Q4'23 Data Breaches 

SNAPP FOOD
An Iranian hacking group, called IR Leaks, has claimed responsibility for a cyberattack on Snapp Food, the country's largest food delivery app.  The hackers boast access to the personal details of over 20 million users, exposing a vast trove of sensitive information.

EASYPARK GROUP
EasyPark Group, Europe’s largest parking application operator, has disclosed a data breach impacting customer information.
The company determined on December 10 that it was targeted in a cyberattack and an investigation revealed that “non-sensitive customer data” had been compromised.
Data stolen by hackers includes name, phone number, physical address, email address and partial IBAN or credit/debit card numbers.

CATAPULT
Who would have thought an Australian data analysis company would become the talking point ahead of the Rose Bowl on New Year’s Day. Catapult, the company that handles video footage for college football programs, said on Friday that the NCAA is conducting an investigation into an allegation that an unnamed college football program gained unauthorized access to its materials. Meanwhile, a recent update puts the Ohio State team under the scanner as the team allegedly behind this breach.

PAN-AMERICAN LIFE INSURANCE
Pan-American Life Insurance Group, Inc. (PALIG) has recently confirmed that it was one of the victims of the Clop hacking group, which exploited a zero-day vulnerability in Progress Software’s MOVEit Transfer file transfer solution in late May 2023.

ANNA JAQUES HOSPITAL
The string of damaging cyberattacks against U.S. healthcare facilities continued this week as an incident knocked out the electronic health records system at a Massachusetts hospital and caused the facility to turn away ambulances on Christmas Day.
Anna Jaques Hospital, about 35 miles north of Boston, was “open to all patients” on Friday as it continued to recover from the attack, a spokesperson told WCVB-TV. Reports said the hospital resumed accepting ambulances on December 26.
The facility, part of the Beth Israel-Lahey Health system, has not released details about the attack, which reportedly began on December 24. A spokesperson did not respond to questions from Recorded Future News about the nature of the incident.

NATIONSTAR MORTGAGE
A prominent mortgage and loan firm headquartered in Coppell announced that a recent security breach might have impacted 14.69 million homeowners. 
Mr. Cooper Group Inc., previously recognized as Nationstar Mortgage, did not disclose the specific cyberattack method responsible for the unauthorized access to customer data. Via a notice letter obtained by the Attorney General of Maine, stating that the attack was an “external system breach.” According to the letter, 59,917 of those affected are residents of Maine. 

HEALTHEC
A second breach of a Michigan health system this year has exposed more than 1 million patients' personal and medical information, state officials announced Tuesday.
In announcing the breach, she said the exposed information could include names, addresses, birth dates, Social Security numbers, medical records, including diagnoses, health insurance information, billing information and more.

RETINA GROUP+
Retina Group of Washington, PLLC, filed a breach report with the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) that involved the protected health information of 455,935 individuals. Retina Group of Washington did not state the cause of the cyberattack but suggests this was a ransomware attack. In the notification letters, Retina Group of Washington said the investigation into the cyberattack is still ongoing, but it has been confirmed that patient data was stolen in the attack.

MICHIGAN HEALTH SYSTEM
A second breach of a Michigan health system this year has exposed more than 1 million patients' personal and medical information, state officials announced Tuesday.
The cyberattack hit HealthEC, a health management technology company that provides services to Corewell Health's southeastern Michigan properties.k.

LOANCARE
LoanCare suffered a data breach last month, which resulted in the theft of sensitive customer data, the insurance service company has confirmed.
Roughly 1.3 million people were affected by the breach, the company further explained, as hackers stole people’s full names, physical addresses, Social Security Numbers (SSN), and loan numbers. 
This information can be used in all kinds of cyberattacks, from phishing, to identity theft, and wire fraud. Users are advised to be wary of any incoming email messages, phone calls, or other forms of communication, in which people claim to be calling from LoanCare.

PANASONIC AVIONICS CORP
Panasonic Avionics Corporation, a leading supplier of in-flight communications and entertainment systems, disclosed a data breach affecting an undisclosed number of individuals after its corporate network was breached more than one year ago, in December 2022.
The attacker breached a subset of devices on its corporate network and gained access to what it describes as information collected from affected individuals and their employers.

