Q1'24 Data Breaches 

FEB 29

HOUSER LLP
Houser LLP, a U.S. law firm that specializes in serving high-profile financial institutions, said a system breach discovered in May 2023 exposed the personal data — possibly including sensitive information such as credit card numbers — of more than 325,000 people.
In a regulatory filing posted Wednesday by Maine’s attorney general, the company said certain files were encrypted during the incident and were “copied and taken from the network.”
The data included names “and one or more of Social Security number, driver’s license number, individual tax identification number, financial account information, and medical information,” Houser said.

FEB 27

CENCORA
Cencora Inc. disclosed on Tuesday a cybersecurity incident in which data, some of which may have contained personal information, was stolen from the drug distributor's information systems.
The unauthorized activity was detected on Feb. 21 and the company had taken immediate steps to contain it, Cencora said in a regulatory filing.
The company said it has also commenced an investigation with the assistance of law enforcement, cybersecurity experts and external counsel.

FEB 26

LOANDEPOT
Almost 17 million LoanDepot customers had sensitive personal information, including Social Security numbers, stolen in a January ransomware attack, the company has confirmed.
The loan and mortgage giant company said that the stolen LoanDepot customer data includes names, dates of birth, email and postal addresses, financial account numbers, and phone numbers. The stolen data also includes Social Security numbers, which LoanDepot collected from customers.

FEB 23

AMERICAN VISION PARTNERS
Medical Management Resource Group, doing business as American Vision Partners, experienced a cybersecurity incident impacting patient data.
American Vision Partners detected unauthorized activity within its computer network on Nov. 14, according to a Feb. 6 news release. The company contained the incident by isolating affected systems and launched an investigation with third-party cybersecurity firms.
Information that may have been affected includes names, contact information, dates of birth, certain medical information, and in certain cases, Social Security numbers and insurance information.

FEB 23

U-HAUL
Truck and trailer rental company U-Haul said on Friday that some customers in the U.S. and Canada were affected by a data breach in December.
An “unauthorized party” used “legitimate credentials” to access a system that U-Haul dealers use to track reservations and view customer records, the company said in a regulatory filing with the state of Maine.
The original posting did not include the number of affected persons, but a U-Haul spokesperson told Recorded Future News that the incident involved the data of about 67,000 in the U.S. and Canada.
The breached data included driver’s license numbers and other identification card numbers. The incident did not involve the company’s payment system, U-Haul said.

FEB 22

MR COOPER
U.S. healthcare technology giant Change Healthcare has confirmed a cyberattack on its systems. In a brief statement, the company said it was 'experiencing a network interruption related to a cyber security issue.'

FEB 22

CHANGE HEALTHCARE
U.S. healthcare technology giant Change Healthcare has confirmed a cyberattack on its systems. In a brief statement, the company said it was 'experiencing a network interruption related to a cyber security issue.'

FEB 21

TANGERINE
Internet service provider Tangerine has suffered a data breach, with the full names, dates of birth, email address and mobile phone numbers of more than 200,000 customers taken by hackers.

FEB 20

WYZE
Around 13,000 Wyze security camera customers were able to see sensitive content from strangers’ devices Friday. As cameras were coming back online after a service outage, the customers saw thumbnails from other people’s feeds in their apps, and some clicked through to see videos. 
The Seattle-based company alerted customers about the “security incident” in an email Monday. It says the original hours-long outage was caused by Amazon Web Services. When the cameras came back online, the device IDs and user ID mapping were mixed up, leading to some people having access to data from the wrong accounts. The company said a separate third-party partner caused the problem, but that issue has already been fixed. 

FEB 17

IDAHO NATIONAL LABORATORY
Idaho National Laboratory has announced several lab employees have received suspicious letters at their homes in the wake of a November data breach.
The breach occurred within Oracle HCM, a federally approved vendor system that resides outside the lab and supports certain INL Human Resources applications, the lab’s website said. The stolen information affected many current and previous employees of Battelle Energy Alliance, the contractor that manages INL, and some Idaho Cleanup Project employees, the website said.

FEB 16

TE WHATU ORA
At least 12,000 people have been had their personal information disclosed by a former staff member of Te Whatu Ora.

