26 June 2020

IRM Weekly Cybersecurity Roundup: Twitter data breach and more

Twitter business clients victims of data breach

Twitter has emailed its business clients to tell them that their personal information (including email addresses, phone numbers and credit card details) may have been compromised.

This breach has affected those who use Twitter’s advertising and analytics platform.

The email from Twitter stated: “We’re very sorry this happened. We recognise and appreciate the trust you place in us, and are committed to earning that trust every day.”

You can read more here.

Two-year long data breach at care provider

It has been revealed that a cybersecurity breach at a senior care provider in Florida went unnoticed for two years.

Cano Health discovered employee email accounts had been compromised by threat actors in April 2020. It’s thought that the accounts had been accessed multiple times across the long stretch of security breach which started in May 2018.

Three accounts are said to have been accessed and an examination showed that patient personal information had also been accessed.

The company is now offering free credit monitoring services to patients whose financial information may have been affected by the data breach.

You can read more here.

Indian cyber-attacks through the roof since lockdown

Figures show that cyber-attacks in India have increased by as much as 500% since lockdown in March.

The information comes from internet services providers who receive alerts as cyber-attacks happen. According to these providers, attacks tend to be below the radar and often lead to money lost through tactics like phishing.

This news is no surprise after the Indian Computer Emergency Response Team, the government’s cybersecurity agency, put out and advisory against possible phishing attacks.

You can read more here.

Three staff leave Council after security breach

One person has been fired and another two have left South Gloucestershire Council after three data breaches occurred.

Amongst the 198 security incidents reported from the Council last year, the three key incidents in question are:

  • A letter containing a foster child’s address sent to the birth mother
  • A council officer disclosing to a father the identity of a neighbour who had reporting concerns about his ability to look after his children
  • Sensitive information included in a report which was sent to the mother of a child who was thought to be at risk from that person

Investigations were launched by the Council and whilst some of the errors were concluded as genuine one-off mistakes, the others lead to more serious disciplinary action.

You can read more here.

Quick-Fire Updates

Half of businesses admit to inappropriate cybersecurity policies for remote working: A recent survey has shown that nearly half of UK businesses think their cybersecurity policies are unfit for a permanent remote working business model. Read more here.

EasyJet faces legal battles over data breach: 10,000 customers have taken against the airline after the personal details of 9 million passengers were breached by a cyber-attack. Read more here.