Security News Survey – April 5, 2019

A look at Georgia Tech’s massive data breach, more exposed Facebook data, and a medical practice shut down by ransomware.

I was asked to leave karaoke night after singing “Danger Zone” seven times in a row. I had exceeded the allowed number of Loggins attempts.¹

Happy National Humor Month, readers. I figured we could all use a chuckle, especially before we take a look at yet another week of challenging headlines in the world of cybersecurity. This week, we’ve seen more of the usual—breaches, ransomware, unsecured cloud servers. So, let’s jump in.  

1.3 million Georgia Tech students exposed in data breach

On Tuesday, Georgia Institute of Technology (Georgia Tech) reported a data breach affecting 1.3 million current and former students. According to the university, information security officials detected unauthorized access of a Georgia Tech web app, although it’s still unclear what exactly the culprit accessed. The university has warned, however, that compromised information may include names, addresses, birth dates, and Social Security numbers.

Details are still scarce but the university has assured students that investigations are underway, and it sounds like they’re proactively arranging credit monitoring services for affected individuals. Coincidentally, Georgia Tech has reputation for cybersecurity as the home of the Hull McKnight Georgia Cyber Innovation and Training Center—a $100 million project dedicated to training the next generation of security professionals. Despite its cybersecurity efforts, however, Georgia Tech has not been immune to security breaches. Last year, 8,000 students were impacted when an email was accidentally sent to the wrong recipient.

More Facebook data exposed by unsecured Amazon cloud servers

It appears the social media giant has yet another security blunder on its hands—this time, two third-party companies are to blame. Security researchers have found two unprotected Amazon cloud servers housing more than 540 million Facebook-related records. One server belonging to Mexican media platform Cultura Colectiva held about 146GB of data including Facebook IDs and engagement information. The other server appeared to house data from a Facebook game, “At the Pool,” and included information like IDs, friend lists, user preferences, 22,000 passwords, and more.

Facebook continues to be plagued by security issues as of late, and the public is growing weary. Ars Technica’s Sean Gallagher appears to have created a new template for Facebook security headlines: “Facebook apps logged users’ passwords in plaintext, because why not;” “Facebook asked some users for their email passwords, because why not.” It does seem that Facebook has a lot of explaining to do these days, and we can only hope that their actual is better than, “why not?”

Medical practice closes doors for good after ransomware attack

A medical practice in Battle Creek, Michigan, was recently hit by a ransomware attack and, instead of paying the ransom, the practice owners decided to call it quits. Dr. William Scalf and Dr. John Bizon at Brookside ENT and Hearing Center were slapped with a $6,500 ransom demand after cyberattackers took the practice’s patient and payment information hostage. Unwilling to pay the ransom (suspecting that their files would be a lost cause regardless, as it often is), Scalf and Bizon decided to retire. The practice will close its doors at the end of April.

Brookside ENT and Hearing Center is one of many healthcare organizations that have suffered a cyber attack or data breach in recent months. But while many organizations have managed to recover, this particular case is a painful reminder of the impact a security breach on a small organization. For Scalf and Bizon, the prospect of rebuilding their practice from the ground-up just wasn’t feasible. Some security incidents may cost you a few bucks; some may cost you your entire business. It’s better to be proactive about security and not take the gamble.