National Consumers League

The #DataInsecurity Digest | Issue 102

Ecuador leaks personal data for its entire population 

By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud

Subscribe here. Tell us what you think.

Editor’s note: Anger over FTC missteps in the Equifax settlement is growing, with more than 200,000 consumers signing a petition urging the courts to reject the record settlement. As ransomware attacks continue to bedevil companies and governments around the world, many are questioning whether the availability of cyber insurance (which can be used to pay ransoms) may be contributing to the uptick in attacks. In breach news, 20.8 million records from the country of Ecuadorwhich detailed the entire populations most sensitive datahave been compromised. Back in the United States, FEMA accidentally shared the personal information of 2.5 million disaster survivors, and 5 million medical records were left easily accessible on the web.

And now, on to the clips! 

-----------------

FEMA accidentally shared personal information of 2.5 million disaster survivors. FEMA admitted that “it unintentionally shared home addresses and banking information with a third-party contractor.” @RaquelMartinTV reports that FEMA is not “sure if anyone’s data has already been compromised.” (Source: NBC4)

Breach du jour: Personal information for the entire country of Ecuador. Records of 20.8 million people were found on an unsecured server in Miami, apparently including the personal data of every citizen of Ecuador. The breach compromised individual names, dates, and places of birth, addresses, marital statuses, educational information, employment statuses and locations, tax information, and bank account data such as users’ balance, financing, and credit information. (Source: Forbes)  

Breach du jour part deux: 5 million medical records. “Medical images and health data belonging to millions of Americans, including X-rays, MRIs and CT scans, are sitting unprotected on the internet and available to anyone with basic computer expertise. The records cover more than 5 million patients in the U.S. and millions more around the world.” (Source: ProPublica)  

Yahoo! offers breach victims the choice of cash or credit monitoring. Victims who choose the cash option can claim up to $100. “However, actual payouts for all claims could be much lower if the total amount claimed exceeds what's available from the $117.5 million settlement. The settlement class potentially includes up to 194 million people, so these amounts would be paid in full only if the vast majority of eligible people don't ask for money.” (Source: Ars Technica)

Quick hit: Congress to advance legislation designed to help cash-strapped state and local governments beef up cybersecurity. (Source: State Scoop)  

Cyber insurance blamed for spike in ransomware attacks and payment demands. @katiefoody reports that “some cybersecurity professionals are concerned that insurance policies designed to limit the damage of ransomware attacks might be encouraging hackers, who see insurers covering increasingly large ransoms and choose to target the type of institutions likely to have coverage... . This year alone, the average ransom payment climbed from $12,762 at the end of March to $36,295 by the end of June — a 184% jump.” (Source: Washington Post)  

Petition against Equifax breach settlement gains 200k+ signatures. Anger over what many view as a weak FTC settlement with Equifax appears to be growing. “The petition argues that the terms of the deal as presented to the public are misleading and most of the customers affected won’t see any recompense over the breach. With only $31 million actually allocated to fund this portion of the settlement, less than ONE PERCENT (roughly 248 thousand out of over 148 million) could receive this money.” (Source: ThreatPost)  

National Consumers League
Published September 26, 2019