Government Organisations/Public Administration

Cyber-Espionage is rampant in the Public sector, with State affiliated actors accounting for 79 percent of all breaches involving external actors. Privilege Misuse and Error by insiders account for 30 percent of breaches.

Top 3 Patterns- Cyber-Espionage, Miscellaneous Errors and Privilege Misuse represent 72% of breaches

Threat actors- External (75%), Internal (30%), Partner (1%), Multiple parties (6%) (breaches)

Actor Motives- Espionage (66%), Financial (29%), Other (2%) (breaches)

Data Compromised- Internal (68%), Personal (22%), Credentials (12%) (breaches)

Illustrative Breaches

  • U.S. Customs and Border Protection 
  • Oregon Department of Human Services
  • Dominion National The information of consumers, plan providers, and healthcare companies
  • City of Tallahassee
  • Maryland Department of Labor
  • Los Angeles Personnel Department
  • US office of personnel management
  • Oklahoma Department of Securities
  • Federal Emergency Management Agency (FEMA)
  • Los Angeles County Department of Health Services
  • Alaska Department of Health & Social Services (DHSS)
  • Israel’s Likud Party leak on Elector, an application used by Likud and other parties
  • Canadian Federal Department and Agencies
  • Malicious malware targets Native American Rehabilitation Association (NARA)
  • New Mexico Public Regulation Commission
  •  Society of Tourist Guides
  • US Department of Defense
  • Canada’s Desjardins Group
  • San Francisco International Airport
  • U.S. Marshals
  • Wright County Residents
  • Kent County Council
  • US law enforcement agencies and fusion centers – blueleaks
  • Health and Education ministries, North Macedonia
  • Norway’s Stortinget (parliament)
  • Canada Revenue Agency (CRA)
  • Customs and Border Protection agency
  • The Delaware Division of Public Health
  • Greater Manchester Police
  • Montreal’s STM public Transport System
  • Hall County, Georgia
  • Hackney Council, London
  • Public Health Department, Wales
  • Spokane Regional Health District Disclosure
  • Australia’s Department of Foreign Affairs and Trade
  • The Ministry of Internal Affairs of Belarus
  • Department of Work and Pensions, UK
  • Denmark’s government tax portal  
  • UK Home Office        
  • HMRC

Data Breach with maximum fines and damages

  • The Municipality of Bergen

The Municipality of Bergen was fined €170,000 by Norwegian Data Protection Authority for File with login credentials for 35,000 students and employees found in a public storage area.

  • Israel’s Likud Party leak on Elector, an application used by Likud and other parties

A group of 20 Israelis filed a NIS 1 million ($286,370) lawsuit on Sunday against Prime Minister Benjamin Netanyahu’s Likud party and the developers of an app it used to register voters ahead of the parliamentary election, after massive data breaches leaked the personal information of millions of citizens.

  •  Society of Tourist Guides

A $20,000 fine was issued to the Society of Tourist Guides, a non-profit group that works with the Singapore Tourism Board to promote guides here, for exposing the data of about 100 of its members.

In collecting the personal data from its members, such as contact numbers and images of their identification documents, the group did not put in place protection measures, allowing members of the public to be able to access the information.

  • US Department of Defence

The US Department of Defence confirmed that computer systems controlled by the Defence Information Systems Agency (DISA) had been hacked, exposing the personal data of about 200,000 people.The data exposed included names and social security numbers.

The agency is responsible for the military cyber-security and it sets up communications networks in combat zones.It oversees military communications including calls for US President Donald Trump.

  • Puerto Rico

Puerto Rico’s government has lost more than $2.6 million by falling for an email phishing scam.

Enforcements

NameFineAuthority
Mayor’s Office of the city of
Kecdkemét
EUR 3,200Hungarian National Authority for
Data Protection and the Freedom
of Information
Bergen MunicipalityEUR 1,70,000Norwegian Supervisory Authority
Italian political party-Movimento
5 Stelle
EUR 50,000Italian Data Protection Authority
Oslo Municipal Education
Department
EUR 1,20,000Norwegian Supervisory Authority
Directorate of Social and Child Welfare
Institutions of the Ferencvaros District of Budapest
EUR 286Hungarian National Authority for
Data Protection and the Freedom
of Information
UNIONTRAD COMPANYEUR 20,000French Data Protection Authority
WORLD TRADE CENTER BUCHAREST SAEUR 15,000Romanian National Supervisory
Authority for Personal Data
Processing
Budapest Environs Regional
Court
EUR 8,575Hungarian National Authority for
Data Protection and the Freedom
of Information
Major of Aleksandrów KujawskiEUR 9400Polish National Personal Data
Protection Office
General Confederation of Labour
(‘CGT’)
EUR 3,000Spanish Data Protection Authority
Community of Francavilla
Fontana
EUR 10,000Italian Data Protection Authority
Rælingen MunicipalityEUR 73,600Norwegian Supervisory Authority
Gladsaxe MunicipalityEUR 14,000Danish Data Protection Authority
Health and Medical Board of the
Region of Örebro County
EUR 11,200Data Protection Authority of
Sweden
Lejre MunicipalityEUR 6,700Danish Data Protection Authority
Municipality of RælingenEUR 46,660Norwegian Data Protection
Authority
National Institute for Social
Security – Department of the
Province of Brescia
EUR 4000Italian Data Protection Agency
Surveyor General of Poland
(‘GKK’)
EUR 22,700Polish National Personal Data
Protection Office
Bergen MunicipalityEUR 2,76,000Norwegian Data Protection
Authority
Comune di CollegnoEUR 2,000Italian Data Protection Authority
Gnosjö MunicipalityEUR 19,500Swedish Data Protection Authority