In the midst of all of the chaos caused by the coronavirus, cybercriminals are showing no signs of slowing down their attacks.
Government agencies, research organizations, healthcare providers and retailers alike are all coming under attack. Learn about some of this month’s most notable data breaches and cyber attacks in our monthly Data Breach Round-Up article series, the April edition.
Nintendo Confirms Data Breach of 160,000 Accounts
Nintendo recently confirmed in a statement last Friday that hackers managed to break into over 160,000 accounts. The company confirmed that hackers conducted numerous unauthorized login attempts to customers’ Nintendo Network ID’s since the beginning of April. The information accessed includes nicknames, birth dates, location (country), and email addresses. However, the company warns that if customers use the same password for their NNID as their Nintendo account, that they need to keep an eye out for possibly fraudulent purchases as credit cards and PayPal information can be linked to these accounts. In fact, recent reports suggest that the hackers had been using compromised accounts to purchase items like Fortnite VBucks.
To prevent this kind of breach from happening in the future, Nintendo plans to remove the ability to login to Nintendo accounts via the Network ID. They will be resetting the passwords of all accounts that may have been compromised in this incident. Those impacted will be notified by Nintendo via email and urged to set up two-factor authentication for their accounts to avoid unauthorized third-party access.
This news comes on the heels of the company’s recent surge in popularity due to the global quarantine, leading many to take to gaming as a source of escape or entertainment. The popular Nintendo Switch was out of stock in March and the company is still struggling to meet the high demand.
Detroit Hospital Suffers Data Breach Impacting 112,000 Patients
Beaumont Health, a Detroit-area healthcare provider, recently confirmed that an unauthorized third-party accessed the names, dates of birth, Social Security numbers, and medical conditions of over 112,000 patients, with some even having their bank account information and driver’s license numbers compromised. On March 29, administrators noticed that employee emails had been compromised by a phishing attack. They learned that hackers had accessed personal data belonging to the healthcare provider from May 23, 2019 through June 3, 2019, but the Beaumont says that there is no evidence to suggest that the data was misused.
This breach coincides with the increased concern in the cybersecurity community about the vulnerability of the global medical sector. While healthcare workers are working tirelessly to help fight the ongoing coronavirus pandemic, hackers have sought to capitalized on the urgency by targeting hospitals and healthcare organizations, some even demanding payments to regain access to critical systems.
UK Hardware Store Robert Dyas Hit by Payment Card Breach
British hardware store Robert Dyas recently suffered a data breach, resulting in exposed customer names, addresses as well as payment card information. The retailer revealed that card skimming malware was found on the company’s website which allowed hackers to steal sensitive customer financial data. The card skimmer was present starting on March 7 and ending on March 30, leaving the Robert Dyas’ website vulnerable for 23 days.
Customers who ordered goods using the company website during the 23-day period may have had their payment card details compromised, including card numbers, expiration dates, and CVV codes, as well as their names and billing addresses. The company became aware of the intrusion on March 30 and quickly worked to remove the malicious code from the site. It’s estimated that 20,000 customers are impacted by this data breach.
The UK’s Information Commissioner’s Office (ICO) has been notified of the incident and if Robert Dyas is found to be at fault for weak security measures, a GDPR fine could be imposed.
This news comes in the wake of the increased sales of home improvement products as UK citizens are on lock-down and forced to stay at home. Robert Dyas claims to have seen a massive boost in online sales following the lock down as homeowners look to occupy their time with DIY projects.
Genetics Testing Lab Exposes Medical Data on 233,000 Patients
Ambry Genetics, a California-based genetic testing laboratory, has reported an email hacking incident that may have exposed medical details belonging to 233,000 individuals. The company’s security team identified unauthorized access to an employee’s email account between January 22 and January 24. The company quickly conducted an investigation and was unable to determine where there was “unauthorized access to, or acquisition of, any information from the email account, and we are not ware of any misuse of any personal information.”
The company is notifying customers due to the potential of their PII being disclosed, including customer names, medical information, information on services provided by Ambry, and in some cases, Social Security numbers.
Due to the COVID-19 pandemic, laboratories and research institutions are being increasingly targeted. Hackers see these organizations as high-value since they are currently storing, processing and transmitting an increased amount of patient data and handling potentially large amounts of data that could help find the cure for COVID-19.
To stay up to date with the latest COVID-19 related cyberattacks and learn what government institutions and enterprises should be doing right now to defend against cyber-attacks, read our latest Coronavirus Cybersecurity Round-Up blog post.
Share this post