Hackers Raid Human Rights Center and Pwn Free Web Hosting Service; Marks & Spencer Accidentally Breaches Customer Data
Tupungato/Shutterstock.com
Just another week in ThreatWatch, our regularly updated index of noteworthy data breaches.
In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:
S.C. Hospital Employee Accused of Compromising Thousands of Patient, Staff Records
Bon Secours St. Francis Health System is investigating a multiyear data breach allegedly orchestrated by a staffer.
This summer, other employees began reporting concerns regarding unpaid balances and charges to their insurance plans for a prescription cream.
Health system officials said in a statement they became aware Aug. 26 of "a concerning pattern of access of patient medical records by this employee."
The employee has since been fired.
Department Store Marks & Spencer Exposed Customer Data
A technical glitch allowed the retailer’s customers to see one another's account details.
Customers posted messages on the Marks & Spencer's Facebook page to inform the chain of the data breach. Online visitors said they were able to see past orders and personal information of other customers when they logged on to register their loyalty cards, a recently launched store perk.
No customer financial details were compromised, the store said.
But some shoppers claimed they could see other people’s payment details. A spokeswoman said people might have been able to see the last four digits of another person’s payment card “for a brief moment," but because the details were encrypted, there was no security risk.
One customer, Russell Harding, wrote: “Well, I tried to register my Sparks card but logged into my account and found another person's details, orders and personal information. This is more than a glitch in the system, this is totally reckless ... What I want to know is who has my information and now what can they do with it.”
13 Million Customers at Risk, After Break-in at Free Web Hosting Service
Web services firm 000webhost suffered a breach of its main server.
The attacker got inside through an opening in an old, unpatched version of programming language the company was using. The intruder then uploaded malicious files and gained access to the service's systems.
“Not only was the full database containing the usernames, passwords and email addresses compromised, but this information has been dumped online,” ZDNet reports.
The passwords posted on the Web are in plain text.
Computer Theft at University Unnerves Human Rights Community
A desktop and external hard drive stolen hold the names and stories of people who survived the war in El Salvador. The break-in happened in the offices of the University of Washington’s Center for Human Rights.
The equipment contains personal testimonies part of human rights investigations involving survivors of a civil war that killed more than 75,000 people between 1980 and 1991. During the conflict, the United States provided military aid to the Salvadoran government.
Earlier in October, the center filed a lawsuit against the CIA, requesting documents involving possible human rights violations.
There was no sign of forced entry at the center.
The offices have backups of the information stolen, but the director is worried about whether the survivors identified in the data will be targeted.
(Image via Tupungato/Shutterstock.com)