Cyber attacks and data breaches in review: November 2019

The numbers don’t tell the full story this month. There may have been 1.34 billion breached records disclosed, but almost all of them came from a single incident of ambiguous origin. 

Likewise, there were an abnormally high number of incidents in which the organisation didn’t reveal the number of affected records, so it’s hard month to define in terms of cyber security success. 

What we are sure of, though, is that there were plenty of notable breaches in Europe. In this blog, we review three of them and discuss what went wrong. 


French hotel giant leaks 1TB of client data

The Gekko Groupsubsidiary of Europe’s largest hotel group, AccorHotels, confirmed this month that it had leaked over 1 terabyte of personal data belonging to customers, clients and partners. 

The information includes reservation details, such as full names and addresses, as well as invoices, including unencrypted payment data for travel agents and their customers. 

The researchers at vpnMentor who discovered the breach were also able to obtain passwords stored as plaintext files. 

If you’re struggling to picture exactly how much 1 terabyte is, it’s roughly equivalent to 75 million pages of data. 

So although it’s not yet clear how many people were affected by this breach, you can be sure that it’s a lot. 

Indeed, Gekko Group spans 600,000 hotels across the globeand one of the breached systems is used by 14,000 travel agents and more than a million accommodation providers. 

Because those systems are also used by travel agencies and booking agents that work with the Gekko Group, customers who booked through the likes of and may also be affected. 

“With these, hackers could enter accounts and charge purchases to virtual credit cards stored within, maxing them out before AccorHotels or Gekko Group can charge clients for reservations, and similar bookings made. This could lead to serious losses for the company,” vpnMentor claimed. 

The researchers suggested that the criminal hackers could use this information to conduct identity theft, launch malware attacks or target holidaymakers with phishing scams.  

The most frustrating thing about this breach is that it was caused by the simplest of errors – the organisation simply forgot to password protect the Elasticsearch database that the information was stored on. 

That meant that anybody who found the database online could access it without setting off any security alerts. 

The breach was only detected when vpnMentor contacted the Gekko Group, and it took the hotel chain another week to resolve the issue. 


Dublin-based Liver Wellness says patient data has been breached

Patients at Liver Wellness, a private health screening organisation based in Dublin, were recently informed that their health records may have been accessed by a cyber criminal. 

The organisation said the crook gained access to an employee’s email account and sent messages to patients asking them to share personal details. 

Those that responded to the request – which would have looked like a legitimate email  handed over: 

  • Their medical history; 
  • Their family’s medical history; 
  • ‘Medical social history’, such as past issues with alcohol or drug abuse; 
  • Medical information provided by GPs; and 
  • Medical test information, such as blood tests and liver scans. 

The scammer seems to have been unable to access information directly from Liver Wellness’s database, so anyone who didn’t respond to the request should be safe. 

Liver Wellness contacted affected customers in Octoberbut the incident has now been made public after the story was picked up by RTÉ’s This Week programme. 

The organisation declined to comment on questions from RTÉ. However, the news outlet contacted Ireland’s DPC (Data Protection Commission), which confirmed that the breach took place. 

The DPC is currently working with Liver Wellness to gather more details about the incident and determine if the organisation breached the GDPR (General Data Protection Regulation). 


French hospital running without 6,000 computers after malware attack

The Rouen University Hospital-Charles Nicolle has become the latest organisation to battle malware, after cyber criminals shut down 6,000 of its computers. 

The infection closely resembled a ransomware attack, with infected computers being locked, the information on them unreachable and the malware worming its way through the organisation’s system. 

However, no ransom demand was made, despite initial rumours suggesting that the perpetrators of the attack had requested €1,500 per infected device (about €9 million in total). 

With no option to pay the criminal hackers to remove the malware – not that we’d recommend doing that anyway – the Rouen Hospital had to find another solution. 

That involved closing down its remaining IT systems to stop the infection spreading and operating in what’s known as a “degraded mode”. 

The hospital is one of the largest in Northern France, with five sites, 2,500 beds and 10,000 employeesso the attack had huge ramifications. 

It’s not known whether the incident caused any fatalities, but it wouldn’t be a surprise. 

That was a big concern for many when the WannaCry ransomware spread through the UK’s NHS in 2017. Experts warned that the attack would “impede healthcare treatment and risk patient well-being”, potentially leading to deaths. 

The Rouen University faced a very similar issue, with delays continuing for more than three days. 

This led to a severe backlog of work, as patients were forced to wait for treatment, wards became crowded and staff were overworked. 

When conditions get like this, the potential for mistakes increases dramatically – and the consequences for mistakes are much bigger in hospitals than in most other businesses. 

That’s why they tend to be popular targets for cyber criminals, along with local governments and other emergency services.  

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.