Mage Data strengthens its data security posture with the ISO 27001 certification. READ MORE >

About

Team

Partners

Data Privacy

Cross-Border Data Sharing

Data Security

Test Data Management

Database Security

Secure Digital Transformation

Overview

Sensitive Data Discovery

Static Data Masking

Dynamic Data Masking

Privacy Enhancing Technologies

Database Activity Monitoring

Data Subject Access Rights Automation

Datasheets

In the News

Business Use Cases

Whitepapers

Secure FactTM

Guides & E-Books

Blogs

Success Stories

Webinars

FAQ




CYBER SECURITY NEWS – WEEK OF APRIL 22, 2024


Ransomware gang starts leaking alleged stolen Change Healthcare data

  • The RansomHub extortion gang has started leaking what they claim is stolen corporate and patient data from United Health subsidiary Change Healthcare.
  • The cyberattack on Change Healthcare occurred in February and caused significant disruption to the US healthcare system, preventing pharmacies and doctors from billing or sending claims to insurance companies.
  • The attack was linked to the BlackCat/ALPHV ransomware operation, who stole 6 TB of data during the attack.

*Source

Threat actor leaks info of 2.8 million Giant Tiger shoppers online

  • A threat actor operating on the underground forum called BreachForums has recently leaked the personal information of 2.8 million Giant Tiger shoppers.
  • The leaked data includes unique email addresses, names, phone numbers, physical addresses, and website activity.
  • The data breach occurred in March 2024, and the stolen information is available for download on the forum for eight forum credits, which are easily obtained by forum members. The data set has been leaked for free, but members need to unlock the download link by spending the credits.
  • The company has sent notices to all relevant customers informing them of the situation. The leaked data may not seem high value, but threat actors can do a lot of harm with contact details by targeting individuals with phishing emails, texts, or phone calls and tricking them into divulging sensitive information such as passwords and credit card numbers.

*Source

Patients Sue Ernest Health After Data Breach of 94,747 Exposed

  • Ernest Health, a US-based healthcare system, faces lawsuits after a cyberattack compromised the data of around 94,747 patients.
  • The breach, which occurred from January 16 to February 4, 2024, involved unauthorized access to Ernest Health’s networks.
    The LockBit ransomware group claimed responsibility and threatened to release stolen information, including patient names, contact details, health data, and Social Security numbers.
    The healthcare provider filed a notice of data breach with the Attorney General of Massachusetts, and patients were notified about the breach to ensure transparency.

*Source

UNDP Hit by Cyberattack: HR and Procurement Data Breached

  • The United Nations Development Programme (UNDP) that resulted in the breach of human resources and procurement data.
  • The UNDP received a threat intelligence notification in late March 2024, indicating that a data-extortion actor had breached its systems and stolen sensitive information.
  • The organization responded swiftly, initiating measures to identify the source of the breach and notifying those affected.

*Source

Alleged Luxor Data Breach: Sensitive Information from Indian Stationery Giant Leaked

  • The alleged Luxor data breach involves Luxor International Private Limited, a prominent Indian manufacturer of stationery products.
  • The breach was first detected on April 19, 2024, when postmaster, operating within the nuovo BreachForums, disclosed the leak of a database purportedly belonging to Luxor.
  • The leaked data comprises 692 MB of SQL data, encompassing a trove of sensitive information, including first names, middle names, last names, dates of birth, hashed passwords, billing and shipping details, tax information, and more.
  • The breach included information about individuals registered on the Luxor’s website, implying that the leaked data could be authentic.

*Source

Victorian Councils Hit by OracleCMS Breach: Multiple Australian Cities Report Data Exposure

  • The Australian publication Cyber Daily reported a major data breach involving OracleCMS, a localized provider of customer care solutions and call center services based in Australia.
  • OracleCMS confirmed the breach, stating that the compromised data may include corporate information, contract details, invoices, and triage process workflows.
  • The breach has affected various government entities, including the Campbelltown Council, Tweed Shire Council, Dandenong City Council, and several law firms, a real estate agent giant, and the Queensland branch of the Philadelphia Church of God

*Source

Alleged Cyberattack on Bureau van Dijk: US Consumer Data Compromised

  • The threat actor USDoD, previously known for attacks against U.S. infrastructure and Airbus, has claimed Bureau van Dijk as its latest victim in a cyberattack.
  • Bureau van Dijk, a business intelligence firm owned by Moody’s Analytics, offers consumer and private company intelligence products focused on sales, marketing, and customer support.
  • The attack involved the theft of sensitive data, including a US consumer database with information like names, emails, phone numbers, job titles, and addresses.

*Source

SECUREFACT ARCHIVE >