COREWELL HEALTH
Over 1 million patients' information is at risk after the latest data breach on Michigan health care facilities.
A recent cyberattack on a Corewell Health vendor facility breached the data of over 1 million patients in the state.
The incident happened at HealthEC, LLC, a Corewell Health vendor in Lansing. HealthEC sent notice letters to affected patients on Dec. 22. Though not required under state law, Corewell Health reported the breach to the state attorney general's office before publicly announcing the incident.

NATIONAL AMUSEMENTS
National Amusements, the cinema chain and corporate parent giant of media giants Paramount and CBS, has confirmed it experienced a data breach in which hackers stole the personal information of tens of thousands of people. Details of the December 2022 breach only came to light a year later, after the company began notifying those affected last week.

INTEGRIS HEALTH
In a statement, Integris Health confirmed the following patient data may have been compromised: Date of birth, contact and demographic information and social security number

UBISOFT
Ubisoft is investigating a potential security breach after screenshots of what appears to be from Ubisoft's internal software surfaced online.

MINT MOBILE
On December 22, 2023, Mint Mobile started notifying impacted customers.
“We are writing to inform you about a security incident we recently identified in which an unauthorized actor obtained some limited types of customer information. Our investigation indicates that certain information associated with your account was impacted.” reads the data breach notification email sent to the impacted customers. “Mint’s data collection policy is one of the most important ways in which we ensure the privacy and security of our subscribers. We never collect dates of birth or government-assigned identifiers like social security numbers or driver license ”

ST VINCENTS HEALTH
St Vincent’s Health says it has sustained a cyberattack and hackers have stolen data from its network, with the hospital and aged care provider urgently investigating the incident.
St Vincent’s, which is the nation’s largest not-for-profit health and aged care provider, said it discovered the attack on Tuesday and an investigation into what data has been stolen remained ongoing. 

SECURITY 1ST TITLE
Security 1st Title, LLC filed a notice of data breach with the Attorney General of Maine after discovering that an unauthorized party accessed the company’s IT network. In this notice, Security 1st explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, dates of birth, driver’s license numbers, state identification numbers, financial account numbers, credit or debit card numbers, passport numbers, and medical information. 

ESO SOLUTIONS
Austin-based ESO Solutions said it “detected and ESO Solutions, a provider of software solutions for hospitals, health systems, EMS agencies, and fire departments, has confirmed that it fell victim to a ransomware attack in September 2023 that resulted in file encryption. ESO Solutions identified suspicious activity within its network on September 28, 2023, and took immediate action to isolate its systems and prevent further unauthorized access to its network.

INSOMNIAC GAMES
Acclaimed Sony-owned game development studio Insomniac Games became the victim of a large-scale ransomware attack this week, as initially reported by Cyber Daily. Ransomware group Rhysida dumped 1.67TB of data, including assets and story spoilers from unreleased games, a road map of upcoming titles, internal company communications, employees' personal data such as passport scans and compensation figures, and much more.

XFINITY
Comcast has confirmed that hackers exploiting a critical-rated security vulnerability accessed the sensitive information of almost 36 million Xfinity customers.
This vulnerability, known as “CitrixBleed,” is found in Citrix networking devices often used by big corporations and has been under mass-exploitation by hackers since late August. 

VF CORPORATION 
The owner of Vans and the North Face says a data breach is affecting order fulfillment.
In a filing with the SEC, VF Corp said it detected “unauthorized occurrences” on its systems involving a “threat actor” who stole data, including personal information. While the company says it contained the incident, the breach is impacting its ability to fulfill orders ahead of the holidays.

MR COOPER
Hackers stole the sensitive personal information of more than 14.6 million Mr. Cooper customers, the mortgage and loan giant has confirmed.
In a filing with Maine’s attorney general’s office, Mr. Cooper said the hackers stole customer names, addresses, dates of birth and phone numbers, as well as customer Social Security numbers and bank account numbers. Mr. Cooper previously said that customer banking information was stored by a third-party company and believed to be unaffected.

MongoDB
MongoDB on Saturday disclosed it's actively investigating a security incident that has led to unauthorized access to "certain" corporate systems, resulting in the exposure of customer account metadata and contact information.
The American database software company said it first detected anomalous activity on December 13, 2023, and that it immediately activated its incident response efforts.

