Cybersecurity and Third-Party Risk. Gregory C. Rasner
Чтение книги онлайн.

Читать онлайн книгу Cybersecurity and Third-Party Risk - Gregory C. Rasner страница 12

СКАЧАТЬ An unknown number of credit card data records were released due to its POS system.

       Uber (2017): Coding site GitHub's misconfiguration caused data for 57 million users to be exposed.

       Equifax (2017): Highly confidential data for 143 million consumers was released due to an undisclosed third‐party tool used to build web applications.

       Verizon (2017): The restricted data of 14 million customers was exposed by customer analytics provider NICE Systems.

       Hard Rock Hotels & Casinos (2017): Sabre Corp, a travel reservation service, was exploited, causing a leak of credit card data for an undisclosed number of customers at 11 of its properties.

       ShadowPad (2017): A server management software (made by NetSarang) used by hundreds of multinational and large companies worldwide exposed a still unknown number of protected data records.

       Republican National Committee (2017): The PII for 200 million registered Republican voters was leaked via the third‐party Deep Root.

       BevMo (2018): Online payment provider NCR Corporation was breached for over 14,000 BevMo customers.

       Nordstrom (2018): A third‐party tool that managed the direct deposit permitted the personal information about Nordstrom's employees to be leaked.

       Ontario Cannabis Store (2018): Canada Post, an online tracking tool, allowed the loss of the store's customer data.

       SuperMicro (2018): A flaw present in the microchips used by major companies, such as Apple and Amazon, caused an unknown amount of data to be leaked.

       Facebook (2018): Any platform that shared login credentials with Facebook resulted in the exposure of 50 million user accounts.

       The Conservative Party (UK) (2018): CrowdComms, a conference application used by the Conservative Party, was the party responsible for the loss of protected data about Ministers of Parliament (MP), conference attendees, and journalists.

       British Airways (2018): An undisclosed third‐party misconfiguration of JavaScript caused the financial and personal information of over 300,000 customers to be released.

       University of Louisville (2018): Health Fitness, a fitness vendor, released employee names, employee IDs, and physicians' names.

       Washoe County School District (2018): District teachers' emails, usernames, and passwords were exposed by an instructional tool provided by Edmodo.

       MedCall Healthcare Advisers (2018): Over 150 businesses were affected by this third‐party breach, with 7 GB of medical information data being exfiltrated.

       GoDaddy (2018): Sensitive records for over 30,000 servers were released by a misconfigured Amazon S3 bucket.

       Air Canada (2018): An undisclosed mobile application provider caused the loss of customer data.

       Fiserv (2018): This financial third‐party website provider was the reason that hundreds of banks had the records for their customers exposed.

       Ticketmaster (2018): Inbeta, a provider of Ticketmaster's website application, caused a leak of customer data.

       Universal Music Group (2018): Cloud‐storage provider Agilisium caused the loss of internal File Transfer Protocol (FTP) credentials, Amazon Web Services (AWS) secret keys and passwords, along with internal root passwords for structured query language (SQL) databases.

       Chili's Grill & Bar (2018): Chili's POS system was breached, causing the loss of an undisclosed number of credit card data records.

       Best Buy, Sears, Kmart, and Delta (2018): An online chat provider used by these firms lost over a million customer records in total.

       Applebee's (2018): 160 restaurants and their customer data were released by the chain's POS system.

       Western Union (2018): Private data about transactions was released by an undisclosed vendor who performed offsite cloud storage.

       Ascension (2019): A misconfigured server at a third party exposed millions of bank loan and mortgage documents.

       Amadeus (2019): The online booking systems for over 140 airlines worldwide had a critical flaw that allowed hackers to get access to the flight reservation systems.

       Adverline (2019): A third party to online European sellers had malicious code injected, exfiltrating credit card information.

       Click2Gov (2019): An online payment tool used by many U.S. and Canadian municipalities was compromised, releasing information on citizens in St. John in Canada and Hanover County in Virginia.

       BankersLife (2019): Breached third party allowed the information about Humana's customers to leak.

       BenefitMall (2019): A third‐party administrator for Highmark BCBS, Aetna, Humana, and United Health caused a leak of customer data.

       Quest Diagnostics (2019): From August 2018 to March 2019, a hacker gained access to Quest's data at a billing collections vendor called American Medical Collection Agency (AMCA). A total of 11.9 million records were exposed.

       Suprema (2019): A firm offering biometric security software exposed 27.8 million unencrypted records for over 6,000 firms, including U.K. Metro Police, Power World Gyms, and Global Village.

       LensCrafters, Target, EyeMed (2020): Luxottica, a breached online appointment application provider, caused the loss of thousands of protected health information (PHI) records.

       Insurance companies in Texas and Colorado (2020): Insurance carriers were impacted by a breach at Vertafore, which provides software to insurance companies.

       First Federal Community Bank, Bank of Swainsboro, First Bank & Trust, Rio Bank (2020): ABS, a bank software provider, released the PII for the banks' customers.

       Hotels.com and Expedia (2020): Channel manager vendor, Prestige Software, was breached, exposing names, credit card information, and reservation details.

       Australian Stock Exchange (2020): An undisclosed amount of protected data was exfiltrated from the media‐monitoring vendor Insentia.

       Google (2020): A law firm known as Fragomen, Del Rey, Bernsen & Loewy disclosed information that Google used for the I‐9 process (i.e., proof of ability to work in the United States).

       City of Odessa (2020): Click2Gov, a frequently breached vendor, leaked details on how Odessa residents paid their utility bills.

       Tribune Media and Times Media Group (2020): Marketing company, View Media, was breached, releasing information about 38 million U.S. residents.

       Buffalo, NY, area hospitals; FeedMore; and Phipps Conservatory (2020): Blackbaud, a data management vendor, released the names, medical services numbers, dates of patient services, and a list of donors.

       Rochester YMCA (2020): An undisclosed software vendor was breached for the names, addresses, and gift history of donors.

       SEI СКАЧАТЬ