Hackers Plunder Cryptocurrency Exchange and Car Insurance Data

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:

School Board Association Suffers Data Breach

Employees of a Texas school board association late last month had their personal information compromised in what appears to be a data breach that inadvertently posted their Social Social numbers online. 

A spokeswoman for the Victoria school district, which was affected by the breach, said the information "was essentially posted to the internet" and not obtained by "a hacking in the system," according to Victoria Advocate. In addition to Social Security numbers, the leaked information included employee names.

Action was taken immediately to secure the leaked information, and a computer forensics company came in to investigate the matter. 

"We are taking numerous steps to prevent something like this from happening again, including a comprehensive review of all of our data security measures," said a letter by James Crow, executive director of Texas Association of School Boards.

Those affected by the breach have been offered a year of credit monitoring and identity theft solution services. A spokeswoman for the association said there's no sign the leaked information has been used. 

Data Breach at Top Cryptocurrency Exchange Leads to Stolen Coins

Bithumb, one of the largest bitcoin exchanges in the world, recently discovered theft of the personal information of more than 31,800 users—and some drained digital wallets.

Based in South Korea, the exchange hosts one of the world’s top five largest bitcoin markets, and the largest of ether, another form of cryptocurrency.

The company said it discovered the breach June 29 and the thieves made off with the names, cellphone numbers and email addresses of 3 percent of its users, Brave New Coin reported.

Bithumb said the funds weren’t accessed, but many users reported having their digital wallets emptied after receiving a call from someone claiming to be a Bithumb representative. The imposter asked for additional account information like one-time passwords.  

The company pledged to cover losses up to 100,000 won (or about $87), though one user reportedly lost 10 million won. The Korea Internet and Security Agency, the Korea Communications Commission and the Supreme Prosecutors’ Office are investigating the incident, according to Brave New Coin.

117K U.K. Car Insurance Customers’ Data Exposed and Accessed

An exposed server leaked sensitive data, including partial credit card numbers, of more than 117,000 customers of a U.K. car insurance company’s online store.

The AA confirmed to Motherboard some customer data was exposed April 22, but the issue was resolved April 25 and the data was “only accessed several times.”

The data included email addresses, names, mailing addresses, IP addresses and partial credit card information such as the last four digits and expiration dates of customers who shopped at its online store.

Even though the breach is months old, Motherboard alleges the company has not notified affected customers.