DELTA DENTAL 
Delta Dental of California and its affiliates are warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach.

AMCP PAYMENTS
AMCP Payments Intermediate Company, LLC d/b/a Talus Pay (“Talus Pay”) filed a notice of data breach with the Attorney General of California after discovering that an unauthorized party had gained access to an employee email account. In this notice, TalusPay explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information. 

TOYOTA
Toyota Motor Corporation subsidiary Toyota Financial Services has disclosed that its German customers had their data compromised following an intrusion against some of its European and African systems last month, which has been claimed by the Medusa ransomware gang.

Initial investigation revealed that attackers were able to exfiltrate customers' full names, contact details, residence addresses, lease purchase deals, and International Bank Account Numbers, although more data could have been stolen in the incident, said TFS in breach notification letters sent to affected clients.

FRED HUTCHINSON CANCER CENTER
Some current and former patients who were treated at the Fred Hutchinson Cancer Center and the University of Washington (UW) have started to receive threatening emails from hackers following the November 19 data breach against the UW healthcare facilities.
Last month, hackers hit a portion of the Seattle healthcare facility’s network. The center said the breach may have led to the leakage of some patient data, reports the Seattle Times. Within 72 hours, Fred Hutchinson took its clinical network offline, notified the FBI, hired a security firm to investigate the incident, added “defensive tools” and increased data monitoring. However, it didn’t offer credit monitoring to the patients whose data was stolen. Rather, it advised victims to monitor their credit.

AMERICOLD
Atlanta-based Americold confirmed that hackers had breached its systems on April 26 and accessed the information of current and former Americold employees as well as their dependents.
While the company did not explicitly call it a ransomware attack, it said the cybersecurity incident “involved the deployment of malware on certain systems.”
Its investigation concluded on November 8, with investigators finding that names, addresses, Social Security numbers, driver’s license/state ID numbers, passport numbers, financial account information, and employment-related health insurance and medical information were leaked.

BLUEWATERS
The ransomware group LockBit3 has published data files exfiltrated from BlueWaters on the dark web. The ransomware group set the deadline to publish the data online as December 09, 2023 after uploading the files on December 07.
The ransomware group boasts of four years and 98 days of continuous operation since September 03, 2019.
Cybersecurity researcher Shiva Parasram confirms that at least one of the links to published data files is a collection of 3.4 GB company information, which his cursory examination reveals includes a range of personally identifiable information including passport, company officer credit card information and ID scans along with other identification documents and data.

HENRY SCHEIN

Henry Schein has notified Maine’s attorney general that the personal information of 29,112 people, including more than three dozen residents of the state, may have been accessed in a Sept. 27 cyber incident that affected part of the company’s manufacturing and distribution businesses.

The hackers acquired information that included individuals’ names and financial account or credit/debit card numbers combined with the security code, access code, password or PIN for the account,

CHI MERCY HEALTH
CHI Mercy Health, along with 34 other hospitals across the country, have been affected by a data breach that took place earlier this year.
Welltok, Inc., a Software as a Service company that Mercy’s parent company uses, experienced a compromise of one of its servers housing the private information of patients. According to CHI Mercy Medical Center spokesperson Sarah Baumgartner, Mercy patients will receive letters of notification regarding the breach.
According to the letter, “Welltok operates an online contract management program platform that enables healthcare clients to provide patients and members with important notices and communications for CHI Mercy Health.”

NORTON HEALTH CARE
Kentucky health system Norton Healthcare has confirmed that a ransomware attack in May exposed personal information belonging to patients, employees, and dependents.
Norton Healthcare serves adult and pediatric patients in more than 40 clinics and hospitals across Greater Louisville, Southern Indiana, and the Commonwealth of Kentucky.
With over 20,000 employees, more than 1,750 employed medical providers, and over 3,000 total providers on its medical staff, Norton Healthcare is Louisville's second-largest employer, with more than 140 locations throughout Greater Louisville and Southern Indiana.
Roughly 2.5 million individuals had their data exposed in the attack, according to breach notification letters sent to those affected by the data breach.

