with an additional 34,500 patients’ credit card or banking information breached. 

July 18, 2019 - Sprint 

A still unknown number of Sprint customer accounts were hacked through Samsung.com’s “add a line” website. Some exposed information included names, billing addresses, phone numbers, device types, device IDs, monthly recurring charges, account numbers, and more. 

Other July breaches: Maryland Department of Labor, Los Angeles County Department of Health Service, Essentia Health, Fieldwork Software, Los Angeles Personnel Department

August

August 5, 2019 - Poshmark 

The online marketplace, Poshmark, has announced that they’ve been hacked. Usernames and email addresses of an unreported amount of clients have been exposed in the breach. Poshmark has nearly 50 million users.

August 5, 2019 - Stock X

The online fashion-trading platform had its over 6.8 million user accounts exposed. Data that was out there included customer names, email addresses, usernames and passwords, shipping addresses, and purchase histories. 

August 9, 2019 - CafePress

A data breach at CafePress, a custom t-shirt and merchandise company, exposed the names, email addresses, physical addresses, phone numbers, and passwords of over 23.2 million customers. 

August 15, 2019 - Choice Hotels

Hackers left over 700,000 guest records exposed in a coordinated extortion attempt on the Choice Hotel chain. Stolen information included names, addresses, and phone numbers. 

August 16, 2019 - Biostar 2

VPNMentor and independent security researchers uncovered a data breach containing over a million individuals’ facial recognition information as well as the unencrypted passwords and usernames of 27.8 million individuals exposed from Biostar 2, a biometric security platform. 

August 27, 2019 - Hostinger

Hostinger, a web hosting company sent out an email to their 14 million clients who had their information hacked through an API server. As a result, first names, usernames, email addresses, IP addresses and hashed passwords were exposed.

Other August breaches: Presbyterian Healthcare Services, State Farm, MoviePass

Before your business has its network breached, data stolen, and reputation irreparably harmed, call the security professionals at Coleman Technologies to do a full security assessment. We can help you keep your data and reputation intact. Call us today at (604) 513-9428 to learn more. 

0 Comments
Continue reading

About Coleman Technologies

Coleman Technologies has been serving the British Columbia area since 1999, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses. Our experience has allowed us to build and develop the infrastructure needed to keep our prices affordable and our clients up and running.

get a free quote

Recent News

If you feel like you have too many browser tabs open at any given time, then you'll be happy to know that you can sometimes save certain browser tabs as a standalone application on your device. This will give them their own icon and make accessing th...

Contact Us

20178 96 Avenue, C400
Langley, British Columbia V1M 0B2

Mon to Fri 9:00am to 6:00pm

support@coleman.biz

(604) 513-9428

Coleman Technologies Inc Proud Member of

Image
Image
Image