Weekly Email Security News Recap #3 [August 2022]

It’s another week of cybersecurity news, email security breaches, and malicious cyberattacks in the online world.

More than 3,200 apps revealed Twitter API keys, Cisco had over 2GB of data stolen by a ransomware gang, and the new MailChimp breach exposed DigitalOcean customer email addresses.

In this article, we’ll cover news about Practice Resources that suffered a ransomware attack, Google’s personal data violation, and a data breach that affected the online gaming platform GoodGamer.

Read on to learn more about these top email security breach news and cybersecurity news headlines.

Personal Data of Over 380,000 Users Exposed in a Cloud Breach

The VPNOverview security team discovered a data breach which affected an online gaming platform that revealed 380,000 users’ data.

GoodGamer, a Canadian company with U.S. located offices, is a platform for mobile games and gaming contests.

A cybersecurity professional discovered the breach, which occurred due to a misconfigured Amazon Web Services S3 bucket. The vulnerability allowed anyone online to access the platform’s data files. 381,626 email addresses and phone numbers of users who played games on the GoodGamer app between 2020 and 2021 were found.

Information about money won and deposited by users was also discovered.

GoodGamer repaired the breach about an hour after being informed by VPNOverview’s security team, although they didn’t comment on the situation.

The Medical Billing Ransomware Attack Affected Almost One Million People 

Practice Resources suffered a massive ransomware attack that exposed the data of about one million patients from 27 healthcare organizations.

Practice Resources, LLC is a medical billing and practice management company located in New York. It provides billing, administrative, and human resources support services to healthcare organizations.

The U.S. Department of Health and Human Services Office for Civil Rights detailed that PRL had suffered a hacking incident. After the breach was confirmed, it was revealed that 942,138 individuals had been affected.

California’s Attorney General’s office posted a notice that the breach resulted from a ransomware attack on April 12. In the notice, Practice Resources LLC explains that the cyberattackers gained unauthorized access to sensitive data such as:

  • Health plan numbers
  • Home addresses
  • Dates of treatment
  • Medical record numbers
  • Names

PRL took steps to secure its systems and started an investigation to discover the ransomware attack’s nature. The company also implemented a series of cybersecurity enhancements and provided free credit monitoring services to people affected by the breach.

A document listing all affected healthcare organizations was posted, which included:

  • Achieve Physical Therapy, PC  
  • CNY Obstetrics and Gynecology, P.C.
  • Community Memorial Hospital, Inc  
  • Crouse Health Hospital, Inc 
  • Family Care Medical Group, P.C.
  • Salvation Army
  • Liverpool Physical Therapy, PC
  • Tully Physical Therapy 

Google Hit With AUD 60 Million Fine for Data Violation

On Friday, Australia’s competition watchdog said the Federal Court ordered Alphabet Inc’s Google to pay AUD 60 million for misleading users when collecting their location data.

The massive fine comes after the court found that the tech giant breached Australian consumer laws. Google misled Australian Android users about how it used their location data to target them with advertising.

The court uncovered that the company gathered personal location data through users’ Android mobile devices between 2017 and 2018.

The web and app activity monitoring feature collects and stores local data. Still, Google misled users into believing that the “location history” setting on their Android phones was the only way to collect location data. 

The Australian Competition and Consumer Commission stated that 1.3 million Google accounts of Australian users might have been affected, after which they began legal proceedings against the company.

After a brief federal court hearing on Friday, the court decided to fine Google. The AUD 60m penalty must be paid within two months.

Final Thoughts

Over 90% of attacks on companies start from a malicious email, leaving your organization open to cybercrime 24/7. As you can see, even major companies aren’t safe from data breaches and cyberattacks.

Securing your domain is the first step in protecting yourself and your company from cybercriminals. Contact us today if you’re ready to secure your email domain the easy way.

SPF Record Syntax: Structure and Components

SPF Record Syntax: Structure and Components

Understanding what SPF is and bringing it into use is important for technology-driven businesses...

Read More
What is a DKIM Record?

What is a DKIM Record?

What is a DKIM record? That's a question we see everywhere these days. Emails...

Read More
What is an SPF Record?

What is an SPF Record?

What if you realize a threat actor is misusing your domain name to send...

Read More