SOCSO
It appears another Malaysian government agency has suffered a data breach involving personal data. A group self-described as ethical hackers posted a forum thread highlighting that Perkeso‘s portal has been breached. Perkeso is Malaysia’s social security organisation (Socso) which is under the Ministry of Human Resources.
It appears that the security incident started last week on 2nd December 2023 and as a result, Perkeso immediately placed its systems on maintenance mode starting 3rd December at midnight until further notice. As a result, all transactions including Perkeso deductions had to be done via FPX on the ASSIST portal or physically over the counter at Perkeso branches nationwide.

FRED HUTCHINSON CANCER CENTER
As if battling cancer isn’t hard enough, now patients at UW’s Fred Hutchinson Cancer Center are being extorted.
Last month, the Cancer Center experienced a data breach, exposing data for an unknown number of patients.
Some of those patients are getting emails threatening to leak their personal information if they don’t pay up. Eight hundred thousand patients whose “names, SSN, addresses, phone numbers, medical history, lab results, and insurance history” are compromised.

COREWELL HEALTH
A national data security breach at a company hired by Corewell Health has impacted the health information of roughly 1 million patients in southeast Michigan, in addition to 2,500 Priority Health members, according to a statement from the health system earlier this month.
The security breach happened in May when an unauthorized actor gained access to data kept by Welltok, a company hired by Corewell Health to provide patient communication services in southeast Michigan. Welltok also provides a health lifestyle portal for Priority Health, Corewell's health insurance plan.

DOLLAR TREE
Discount store chain Dollar Tree was impacted by a third-party data breach affecting 1,977,486 people after the hack of service provider Zeroed-In Technologies.
Dollar Tree is a discount retail company that operates the Dollar Tree and Family Dollar stores in 23,000 locations in the United States and Canada. 
According to a data breach notification shared with the Maine Attorney General, Dollar Tree's service provider, Zeroed-In, suffered a security incident between August 7 and 8, 2023.

SOUTHWESTERN ONTARIO HOSPITALS
A group of southwestern Ontario hospitals is facing a potential $480-million class action lawsuit after at least 270,000 patients in the region had their data breached and reportedly sold by hackers on the dark web.
The breach, first detected on Oct. 23, targeted Bluewater Health, Chatham-Kent Health Alliance, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, Windsor Regional Hospital, and TransForm Shared Service Organization, which operates technology systems for the hospitals.
The lawsuit was launched by a patient of Bluewater Health but is being filed on behalf of all Ontario residents who were or are patients of any of the five hospitals..

BLUE SHEILD OF CALIFORNIA
An unknown number of Blue Shield of California members may have had their personal data, including Social Security numbers, birth dates and treatment information, stolen during a cybersecurity breach this spring.
The healthcare insurance provider said the attack targeted the files of one of its contracted vendors, which manages vision benefits for many of Blue Shield’s customers.

STAPLES
Earlier this week, Staples, Inc. confirmed that it was the recent victim of a cyberattack, requiring the company to shut down portions of its computer network. While Staples is still in the process of bringing its systems back online, it expects normal operations will resume shortly, at which point the company will then investigate whether any employee or customer data was affected. If Staples determines that sensitive information was leaked as a result of the incident, it will send out data breach notification letters to all individuals whose information was affected by the recent data security incident.

23 AND ME 
In a Friday SEC filing providing an update on its investigation of a recent security incident (that it will not call a breach, based on justifications that remain unclear), 23andMe says a bad actor was able to access 0.1 percent of the company’s accounts through credential stuffing. According to TechCrunch’s estimates, that 0.1 percent figure translates to around 14,000 accounts. However, those accounts were used to access a “significant number of files containing profile information about other users’ ancestry” that users share when opting in to its DNA Relatives feature. How many is “significant”? 23andMe didn’t say.

NATIONAL CREDIT UNION ADMINISTRATION (NCUA)
National Credit Union Administration (NCUA) spokesperson Joseph Adamoli said the ransomware attack targeted the cloud services provider Ongoing Operations, a company owned by credit union technology firm Trellance.
Adamoli said the NCUA, which regulates credit unions at the federal level, received incident reports indicating that several credit unions were sent a message from Ongoing Operations saying the company was hit with ransomware on November 26.