top of page

Q2 '24 Data Breaches 

V2verify Is The Key To Preventing Data Breaches

V2verify is the answer for preventing data breaches like these, but until they are no longer an issue, we want to provide you with tools and information to minimize your risk and exposure.   

Third Quarter ~ 2024

August 2024

July 2024

AUG 28

DICK'S SP[ORTING GOODS

Dick’s Sporting Goods is the latest high-profile organization dealing with an information systems breach.
The retailer revealed the incident in a filing with the Securities and Exchange Commission (SEC) Wednesday (Aug. 28), one week after it discovered “unauthorized third-party access” to its systems, including some confidential information.
“Immediately upon detecting the incident, the company activated its cybersecurity response plan and engaged with its external cybersecurity experts to investigate, isolate and contain the threat,” the filing said.
Dick’s added in the filing that it has notified federal law enforcement, that its investigation is ongoing, and that it has no knowledge that the breach disrupted its business operations.
“Based on the company’s current knowledge of the facts and circumstances related to this incident, the company believes that this incident is not material,” the filing said.

AUG 26

PARK'N FLY 

A popular airport parking service is warning approximately one million Canadian customers that their personal information may have been compromised in a widespread data breach last month.
In a statement to CTV News Toronto on Monday, Park’N Fly confirmed that a third-party had breached its networks through an unauthorized remote VPN sometime between July 11 and 13. The company's platforms were fully restored within five days of the incident, it said.
The leaked information included the names, email and mailing addresses, and Aeroplan and CAA numbers of approximately one million customers, the statement said. Customers' credit card and payment information, along with passwords, were not stored on the compromised server and were therefore not impacted, it said.

AUG 10 

TRUMP CAMPAIGN

Republican presidential nominee Donald Trump’s campaign said Saturday that it had been hacked and blamed Iran for breaking into its data, days after Microsoft revealed the terror-backing nation has been ramping up online activity in an attempt to influence the US election.
Trump spokesman Steven Cheung made the announcement following report from Politico that said the outlet had received anonymous emails that included documents from inside Trump’s campaign operation.
The campaign cited the report from Microsoft on Friday that said a presidential campaign had been targeted with an email phishing attack in June, according to reports.

AUG 8 

ADT 

ADT confirmed this week that it was recently hacked, compromising some customer data.
The home security company did not say when the cyberattack and data breach occurred, but disclosed that the attackers accessed the company’s databases containing customer home addresses, email addresses and phone numbers.

In a brief regulatory filing published late Wednesday, ADT said it has “no reason to believe” that customer home security systems were compromised during the incident, but ADT did not say how it reached that conclusion. The statement said a “small percentage” of customers are affected, but did not provide a more specific number.

AUG 8 

NATIONAL PUBLIC DATA 
In one of the largest data breaches in history, the personal information of nearly 3 billion individuals has been stolen from National Public Data, a background check and fraud prevention service provider.
The breach, which came to light through a class action lawsuit filed in Florida, has sent shockwaves through the cybersecurity community and raised serious concerns about data privacy and protection.
The stolen data includes highly sensitive information such as full names, current and former addresses dating back 30 years, Social Security Numbers, and family member details.
This breach is particularly alarming because many affected individuals may be unaware that National Public Data even collected their data, as the company reportedly scraped personally identifiable information (PII) from non-public sources without explicit consent. 

AUG 1

HEALTHEQUITY 

Health savings account (HSA) company HealthEquity’s March data breach affected some 4.3 million people, the firm has now admitted.
A data breach notice filed with the office of the attorney general in Maine revealed millions of customers likely had their personal and protected health information stolen.
HealthEquity first noticed a potential security incident in March and analyzed its data until confirming in June that a threat actor had accessed the company’s data repository.
HealthEquity found that a vendor’s user account had access to an online data storage location, resulting in them having the ability to access “a limited amount of data stored in a storage location outside [its] core systems.”

JULY  25

SPYTECH

A little-known spyware maker based in Minnesota has been hacked, TechCrunch has learned, revealing thousands of devices around the world under its stealthy remote surveillance.
A person with knowledge of the breach provided TechCrunch with a cache of files taken from the company’s servers containing detailed device activity logs from the phones, tablets, and computers that Spytech monitors, with some of the files dated as recently as early June. .

