Q2 '24 Data Breaches 

APR 25

KAISER

Kaiser Permanente, the Oakland-based health care conglomerate, is warning millions of customers that one of its divisions may have exposed their names, symptom searches and other data to major tech companies.

Kaiser Foundation Health Plan Inc. disclosed the data breach to the U.S. Department of Health and Human Services on April 12. TechCrunch first reported the news. 

Kaiser told SFGATE in a statement on Thursday, “certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors Google, Microsoft Bing, and X (Twitter).”

APR 25

PIPING ROCK 

Piping Rock, a US-based producer of vitamins and dietary supplements, has allegedly been breached, with attackers accessing over 2.1 million emails.

An ad for the company’s data recently appeared on a well-known data leak forum. The culprit claims that the personal details of nearly a million customers lie within 2.1 million stolen emails.

The Cybernews research team has looked into the data sample that the attacker provided and concluded that the information appears to be legitimate.

We’ve reached out to Piping Rock for comment but did not receive a response before publishing.

The attacker claims to have obtained the personal details of 957,384 of the company’s customers, including:

Email addresses, Names, Phone numbers, Home addresses & Purchases

The attacker’s post reads, “The management suddenly just stopped in the middle of negotiations,” implying that the hacker has been discussing the data theft with the company.

APR 24

US COAST GUARD  

The Coast Guard Reserve alerted thousands of its personnel to a data breach last week, nearly three months after someone improperly sent their personally identifiable information to unapproved recipients, the service confirmed Tuesday.

An April 18 notification from the Coast Guard Reserve warned that a data exposure discovered Jan. 24 distributed the private material to “individuals with no authority to view the information,” a retired Coast Guardsman, who received the notification and spoke on the condition of anonymity, told Military Times.

The incident, which affected 10,700 Coast Guard Reserve members, occurred amid a push from the White House to have the maritime service bolster cybersecurity at American ports.

The Coast Guard said that the home addresses of 7,554 individuals, and the names and employee identification numbers of another 3,146, inadvertently were released. A review by the service of the incident revealed that a document used for internal processes had a separate tab that contained the info, which went to the personal email addresses of 85 Coast Guard Reserve members, it said.

APR 23

UNITED HEALTH GROUP   

The cyberattack on Change Healthcare in February targeted the data of “a substantial proportion of people in America,” UnitedHealth Group (UHG) said this week, with the company confirming it paid a ransom in an effort to protect patient information.

“Based on initial targeted data sampling to date, the company has found files containing protected health information (PHI) or personally identifiable information (PII), which could cover a substantial proportion of people in America,” UHG said in an update on Monday regarding the attack on its subsidiary.

APR 20

MINISTRY OF EDUCATION  

A data breach at one of its vendors has resulted in the "unauthorised access" of names and email addresses of parents and staff from five primary schools and 122 secondary schools, the Ministry of Education (MOE) said on Friday (Apr 19). 

MOE said it was notified by Mobile Guardian that its user management portal had been breached on Wednesday, with the incident occurring at the company's headquarters in Surrey, United Kingdom. 

Mobile Guardian is a device management app (DMA) installed on personal learning devices used by students, like iPads and Google Chromebooks. The app enables parents to manage students’ device usage by restricting applications or websites and screen time. 

APR 16

THE REHABILITATION HOSPITAL OF SOUTHERN MEXICO  
A Las Cruces rehabilitation center said a cyber attack gave hackers access to sensitive personal and medical information of thousands of people.

The Rehabilitation Hospital of Southern New Mexico's IT network was breached between Jan. 16 and Feb. 4. The hospital is located on Lohman Ave. and offers in-patient and out-patient rehabilitation services.

Patient information ― names, addresses, dates of birth, medical record numbers, health insurance plan member IDs, and healthcare data ― were accessed, the company said. Data from the U.S. Department of Health and Human Services showed 5,466 people were affected by the hacking of the network server.

APR 12

ROKU 
The streaming video platform Roku says that it has uncovered a new data breach impacting 576,000 accounts.

Rather than a hacker breaking into Roku’s system, the attack utilized a technique called “credential stuffing,” with the accounts compromised by hackers that obtained log-in data from other sources.

APR 11

SISENSE 
A federal cybersecurity agency is investigating the hacking of Sisense, a business intelligence company. Organizations that had a relationship with the firm are being advised to quickly take safety precautions.

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is investigating a data breach that may have enabled hackers to gain access to a trove of sensitive information from organizations in industries including financial services, telecommunications, healthcare and higher education.

Whether or not promotional products industry firms are affected wasn’t immediately clear, but Krebs on Security said that Sisense – the business intelligence company victimized by the hacking – works with over 1,000 clients across a range of verticals. A source told ASI Media it’s likely that some promo firms are impacted. Even if a company didn't directly work with Sisense, there's at least the potential for exposure if one of their subprocessors/vendors did. 

APR 8

BoAt LIFESTYLE 
In a disturbing turn of events, personal data belonging to over 7.5 million customers of boAt Lifestyle, a prominent manufacturer of audio products and smartwatches, has reportedly surfaced on the dark web, reported Forbes. 

As per the report from the publication, this breach has been unveiled by a hacker known as ShopifyGUY and he has shocked the cybersecurity landscape. This breach has accessed sensitive data including names, addresses, contact numbers, email IDs, and customer IDs of the customers. The leaked dataset, weighing in at around 2GB, presents a substantial threat to those impacted, leaving them vulnerable to potential financial fraud, phishing attempts, and identity theft.

APR 8

GREYLOCK MCKINNON ASSOC.  
U.S. consulting firm Greylock McKinnon Associates (GMA) disclosed a data breach in which hackers stole as many as 341,650 Social Security numbers.

GMA provides economic and litigation support to companies and U.S. government agencies, including the U.S. Department of Justice, bringing civil litigation. According to its data breach notice, GMA told affected individuals that their personal information “was obtained by the U.S. Department of Justice (“DOJ”) as part of a civil litigation matter” supported by GMA.

APR 4

CITY OF HOPE 
City of Hope, a cancer hospital operator and clinical research organization, disclosed a data breach that potentially compromised the personal and health information of nearly 1 million patients.

In a notice posted to its website April 2, City of Hope said almost six months ago, on Oct. 13, 2023, it became aware of suspicious activity on its systems. The organization immediately instituted mitigation measures to minimize any disruption to its operations, it said in the online notice.

The hackers stole files that may have contained patient names, contact information such as email address and phone numbers, dates of birth, Social Security numbers, driver’s license or other government identification, financial details (such as bank account numbers and/or credit card details), health insurance information, medical records and information about medical history and/or associated conditions, and/or unique identifiers to associate individuals with City of Hope, like a medical record number, the organization disclosed.

APR 1

AT&T 
AT&T announced it is investigating a data breach involving the personal information of over 70 million current and former customers leaked on the dark web.
According to information about the breach on the company's website, 7.6 million current account holders and 65.4 million former account holders have been impacted. An AT&T press release said the breach occurred about two weeks ago and has not yet had a "material impact" on its operations.
AT&T said the information included in the compromised data set varies from person to person. It could consist of social security numbers, full names, email and mailing addresses, phone numbers, dates of birth, AT&T account numbers, and passcodes.