The business sector was the leader for the number of data breaches in March 2018 with 45 breaches. These are breaches that are confirmed through media sources and/or notifications from state governmental agencies. The medical/healthcare industry had the second highest percentage of recorded breaches at 21 percent (19 breaches).
Both the business sector and the education sector saw an increase in breaches in March over the prior 2 months.
Looking at the method of compromise, hacking attacks represented nearly one-third of the breaches during the month of March. Of these incidents, 46 percent involved placing ransomware on the system and 36 percent identified phishing as the attack method.
Unauthorized access hit the financial industry the hardest in March with 77 percent of the breach notifications in this sector citing this as the cause of the breach. This compares to 32 percent in the medical sector and 31 percent in the business industry. Employee error/negligence/improper disposal/loss made up 14 percent of the overall total of breaches in March.
See the monthly breach report for March here.
Data Breaches in March
Facebook/Cambridge Analytica – not your typical data breach. The use of millions of Facebook users’ personal – and potentially private – information that was obtained by Cambridge Analytica
Some of the information that has yet to be shared by the organizations involved that could put social media users at an increased vulnerability for identity theft include which aspects of the users’ profile were used in the data mining process.
Accessing information such as physical address, phone numbers, email addresses, payment methods attached to their social profiles and other information that could be used to assume or create an identity are all part of a user’s Facebook profile. More details.
Florida Virtual Schools
Florida Virtual Schools announced a breach affecting students, parents, and teachers. The cause of this data breach involved a server that was misconfigured exposing a wide range of personal identifying information including, but not limited to: some current and former teachers’ social security numbers, names, contact information, date of birth, demographic and emergency contact information.
Orbitz
Orbitz contacted several Attorneys General offices regarding the hacking of its travel booking platform Orbitz.com. This incident exposed 880,000 records including full name, payment card information, date of birth, phone number, email address, physical and/or billing address and gender.
Under Armour/ MyFitness Pal
Under Armour notified customers regarding a breach of its MyFitnessPal platform. Usernames, email addresses, and passwords of 150 million users were exposed as a result of this incident.
Avoid Data Breaches
An important note to remember when it comes to cybersecurity and data breaches is bad actors persistently and effectively execute attacks, and you are a target. All you can do to avoid data breaches is have a cyber defense that prepared, ready, and able to thwart the enemy’s attacks.
Here’s what we recommend:
- Build a human firewall with Security Awareness Training. Make your employees independent security officers because they are your first line of defense.
- Vulnerability Management. To understand where you need to improve, you need to understand where your vulnerabilities are. We can help you identify where the gaps are in your infrastructure.
- Patch Management. After we know where the gaps are, we apply a patch management policy to your infrastructure to make sure those gaps are filled in.
- Endpoint Detection and Response. No OS or software is going to be 100% perfect – there are always going to be holes in it. so we have included EDR, a layered next-generation antivirus system. We can block viruses as well as dive into the systems to see what types of attacks are happening.
- Managed SIEM with Security Monitoring. Our 24×7 SIEM is the aggregator of all information. This correlates all the data in your system, which helps us determine if something is odd on your system.
And, we can do it with an all-in-one monthly, affordable subscription with Cybriant PREtect.