JULY  25

MINLAY

The personal information of about 128,000 customers of moneylenders has been stolen after a third-party IT vendor was hacked.
The Ministry of Law (MinLaw) on Thursday (Jul 25) confirmed the data breach involved the borrower data of 12 licensed moneylenders that are using the services of Ezynetic, a third-party IT vendor they engaged.
Ezynetic's system is not hosted on or linked to the government's network, said MinLaw, which is the regulator of licensed moneylenders.
The ministry added that Ezynetic's system was "accessed by a malicious actor" and data containing "personal identifiable information" was leaked.
 

JULY  18

MEDISECURE 

About 12.9 million Australians had their data stolen in the MediSecure hack earlier this year, the eScripts provider has revealed, placing it among the largest cyber breaches in Australian history.
MediSecure, which facilitates electronic prescriptions and dispensing, confirmed in May it was the victim of a ransomware attack, although the theft itself took place earlier, and continued until November 2023.
The company had not previously disclosed how many Australians were affected, and has not contacted people individually.
Medisecure was one of only two eScript providers in Australia until late last year, when competitor eRx took over the government contract to supply the entire market.

JULY  17

RITE AID 

Rite Aid reported a cybersecurity breach that occurred last month on June 6. Although the company maintains that Social Security and financial information were not breached—just data from the purchase or attempted purchase products—up to 2.2 million customers’ data may have been affected.
“On June 6, 2024, an unknown third party impersonated a company employee to compromise their business credentials and gain access to certain business systems. We detected the incident within 12 hours and immediately launched an internal investigation to terminate the unauthorized access, remediate affected systems, and ascertain if any customer data was impacted,” wrote Andrew Palmer, RPh, CIPP-US, CCEP, Rite Aid’s Chief Privacy Officer, in a notice of data breach sent to Rite Aid customers.
A third-party hacker stole the customer data of people who purchased or attempted to purchase Rite Aid products from June 6, 2017, to July 30, 2018. No financial data were breached; however, names, birth dates, addresses, and driver’s license numbers and/or government IDs were potentially obtained as a result of the event.

JULY  13

AT&T

In a security breach, the data of nearly all customers of the telecommunications giant AT&T was downloaded from a third-party platform.
The breach, which took place in April of this year but mainly involved data from 2022, hit AT&T's cellular customers and customers of mobile virtual network operators using AT&T's wireless network, as well as landline customers who interacted with those cellular numbers.
According to AT&T, approximately 109 million customer accounts were impacted. The company said it currently doesn't believe the data is publicly available.

JULY 04

TWILO'S AUTHY APP

Cloud communications provider Twilio has revealed that unidentified threat actors took advantage of an unauthenticated endpoint in Authy to identify data associated with Authy accounts, including users' cell phone numbers.
The company said it took steps to secure the endpoint so that unauthenticated requests would no longer be accepted.

JULY 01

NIEMAN MARCUS 
Neiman Marcus is the latest victim of a cyber threat campaign. The luxury retailer notified the Maine Attorney General's Office that a company data breach impacted 64,472 customers. Neiman Marcus confirmed the data was compromised customer credentials.
A financially motivated threat actor is suspected of having stolen a significant volume of records from customer environments using stolen customer credentials, advertising victim data for sale on cybercrime forums, and attempting to extort many of the victims. 

JULY 01

GEISINGER

Nuance Communications Inc., an outside vendor that provides information technology services for Geisinger, is notifying Geisinger patients that a former Nuance employee may have accessed some personal information.

An investigation was launched, and law enforcement was engaged. Because it could have impeded their investigation, law enforcement investigators asked Nuance to wait until now to notify patients of this incident. The former Nuance employee has been arrested and is facing federal charges.
Through its investigation, Nuance determined the former employee may have accessed and taken information pertaining to more than one million Geisinger patients. The information varied by patient but could have included names in combination with one or more of the following: date of birth, address, admit and discharge or transfer code, medical record number, race, gender, phone number and facility name abbreviation. 
 

What to Do If Your Data Is Breached
Major database breaches are a regular occurrence, meaning it’s not a matter of if you’ll get hit, but when. The good news is that being proactive when this happens can help prevent the headaches that come from the breach. 

bottom of page