Security News Survey – July 19, 2019

This week, we look at numerous compromised Sprint accounts, another 2.2 million AMCA data breach victims, and a roundup of 2019’s biggest data breaches.

The first half of 2019 has come and gone—time flies! The past six months have kept companies across the world enthralled in cybersecurity struggles, and it seems like the second half of this year is already shaping up to tell a similar story. 

Sprint notifies customers of “unauthorized access” to accounts 

An unknown number of Sprint customers are being notified of unauthorized access to their accounts. In a letter to customers, the Kansas-based wireless and internet service provider explained that it was informed of the suspicious activity in late June. According to the company, the unauthorized access occurred via the “add a line” website, and potentially compromised information includes names, addresses, phone numbers, account numbers, device type and ID, subscriber ID, and more. Sprint claims no additional information that “could create a substantial risk of fraud or identity theft” was compromised. 

The company claims to have taken “appropriate action” to secure compromised accounts and changed account PINs. It also directed affected customers to place fraud alerts on their credit reports and close any accounts they believe have been tampered with. If you’re a Sprint user, be sure to check for a notification and keep an eye on your accounts. 

Another 2.2 million patients added to AMCA data breach victim count

Another medical testing company—Clinical Pathology Laboratories (CPL)—has come forward as a victim of the recent data breach at healthcare billing service American Medical Collection Agency (AMCA). CPL confirmed this week that 2.2 million patients may have been affected by the AMCA breach. Potentially compromised information includes names, addresses, phone numbers, dates of birth, and more. Banking or credit card information of an additional 34,500 patients may also have been affected, but, thankfully, no Social Security numbers were impacted. 

The AMCA breach appears to be the breach that keeps on giving. LabCorp and Quest Diagnostics have already confirmed 7.7 million and 11.9 million patients affected, respectively. Additional organizations have been linked to the breach with a smaller (but still significant number) of affected patients. AMCA filed for bankruptcy protection soon after disclosures started being made. 

2019’s 13 biggest data breaches so far compromise 31 million records

CRN published a roundup this week of the 13 biggest data breaches disclosed so far this year. According to CRN, these 13 breaches, which include UW Medicine, FEMA, and some of the above-mentioned AMCA victims, have collectively compromised over 31 million records. The list doesn’t yet include the CPL victim count, so we can assume the total record count will be a bit higher than stated. 

As far as takeaways from this roundup are concerned, there are a couple of things worth noting. First, 11 of the top 13 breaches in CRN’s roundup are healthcare organizations, which probably doesn’t come as too big of a surprise to our regular readers, who may recall seeing a healthcare breach in two-thirds of our Security News Roundup this year. Second, the causes of data breaches among this batch seem to vary: employee negligence, insufficient security policies, ransomware, and more. If nothing else, this should emphasize to companies—especially healthcare companies, it seems—that it’s critical to proactively cover all of your security bases.