FEB 16

GOA
The United States Government Accountability Office (GAO), the independent, nonpartisan government agency within the legislative branch that serves as a federal watchdog organization announced this week that it was alerted by an IT contractor of a cyber breach that occurred last month. CGI Federal notified the agency of the breach that may have affected about 6,000 current and former GAO employees.

FEB 15

WILLIAMSON COUNTY
Williamson County officials are warning about a “data security event” that affected the 277th District Court in November 2022.
In a press release Thursday, officials said the county became aware of “suspicious activity in its email environment” on Nov. 10, 2022.
An investigation found that an unauthorized actor gained access to an email account of a member of the 277th District Court sometime between Nov. 1 and Nov. 10, and “may have viewed or taken certain information contained therein.”

FEB 15

US INTERNET
US Internet's email security business exposed thousands of its customers' emails on the open internet due to human error.
The gaffe was discovered by a Milwaukee computer security consultant and made public Wednesday by cybersecurity expert Brian Krebs. Minnetonka-based US Internet said Thursday the problem has been resolved, and it's assessing how much data may have been accessed.

FEB 14

DOD
The U.S. Department of Defense has begun informing current and former employees, partners, and job applicants regarding the potential exposure of their personally identifiable information stemming from a service provider's inadvertent leak of several emails between Feb. 3 and Feb. 20, 2023

FEB 14

INTEGRIS HEALTH
Nearly 2.4 million patients of Oklahoma City-based Integris Health were caught up in a data breach where the alleged hackers sent extortion emails directly to some of them.
The health system reported Feb. 6 that it determined an "unauthorized party" had accessed or stolen patient data Nov. 28. Integris also said it learned Dec. 24 that a group claiming responsibility for the hack was reaching out to patients.    

FEB 14

PRUDENTIAL FINANCIAL 
Prudential Financial has disclosed that its network was breached last week, with the attackers stealing employee and contractor data before being blocked from compromised systems one day later.
This leading global financial services Fortune 500 company manages roughly $1.4 trillion in assets, and it provides insurance, retirement planning, as well as wealth and investment management services to over 50 million customers across the United States, Asia, Europe, and Latin America.

FEB 13

BANK OF AMERICA
An attack on a technology partner claimed by LockBit ransomware exposed sensitive information, including Social Security numbers, of more than 57,000 banking customers.
Bank of America has warned customers of a leak of their sensitive data that occurred due to a ransomware attack that breached the environment at technology partner Infosys McCamish Systems (IMS) last autumn. It's an incident that once again highlights the importance of securing access to data and environments across third-party systems.
At least 57,028 customers were affected in the breach, which occurred when "when an unauthorized third party accessed IMS systems, resulting in the non-availability of certain IMS applications," 

FEB 12

VIAMEDIS & ALMERYS
Nearly half the citizens of France have had their data
exposed in a massive security breach at two third-party healthcare payment servicers, the French data privacy watchdog disclosed last week.

Payments outfits Viamedis and Almerys both experienced breaches of their systems in late January, the National Commission on Informatics and Liberty (CNIL) revealed, leading to the theft of data belonging to more than 33 million customers. Affected data on customers and their families includes dates of birth, marital status, social security numbers and insurance information. No banking info, medical data or contact information was compromised, the CNIL added.

FEB 8

CONNECTICUT COLLEGE
Connecticut College has brought in cybersecurity experts to investigate a data security incident that might have compromised files in the college's computer system, including social security numbers. The college first detected unauthorized activity over a year ago in March 2023, according to a release from today. Afterwards, officials notified law enforcement and began an investigation into what personal information was involved in the breach. Social security numbers, credit files and medical information may be involved in the breach. The college "has no evidence that any personal information has been or will be misused as a direct result of this incident," according to the release.

FEB 7

CALIFORNIA STATE WORKER UNION
California’s largest state employee union fell victim to a ransomware attack last month that, according to a cybersecurity analyst, likely exposed Social Security numbers, home addresses, birth dates and other sensitive information.
The union, which represents close to 96,000 California state workers, first reported news of a “network disruption” on Jan. 20, two days after the breach occurred. At the time, SEIU Local 1000 told members that it was “currently assessing what was affected.”
Union spokesperson Jim O’Donnell confirmed Tuesday that authorities were investigating the incident but declined to identify which law enforcement agencies were involved. He also said investigators were still determining whether any personal data — employees’ or members’ — was compromised.

