week06-2022-min-min

Here’s your weekly #databreach news roundup:

Croatian phone carrier ‘A1 Hrvatska’, Georgia voter info, Washington State licensing, Morley, and British Council.

Croatian phone carrier 'A1 Hrvatska'

week06-2022-a1hrvatska

Croatian phone carrier ‘A1 Hrvatska’ has disclosed a data breach exposing the personal information of 10% of its customers, roughly 200,000 people.

The announcement does not provide many details other than that they suffered a cybersecurity incident involving the unauthorized access of one of their user databases, which contained sensitive personal information.

The type of information that has been accessed includes full names, personal identification numbers, physical addresses, and telephone numbers.

A1 Hrvatska emphasizes that information on bank cards or online accounts hasn’t been compromised, as the accessed database didn’t contain these details.

This critical part was confirmed by a computer forensics team that investigated the incident and analyzed the logs to determine what was stolen.

A1 Hrvatska says they are directly notifying customers whose information was exposed in this breach.

Meanwhile, the Zagreb Police has already received a criminal report and is investigating the attack.

Georgia voter info - EasyVote Solutions

A data breach of the voting software company EasyVote Solutions exposed Georgia voters’ registration information on the internet.

Public information about voters was posted to an online forum, but the breach didn’t involve Social Security numbers or driver’s license numbers, said Charles Davis, chief financial officer for EasyVote. Voter registration information can include names, addresses, races and dates of birth.

EasyVote’s software isn’t connected to Georgia voter registration computers. EasyVote doesn’t generate or count ballots, and it’s not used for election results.

The company, based in Woodstock, provides software that streamlines voter check-ins during early voting in dozens of counties across Georgia, including Fulton, Oconee and Paulding counties. The software uses local voter registration to print out filled-in election applications for voters when they arrive at the polls, instead of requiring voters to complete paperwork by hand.

Washington State licensing

The Washington State Department of Licensing reported a cyber incident last week that may have exposed the sensitive information of more than 250,000 professionals in the state. 

The agency said in a statement that it “became aware of suspicious activity involving professional and occupational license data” during the week of January 24.   

The Professional Online Licensing and Regulatory Information System (POLARIS) system that was affected stores information ranging from social security numbers, dates of birth and driver license numbers to other personally identifying information. 

“We immediately began investigating with the assistance of the Washington Office of Cybersecurity. As a precaution, DOL also shut down the Professional Online Licensing and Regulatory Information System (POLARIS) to protect the personal information of professional licensees. At this time, we have no indication that any other DOL data was affected, such as driver and vehicle licensing information. All other DOL systems are operating normally,” the agency said. 

Morley

Morley Companies, an organization that provides business services to dozens of Fortune 500 companies, said this week it was hit with a ransomware attack last year that led to the leak of sensitive information for more than 500,000 people.

In a press release, the company said the ransomware attack began on August 1 and made their data “unavailable.” Despite requests for comment, the company would not explain why it waited until now to notify the 521,046 people affected, some of whom had their Social Security numbers leaked in the attack. 

The company said the attack affected the information of “current employees, former employees and various clients.” The information leaked includes names, addresses, Social Security numbers, dates of birth, client identification numbers, medical diagnostic and treatment information, and health insurance information.

Morley said it hired cybersecurity experts to respond to the situation but needed six months to collect the “contact information needed to provide notice to potentially affected individuals.”

British Council

More than 100,000 files with student records belonging to British Council were found exposed online.

An unsecured Microsoft Azure blob discovered on the internet by a cybersecurity firm revealed student names, IDs, usernames and email addresses, and other personal information.

British Council promotes the study of British culture and the English language around the world and is known for administering the IELTS standardized language exam.