Dating Site Breach Leads Roundup42 Million Unencrypted Passwords Reportedly Exposed
In this week's breach roundup, the international online dating service Cupid Media suffered a cyber-attack earlier this year that reportedly exposed 42 million consumer records. Also, thousands of Milwaukee city workers had their personal information compromised after a third-party vendor had a flash drive stolen.
Online Dating Service Hacked
The international online dating service Cupid Media suffered a cyber-attack earlier this year that exposed 42 million consumer records, according to the blog KrebsOnSecurity.
Cupid Media, based in Australia, offers niche dating services targeting specific demographics.
Compromised information taken from the company's network includes names, e-mail addresses, unencrypted passwords and birthdays, the report said.
The stolen information was stored on a server that was home to millions of other stolen records from other breach incidents, according to the report.
Cupid Media did not respond to a request for comment.
A director at the company told the security blogger that the incident occurred back in January and that all affected customers were notified.
"We are currently in the process of double-checking that all affected accounts have had their passwords reset and have received an e-mail notification," the director said.
Milwaukee City Employees' Data Exposed
The City of Milwaukee will file a formal complaint with the Department of Health and Human Services' Office for Civil Rights against Dynacare Laboratories following a breach that affected more than 9,000 individuals, including city employees.
The city has a contract for certain health services with Froedtert Community Health/Workforce Health, and it provided the organization with city employee information in a secure and password-protected manner, according to a statement from city attorney Grant Langley.
Workforce Health then contracted out certain services to Dynacare, a clinical laboratory services vendor.
An employee for Dynacare Laboratories had their car stolen on Oct. 22, with an unencrypted flash drive containing Milwaukee city employee information left inside, according to a statement from Dynacare.
Information on the drive includes names, addresses and Social Security numbers of city employees, a spokesperson for Dynacare told Information Security Media Group. In addition, the names of approximately 3,000 spouses and domestic partners of the city workers were on the drive.
Dynacare in its notice said it does not believe that the flash drive was stolen for the information contained on it.
As a result of the breach, Dynacare is conducting a comprehensive internal review of its policies and procedures and re-enforcing education to its employees on the importance of safeguarding patient information, the vendor says in its statement.
Impacted individuals are also being provided with free credit monitoring services for one year, the Dynacare spokesperson says.
Physician Identifiers Inadvertently Posted Online
Anthem Blue Cross of California is notifying approximately 5,900 physicians that their tax identification numbers and, in some cases, Social Security numbers, were exposed when a PDF document containing the information was mistakenly posted on the Anthem.com website.
"If the provider used their Social Security number as the TIN, the SSN could have been displayed in error," a spokesperson for Anthem, a health insurance company, told Information Security Media Group.
The PDF documents were posted online for just over 24 hours, the spokesperson said. Once the breach was discovered, the documents, which listed certain networks of Anthem providers, were removed, then later reposted with the identifier numbers removed.
The incident did not involve the protected health information of Anthem Blue Cross members, the spokesperson said. The affected physicians are being offered free credit monitoring and credit insurance services.
Personal Data Stolen from Background Screening Firm
Kroll Background America is notifying 548 California residents that their personal information was compromised after the background screening firm fell victim to a cyber-attack.
In September, a portion of the company's computer network was accessed by unauthorized parties, according to a letter sent to the California Attorney General.
Compromised information for the California residents includes names, and in some instances their dates of birth, addresses and Social Security numbers, the letter said.
After discovering the incident, Kroll contacted law enforcement and began an investigation.
Impacted individuals whose Social Security numbers were compromised are being provided free identity theft protection services.