FEB 8

AZURA VASCULAR CARE
Azura Vascular Care, a Pennsylvania-based operator of 70 outpatient vascular centers and ambulatory surgery centers in 25 states and Puerto Rico, notified the HHS’ Office for Civil Rights last month about a cybersecurity incident involving the protected health information of 348,000 patients.

FEB 6

VERIZON
Verizon is notifying more than 63,000 people, mostly current employees, that an insider, accidentally or otherwise, had inappropriate access to their personal data.
At the heart of the drama: A Verizon employee apparently obtained a file that they shouldn't have had access to, containing personal information including: names, addresses, Social Security numbers or other national identifiers, gender, union affiliation (if applicable), dates of birth, and compensation informatio

FEB 5

KEENAN & ASSOC
Keenan & Associates, the third-party administrator of Prime Healthcare’s employee benefit health plan, has been involved in a cybersecurity incident. 
In late August 2023, Keenan discovered disruptions occurring on some of its network servers. Keenan immediately began an investigation and engaged leading third-party cybersecurity and forensic experts to assist. Upon detection, Keenan took prompt action to contain it. Keenan also notified law enforcement.

FEB 5

MERCEDES-BENZ
A GitHub token leak compromised Mercedes-Benz's source code, revealing critical internal information including intellectual property, passwords, and cloud access keys. The breach was traced back to a Mercedes-Benz employee's GitHub  token, found in a public repository on September 29. RedHunt Labs researchers determined that this token provided unrestricted access to the car manufacturer's internal GitHub Enterprise Server.
Sensitive data exposed in the leak included database connection strings, cloud access keys, blueprints, design documents, single sign-on (SSO) passwords, API keys, and other vital internal details

FEB 5

HPE
Hewlett Packard Enterprise (HPE) is investigating a potential new breach after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains HPE credentials and other sensitive information.
The company has told BleepingComputer that they have not found any evidence of a security breach and no ransom has been requested, but it's investigating the threat actor's claims.

FEB 2

CANOPY CHILDRENS SOLUTIONS
Canopy Children’s Solutions sent out data breach letters to anyone who was affected by the recent data security incident. Unfortunately, the publicly available Canopy Children’s Solutions data breach letter does not specifically mention what type of information was subject to unauthorized access. However, The personalized data breach letters sent to individual victims should provide victims with a list of what information belonging to them was compromised.

FEB 2

ANYDESK
AnyDesk, a remote access software company based in Germany with 170,000 customers globally, including Comcast and Thales, has confirmed its production systems were compromised in a security incident.  The company had left customers sweating for three days after client logins failed and it notified them of unplanned maintenance. A changelog showed it invalidated a previous code signing certificate on January 29. Germany's BSI warned after the incident that "possible leakage of the source code and certificates poses a risk of that this information could be used for further attacks on the provider's customers."

FEB 2

EXACTECH
Global orthopedic implant device and surgical instrument manufacturer Exactech had its computer network breached in April, resulting in the potential compromise of personal data belonging to 4,230 individuals across the U.S., reports Cybernews.

Information that could have been stolen in the data breach included individuals' names, usernames, email addresses, and passwords, as well as Social Security numbers and other government ID numbers, medical and health insurance details, and debit card or credit card data, although the types of exfiltrated data were different among victims, according to Exactech.

FEB 2

CLOUDFLARE

Last fall, Cloudflare announced it mitigated an attempted cyberattack stemming from the infamous Okta breach. But the cybersecurity vendor revealed on Thursday that this was not the case.

Cloudflare disclosed that it had been breached by an unnamed nation-state threat actor using an access token and three service account credentials that were stolen during the Okta breach in October. Cloudflare initially detected the attacker in its self-hosted Atlassian server on Thanksgiving Day and began investigating the breach, with later assistance from CrowdStrike.
According to the blog post, the threat actor accessed Cloudflare's internal wiki on Atlassian Confluence, its bug database on Atlassian Jira and its source code management system on Atlassian Bitbucket. Cloudflare said the operational impact of the breach was "extremely limited" and that no customer data or systems were impacted.