The Biggest Cyber Security Attacks of 2019 – UPdates
It is not unusual to read that a major corporation was hacked. Massive hacks of 2018 included Equifax and Yahoo. The attention-getting hacks involved credit card companies and money, but personal data is just as important. It is common that hacked personal data leads to stolen identity and financial losses with new accounts opened in victims’ names. Here are the top cyber attacks of 2019. This list will be updated as the year goes on.
Quest Diagnostics Data Hack
Almost twelve million Quest Diagnostics patients’ were victims in a massive cyber attack. Personal information and payment data were hacked from a third-party collections vendor, American Medical Collection Agency. Credit card numbers, bank account information, health savings plan account information, and other personal information including Social Security Numbers were stolen. The cyber attack occurred between August 1, 2018 and March 30, 2019. It was announced on June 3, 2019.
Perceptics, a US technology firm that specializes in license plate readers was hacked. The announcement was made in late May 2019. Perceptics sells land border security technologies to governments including the United States. Perceptics deals in border security vehicle data acquisition, commercial vehicle inspection, electronic toll collection, and traffic monitoring. Hacked data included personal vehicle data, vehicle images, business plans, human resources documents, financial figures, and personal information.
Approximately 65,000 files and hundreds of gigabytes of motorist data were taken. Some of the hacked data was posted on the deep web. Hacked files included Microsoft Excel files named for locations and postal codes. Image files named for “driver” and “scene” were also among the hacked files. Some files are associated with government agencies like U.S. Immigration and Customs Enforcement. Other files are database files, HTML pages, and other image formats.
Baltimore Ransomware Attack
The city of Baltimore, Maryland was breached by a crippling ransomware attack. The cyber security attack stopped all customer service for city public works and other city offices. Residents could not pay utility bills or access city or county financial accounts. and financial transaction for many city of Baltimore departments. Residents were unable to pay their bills for city and county accounts. Late water bill fees were suspended due to the ransomware attack. Public Works email accounts and phone lines were not functional.
Toyota Japan Hack
Toyota Motor Corporation was again the target of a cyber security attack in April 2019. Hackers accessed and stole the personal data of about 3.1 million Toyota Japan customers. Toyota announced the hack on March 29. Although sales data was taken from Toyota dealerships in Japan, US customers are not affected. Compromised data included customer names, addresses, dates of birth, government identification numbers, and employment data. Fortunately, credit card numbers were not part of the data breach.
Oregon DHS Hack
Oregon Department of Human Services (DHS) clients were victims of a January 8 data breach. Over two million emails were compromised when Oregon DHS employees were fooled by a spear phishing attack. Nine DHS employee mailboxes were compromised which allowed hackers to access data from about two million emails involving 350,000 clients. The employees opened spear phishing emails sent on January 8 and nine Oregon DHS employees were tricked into clicking on links in the spear phishing emails. Twenty days later, on January 28, hackers accessed about two million employee emails containing personal data of Oregon DHS welfare and children services clients.
Instagram Cyber Attack – The Nasty List
April 16, 2019
In April 2019, Instagram users saw a new phishing attack known as the Nasty List Attack. This social media phishing scam informs readers they are on some fictitious nasty list and urges them to look at the listing. The social media scam sends messages that direct victims to a spoof website that steals login credentials. Other compromised accounts are used to send the scam through direct messages on Instagram. After an account is hacked, it sends the nasty list phishing scam to the followers of the hacked account.
Citrix hacked by Breached by Iridium
Citrix Systems Inc., the data center and business software provider, suffered a hack of their own internal network. An APT group, Iranian-backed Iridium, was responsible for the cyber security attack. Six to ten terabytes of corporate data were stolen from Citrix servers. Like a typical APT data attack, it is believed that Iridium gained access to Citrix’s IT system about ten years ago. The data was stolen during December 2018 and again on March 4, 2019. Citrix handles sensitive projects for White House communications, the U.S. military, the FBI, and private companies. Citrix was made aware of the cyber attack by the US Federal Bureau of Investigations (FBI).
LinkedIn Malware Attack
A LinkedIn malware sent fake job offers through LinkedIn direct messages and emails. Multiple contacts built trust with recipients while gathering increasingly personal data, like email and birthdate. After the necessary information was collected about a victim, spear phishing attacks were used to send more messages and emails along with malicious attachments. A spoof website hosted malware with file downloader capabilities which compromised the readers’ device.
Tribune Newspapers Hack
Ryuk ransomware infected the Tribune Newspapers publishing network. Paralyzed by the cyber attack, Tribune was unable to produce, print or distribute newspapers. The Saturday editions of the Los Angeles Times and San Diego Union-Tribune were halted. The west coast printing editions of the Wall Street Journal and New York Times were also disrupted. The goal of Ryuk ransomware attack was to disrupt the production of the papers by shutting down servers critical rather than to steal information or money.
Video game Fortnite was once again compromised. This time hackers were able to take over the accounts of any player, access their personal account information, buy V-bucks Fortnite’s in-game currency, and listen in on conversations. Fortnite has 200 million users globally.
Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers