IT Security Stories to Watch: G20 Leaders' Personal Information Leaked

In a case of human error by Microsoft Outlook autofill, an Australia immigration employee accidentally disclosed personal details of world leaders who attended last year’s G20 summit to a member of the local Asian Cup organizing committee. And as a result, the Australian immigration department topped this week’s list of IT security news makers, followed by the Dyre Wolf malware campaign, Philadelphia Fire Department and Biggby Coffee. 

What can managed service providers (MSPs) and their customers learn from these IT security news makers? Check out this week’s list of IT security stories to watch to find out:

1. G20 world leaders’ personal information inadvertently leaked

Personal information from world leaders including U.S. President Barack Obama, Russian President Vladimir Putin and German Chancellor Angela Merkel was accidentally leaked before Brisbane’s G20 summit last year, according to The Guardian.

An Australian Government Department of Immigration and Border Protection employee allegedly sent the passport numbers, visa details and other personal information of all world leaders attending last year’s G20 summit in Brisbane, Australia to the organizers of the Asian Cup soccer tournament.

The Australian immigration department’s director of visa services notified the Australian privacy commissioner about the data breach via email on Nov. 7.

“The cause of the breach was human error. [Redacted] failed to check that the autofill function in Microsoft Outlook had entered the correct person’s details into the email ‘To’ field. This led to the email being sent to the wrong person,” the Australian immigration department’s director of visa services wrote in the email.

2. IBM Security Intelligence identifies Dyre Wolf

Cybercriminals reportedly have been using a variant of the Dyre malware to steal more than $1 million from enterprises.

IBM Security Intelligence (IBM) last week released details about Dyre Wolf, an active campaign that hackers are leveraging to circumvent two-factor authentication.

Organizations have already lost between $500,000 and $1.5 million to Dyre Wolf attackers, IBM Security Intelligence noted, and Dyre Wolf cybercriminals appear to be targeting larger enterprises as well.

“In this campaign, the attackers are several steps ahead of everyone. Even while casting a wide net to reel in victims via spear-phishing campaigns, these attackers are targeting organizations that frequently conduct wire transfers with large sums of money,” IBM Security Intelligence wrote in a blog post. “While there’s no easy way to know which companies do large wire transfers, it’s a very interesting coincidence.”

3. Philadelphia Fire Department issues data breach warning

CBS Philly reported that the Philadelphia Fire Department is warning those who received ambulance services during an eight-month period in 2012 about a possible data breach.

Department officials said a rogue employee sold patient data in 2012; however, they did not receive information about this incident until Feb. 2015. At least 750 patients may have been affected by the incident, fire department officials said.

4. Biggby Coffee notifies customers about data breach

Midwest coffee chain Biggby Coffee said customer addresses, employment histories, phone numbers and other personal information may have been compromised due to a data breach.

Lansing State Journal reported that Biggby customers’ personal information may have been exposed if they registered a frequent customer card or applied for a job on its corporate website.

Biggby has more than 180 stores in nine states, but a company spokesperson said less than 20 percent of its total registered customers may have been impacted by the incident.

An interesting piece of this week’s list of security stories to watch — half of them are human error related. Which begs the question, what is your company doing to reduce risk of human error at your customer sites?

What do you think will be the biggest IT security stories for MSPs this week? Share your thoughts in the Comments section below, via Twitter @dkobialka or email me at [email protected].