Several information security incidents which have happened recently are all based on utter carefreeness. A former employee in Nijmegen, Netherlands, leaked the data belonging to Radboudumc (The Radboud University Medical Center) about a month ago. The breached data contained names, login details, emails, phone numbers of not only the Center’s employees but also of organisations with which the Center cooperates.
The former employee has reportedly uploaded the obtained confidential data to GitHub. He shared scripts and codes as well as the abovementioned personal data.
In Nigeria there was detected a ransomware attack without resorting to any social engineering trick. And was conducted successfully. The violators didn’t bother to procure internal data in order to disguise as employees of the organisation or top management. They simply targeted via email the staffers to board them onto a cyberattack.
The criminal group offered employees $1 million in bitcoin which would be taken from the total sum of the planned ransom of $2.5 million. The requirement was to install the DemonWare ransomware on the company’s PCs or servers by logging in as privileged users. In case there will be employees willing to use their credential for fraudulent activities for money they would receive a full offer.
The attempt to recruit internal employees and turn them into malicious insiders is a common story, but do it a “cold-calling” way, selling literally a share in a one-time business is a curious type of tackle. Anyway, the messages sent by the attackers seemed to have slightly misleading information, they also refused to use phishing techniques as found it too difficult to manage this way.
South Florida Community Care Plan became a victim of a former employee’s wrongdoing. The employee emailed sensitive data regarding health information of plan members to his own personal email box. The data leak was revealed only after the former employee’s email account check two months ago.
The leaked data comprised names, addresses, birthdays, member identification numbers, medical details, including diagnoses, negotiated services, procedures, physicians’ names.
The employee violated the South Florida Community Care Plan policies, as no one is supposed to send corporate data to personal email addresses. The profound auditing was conducted and concerned all the employee’s activities, the incident also spurred the need to audit the rest of the employees.
Subscribe to get helpful articles and white papers.
We discuss industry trends and give advice on how to deal with data leaks and cyber incidents.
SearchInform uses four types of cookies as described below. You can decide which categories of cookies you wish to accept to improve your experience on our website. To learn more about the cookies we use on our site, please read our Cookie Policy.
Necessary Cookies
Always active. These cookies are essential to our website working effectively.
Cookies does not collect personal information. You can disable the cookie files
record
on the Internet Settings tab in your browser.
Functional Cookies
These cookies allow SearchInform to provide enhanced functionality and personalization, such as remembering the language you choose to interact with the website.
Performance Cookies
These cookies enable SearchInform to understand what information is the most valuable to you, so we can improve our services and website.
Third-party Cookies
These cookies are created by other resources to allow our website to embed content from other websites, for example, images, ads, and text.
Please enable Functional Cookies
You have disabled the Functional Cookies.
To complete the form and get in touch with us, you need to enable Functional Cookies.
Otherwise the form cannot be sent to us.
Subscribe to our newsletter and receive a bright and useful tutorial Explaining Information Security in 4 steps!
Subscribe to our newsletter and receive case studies in comics!