At this point, we’re used to cyberattacks threatening the security of our data, devices and networks. However, it now appears that hackers might also threaten the safety of our food.
A new report by University of Minnesota researchers suggests that attacks on industrial control systems could lead to contaminated food. Such attacks could lead to public health issues, environmental damage, harm to food production workers, destroyed equipment and more. As other industries harden their cyber security defenses, food production industries could become a target for hackers.
The report underlines how much we rely on computers, even those designed for a pre-cyberattack world. It’s a wakeup call that tells us no one is safe. That’s why it’s shocking that the 2019 Chubb Cyber Risk Survey found that only 31 percent of employees receive annual security awareness training. A mere 19 percent of survey respondents said that they learn about cybersecurity protection through their employer.
Meanwhile, Texas recently announced that it would implement mandatory cybersecurity training for all state and local government employees. This announcement comes about one month after a widespread cyberattack targeted at least 20 Texas government entities. Texas government employees will need to complete their training by June 14, 2020.
Without further ado, let’s review some of the top data breach news stories from the last month. We start with a data breach affecting people from Sacramento, the headquarters of Capital Network Solutions.
U.S. DATA BREACH NEWS (Sept. 16-Oct. 8, 2019)
The Sacramento Bee: Kaiser Data Breach Exposed Information on Nearly 1,000 Sacramento Area Patients
A data breach of Oakland-based health provider Kaiser Permanente exposed personal information on 990 Sacramento area patients. Hackers gained access to the data through a Sacramento area provider’s email account. The information, which includes ages, genders, dates of birth and medical information, got exposed for 13 hours before IT security identified and fixed the issue. Kaiser says that Social Security numbers and financial data did not get compromised in the breach.
The Star Tribune: Ramsey County Data Breach May Have Affected Nearly 118,000 People
After initially reporting that a 2018 breach affected only 500 people, Ramsey County in Minnesota now says 118,000 people who had their data exposed in the attack. The breach occurred when hackers compromised two email accounts in an attempt to steal employee paychecks. Compromised information includes names, addresses and birthdates of people who received Ramsey County services. Affected parties will receive free credit monitoring services from the county.
Just a few days after confirming an acquisition by “education tech giant” Chubb, the online education site Thinkful announced a data breach. Brooklyn-based Thinkful did not confirm when the breach happened or if Chegg knew about it before the acquisition. PII compromised in the attack includes Social Security numbers, government-issued ID numbers and financial information. Meanwhile, Thinkful reset the passwords of all of its 40 million users after the attack.
Cape Coral Daily Breeze: Lee County System Suffers Cyberattack
Lee County became the latest Florida government entity to get hit with a cyberattack. The attack shut down the city website and all online operations, taking down such services as online building permit applications. County IT staff are working around the clock to fix the issue, with no timetable for a resolution. Said Lee County Manager Roger Desjarlais, “I can tell you that we get attacks every day.”
Government Technology: Union City, Calif. Enlists Help of Cybersecurity Experts
The Bay Area town of Union City turned to state and federal cybersecurity experts when a virus infected city servers. As recently as Sept. 23, all city email accounts and systems that process administrative services remained inaccessible. The city planned to waive late fees while they restored services and attempted to prevent the virus from spreading.
Legal Newsline: Attorneys Target Carl’s Golfland Data Breach
Here’s an example of how quickly things can go wrong for your business after a successful cyberattack. Illinois resident Nik Turik filed a complaint against online retailer Carl’s Golfland on Aug. 30, just one day after the company announced a data breach. Turik claims his PII was compromised, and that his payment card was used by cybercriminals to make unauthorized purchases. The suit alleges that Carl’s Golfland knew about the data breach in June but neglected to tell affected customers. Hackers stole names, shipping information and credit card CVV codes in the attack.
Northshore School District in Washington is working with law enforcement and industry experts to recover from a Sept. 20 cyberattack. The attack compromised school district systems, but officials say that personal data did not get exposed. However, district computers remain down while officials investigate the incident.
Count Bakersfield among the eight cities affected by last year’s Click2Gov data breach. The breach occurred through the Click2Gov platform, which experienced a breach of third-party payment software in Nov. 2018. Click2Gov parent company CentralSquare is working with the city to fix the issue. Bakersfield already announced that they would stop using Click2Gov software and move to a more secure payment system.
Of course, Bakersfield isn’t the only city that uses Click2Gov, so more breach notifications came swiftly. The same week that the Bakersfield breach got announced, officials in Iowa and Florida confirmed that they also got hit. Ames city officials warned that 1,500 Iowa residents who paid parking tickets online had their PII compromised. Meanwhile, Palm Bay city officials notified 8,500 Floridians about a breach affecting its online billing system.
Sacramento CBS Local: DoorDash Says 4.9 Million People Affected By Data Breach
The popular food delivery service DoorDash confirmed a data breach affecting nearly 5 million customers, merchants and deliverypeople. DoorDash claims the breach only affects people who signed up for the service before April 5, 2018. Exposed PII includes names, emails, delivery addresses, phone numbers and partial payment card information. Additionally, the driver’s license numbers of roughly 100,000 deliverypeople got exposed in the breach.
Just as DoorDash started notifying affected parties, the first of what is sure to be many breach-related lawsuits got filed. A Queens woman affected by the data breach filed a class-action suit in Brooklyn federal court against the San Francisco-based company.
Government Technology: New York AG Sues Dunkin’ Donuts Over Data Breach Handling
Speaking of breach-related litigation, New York Attorney General Letitia James filed a lawsuit that accuses Dunkin’ Donuts of mishandling a series of 2015 cyberattacks. The brute force attacks impacted the data over 300,000 customers, including 36,000 New Yorkers. Hackers stole tens of thousands of dollars of customer rewards in the attack. New York recently strengthened the state’s data breach notification laws with the passage of the SHIELD Act.
NBC29-TV News: Charlottesville Officials Respond to Security Breach
Due to a security breach at City Hall, hackers accessed the email account of a city employee in Charlottesville, Virginia. No money got lost in the cyberattack, but over 10,000 current and former utility customers had their personal information exposed. The exposed information includes Social Security numbers, addresses and driver’s license numbers. Ironically, the city was investigating an unrelated phishing attack when it discovered this data breach.
Social gaming company Zynga, maker of Words with Friends, disclosed that hackers might have illegally accessed player accounts. A cybercriminal going by the name of Gnosticplayers claimed responsibility for the database breach, which affected 200 million players. The breach affects users on both the Android and iOS platforms of Words with Friends. Compromised data includes names, email addresses, login IDs, phone numbers, Facebook IDs and Zynga account IDs.
The city of Pocatello in Idaho recently mailed data breach notices to online utility customers. Pocatello’s online portal got breached by users, leaving credit card information “subject to unauthorized access.” Exposed information includes names, addresses, credit or debit card numbers, expiration dates and CVV numbers. Meanwhile, the city is working with the FBI, Pocatello Police Department, Idaho Attorney General and the Multi-State Information Sharing and Analysis Center.
The largest medical center in Alabama experienced a data breach that exposed PII on over 19,000 patients. Hackers accessed UAB employee email accounts in August by using a phishing email made to look like an employee survey. The exposed PII includes names, medical record numbers, birthdates and Social Security numbers. UAB reset passwords on the compromised accounts, and it plans to offer free credit monitoring and reporting to affected patients.