Public Cloud Security Breaches

Mark Kevin Robison, previously a vice president at Commonwealth Health Corporation (now known as Med Center Health), has been placed on 2 years of probation and has been instructed to provide $140,000 in reimbursement for unlawfully revealing patients' protected health data. The incident took place from 2014 to 2015 and endangered the confidentiality of patients at Commonwealth Health Corporation. Improved access controls, monitoring systems, and adequate training on HIPAA regulations could have averted this breach.

The Codespaces.com data breach of 2014 was an incident where an unknown attacker's DDoS attack evolved into an extortion and culminated in the deletion of substantial company data and backups. This breach not only illustrates the catastrophic consequences of insufficient cybersecurity measures but also underscores critical lessons in cloud security, incident response, and the necessity of backup strategies.

BrowserStack experienced a data breach in November 2014 due to an unpatched server vulnerable to the shellshock exploit. An attacker exploited this machine to access AWS services, extract user information, and send out misleading emails. The incident highlighted the need for better security practices, including regular updates, termination of unnecessary resources, and improved monitoring of cloud services.

Uber's breaches exposed the personal data of millions of users and led to significant legal and financial consequences for the company due to poor security practices and mishandling of the aftermath.

CareFirst BlueCross BlueShield faced a data breach in 2014 compromising the data of 1.1 million plan members. After 9 years of legal action, a contract class was certified, highlighting the need for robust cybersecurity measures and swift breach response.