At this point, we’re used to cyberattacks threatening the security of our data, devices and networks. However, it now appears that hackers might also threaten the safety of our food.
A new report by University of Minnesota researchers suggests that attacks on industrial control systems could lead to contaminated food. Such attacks could lead to public health issues, environmental damage, harm to food production workers, destroyed equipment and more. As other industries harden their cyber security defenses, food production industries could become a target for hackers.
The report underlines how much we rely on computers, even those designed for a pre-cyberattack world. It’s a wakeup call that tells us no one is safe. That’s why it’s shocking that the 2019 Chubb Cyber Risk Survey found that only 31 percent of employees receive annual security awareness training. A mere 19 percent of survey respondents said that they learn about cybersecurity protection through their employer.
Meanwhile, Texas recently announced that it would implement mandatory cybersecurity training for all state and local government employees. This announcement comes about one month after a widespread cyberattack targeted at least 20 Texas government entities. Texas government employees will need to complete their training by June 14, 2020.
Without further ado, let’s review some of the top data breach news stories from the last month. We start with a data breach affecting people from Sacramento, the headquarters of Capital Network Solutions.
U.S. DATA BREACH NEWS (Sept. 16-Oct. 8, 2019)
A data breach of Oakland-based health provider Kaiser Permanente exposed personal information on 990 Sacramento area patients. Hackers gained access to the data through a Sacramento area provider’s email account. The information, which includes ages, genders, dates of birth and medical information, got exposed for 13 hours before IT security identified and fixed the issue. Kaiser says that Social Security numbers and financial data did not get compromised in the breach.
After initially reporting that a 2018 breach affected only 500 people, Ramsey County in Minnesota now says 118,000 people who had their data exposed in the attack. The breach occurred when hackers compromised two email accounts in an attempt to steal employee paychecks. Compromised information includes names, addresses and birthdates of people who received Ramsey County services. Affected parties will receive free credit monitoring services from the county.
Just a few days after confirming an acquisition by “education tech giant” Chubb, the online education site Thinkful announced a data breach. Brooklyn-based Thinkful did not confirm when the breach happened or if Chegg knew about it before the acquisition. PII compromised in the attack includes Social Security numbers, government-issued ID numbers and financial information. Meanwhile, Thinkful reset the passwords of all of its 40 million users after the attack.
Lee County became the latest Florida government entity to get hit with a cyberattack. The attack shut down the city website and all online operations, taking down such services as online building permit applications. County IT staff are working around the clock to fix the issue, with no timetable for a resolution. Said Lee County Manager Roger Desjarlais, “I can tell you that we get attacks every day.”
The Bay Area town of Union City turned to state and federal cybersecurity experts when a virus infected city servers. As recently as Sept. 23, all city email accounts and systems that process administrative services remained inaccessible. The city planned to waive late fees while they restored services and attempted to prevent the virus from spreading.
Northshore School District in Washington is working with law enforcement and industry experts to recover from a Sept. 20 cyberattack. The attack compromised school district systems, but officials say that personal data did not get exposed. However, district computers remain down while officials investigate the incident.
Count Bakersfield among the eight cities affected by last year’s Click2Gov data breach. The breach occurred through the Click2Gov platform, which experienced a breach of third-party payment software in Nov. 2018. Click2Gov parent company CentralSquare is working with the city to fix the issue. Bakersfield already announced that they would stop using Click2Gov software and move to a more secure payment system.
Of course, Bakersfield isn’t the only city that uses Click2Gov, so more breach notifications came swiftly. The same week that the Bakersfield breach got announced, officials in Iowa and Florida confirmed that they also got hit. Ames city officials warned that 1,500 Iowa residents who paid parking tickets online had their PII compromised. Meanwhile, Palm Bay city officials notified 8,500 Floridians about a breach affecting its online billing system.
The popular food delivery service DoorDash confirmed a data breach affecting nearly 5 million customers, merchants and deliverypeople. DoorDash claims the breach only affects people who signed up for the service before April 5, 2018. Exposed PII includes names, emails, delivery addresses, phone numbers and partial payment card information. Additionally, the driver’s license numbers of roughly 100,000 deliverypeople got exposed in the breach.
Just as DoorDash started notifying affected parties, the first of what is sure to be many breach-related lawsuits got filed. A Queens woman affected by the data breach filed a class-action suit in Brooklyn federal court against the San Francisco-based company.
Speaking of breach-related litigation, New York Attorney General Letitia James filed a lawsuit that accuses Dunkin’ Donuts of mishandling a series of 2015 cyberattacks. The brute force attacks impacted the data over 300,000 customers, including 36,000 New Yorkers. Hackers stole tens of thousands of dollars of customer rewards in the attack. New York recently strengthened the state’s data breach notification laws with the passage of the SHIELD Act.
Social gaming company Zynga, maker of Words with Friends, disclosed that hackers might have illegally accessed player accounts. A cybercriminal going by the name of Gnosticplayers claimed responsibility for the database breach, which affected 200 million players. The breach affects users on both the Android and iOS platforms of Words with Friends. Compromised data includes names, email addresses, login IDs, phone numbers, Facebook IDs and Zynga account IDs.
The city of Pocatello in Idaho recently mailed data breach notices to online utility customers. Pocatello’s online portal got breached by users, leaving credit card information “subject to unauthorized access.” Exposed information includes names, addresses, credit or debit card numbers, expiration dates and CVV numbers. Meanwhile, the city is working with the FBI, Pocatello Police Department, Idaho Attorney General and the Multi-State Information Sharing and Analysis Center.
The largest medical center in Alabama experienced a data breach that exposed PII on over 19,000 patients. Hackers accessed UAB employee email accounts in August by using a phishing email made to look like an employee survey. The exposed PII includes names, medical record numbers, birthdates and Social Security numbers. UAB reset passwords on the compromised accounts, and it plans to offer free credit monitoring and reporting to affected patients.
Check back for more data breach news stories later this month. Meanwhile, if you’re concerned about the security of your business network, call Capital Network Solutions at (916) 366-6566.