Data Breaches - W/E - 11/30/18

Atrium Health Admits to Data Breach after Third-Party Entity Compromised (11/28/2018)
A data breach is impacting Atrium Health after a cyber intrusion took place at technology solutions provider AccuDoc. Atrium Health has reported possible unauthorized access to databases hosted by AccuDoc that contained personal information provided in connection with payment for health services at an Atrium Health location. An unauthorized third-party gained access to AccuDoc's databases between September 22 and September 29. Atrium Health was notified on October 1. Further information is available from an Atrium Health statement.

Magecart Breaches VisionDirect (11/20/2018)
The Magecart threat group, which has infiltrated a number of companies and stolen payment card data, has claimed another victim. European contact lenses merchant VisionDirect issued a notice to say that it was breached during a five-day period when the personal and financial details of some customers ordering or updating their information on visionDirect.co.uk was compromised. The incident occurred between November 3 and November 8, but the number of those affected has not been made public. Ticketmaster and British Airways are among the companies who have been targeted by Magecart in the past.

MetLife Snafu Causes Data Breach (11/20/2018)
Metropolitan Life Insurance Company (MetLife) has revealed a possible data breach after the company unintentionally sent an email containing personal information in an attachment to an employee for another MetLife group customer. That message containing the personal information has been deleted, but the attachment did list Social Security numbers, dates of birth, and other data. The incident took place on October 18.

Open Elasticsearch Server Leaked Data for 57 Million People (11/29/2018)
A 73 GB Elasticsearch server was discovered exposed during a regular security audit of publicly available servers with the Shodan search engine. This instance exposed personal information for 57 million US citizens and included first name, last name, employers, job title, email, address, state, zip, phone number, and IP address. According to security researcher Bob Diachenko, at least 3 IPs with the identical Elasticsearch clusters were misconfigured for public access. He said it is not yet clear how the breach occurred but Diachenko learned that the structure of the field "source" in data fields is similar to those used by a data management company called Data & Leads. That organization did not respond to inquiries from Diachenko and the Data & Leads Web site has since gone offline. The database was discovered on November 14 when Shodan's crawlers indexed it but it's not known how long it had been exposed.

OSIsoft Has Been Hit by a Data Breach, All Accounts Afffected (11/20/2018)
OSIsoft submitted a security breach letter to the Attorney General's Office of California on November 16. Stolen credentials were used to remotely access OSIsoft computers and all employees, contractors, and consultants should assume that their information has been compromised. While 135 accounts were affected, OSIsoft concluded that all of its domain accounts are involved.

Year-Long Bug in USPS Site Exposed 60 Million Accounts (11/27/2018)
KrebsOnSecurity reported that a vulnerability in the US Postal Service (USPS) Web site potentially exposed 60 million accounts and had existed for more than a year. The issue enabled anyone with a USPS account to view account data for other users and could have allowed for changes to be made to those accounts. An anonymous researcher had uncovered the bug in 2017 and notified the USPS but reached out to Brian Krebs after receiving no response from the agency. Krebs confirmed the vulnerability and contacted the USPS, which promptly fixed it. The bug was related to a weakness in a USPS application program interface called "Informed Visibility."