WEEK OF JULY 04, 2022
Hackers claim theft of police info in China’s largest data leak
- Unknown hackers claimed to have stolen data on as many as a billion Chinese residents after breaching a Shanghai police database, in what industry experts are calling the largest cybersecurity breach in the country’s history.
- The person or group claiming the attack has offered to sell more than 23 terabytes of stolen data from the database, including names, addresses, birthplaces, national IDs, phone numbers and criminal case information, according to an anonymous post on an online cybercrime forum last week.
- The unidentified hacker was asking for 10 bitcoin, worth around $200,000.
- Shanghai authorities have not publicly responded to the purported hack. Representatives for the city’s police and Cyberspace Administration of China, the country’s internet overseer, did not immediately respond to faxed requests for comment.
MCG Health faces lawsuit over data breach impacting 1.1 million individuals
- Patient care guidelines provider MCG Health faces a proposed class lawsuit over the compromise of patient information during a March 2022 data breach.
- “MCG determined on March 25, 2022 that an unauthorized party previously obtained certain of your personal information that matched data stored on MCG’s systems,” reads the notification letter – a sample of which was submitted to the Office of the Maine Attorney General.
- Potentially impacted information, the company says, includes names, dates of birth, gender, addresses, Social Security numbers, email addresses, phone numbers, and medical codes.
- “Upon learning of this issue, we took steps to understand its nature and scope. We have deployed additional monitoring tools and will continue to enhance the security of our systems,” MCG Health said.
California takes down firearms dashboard after gun-owner data are leaked
- Names, ages and addresses of permit holders were able to be downloaded from website intended to provide data on topics such as gun-violence restraining orders.
- Among the information that could be downloaded were the names, ages, and addresses of gun permit holders, the attorney general’s office said in a statement Tuesday.
- It didn’t disclose how many people may have been affected.
Wegmans’ $400,000 fine for exposed customer data should leave all retailers on high alert
- Retail chains operate on thin margins with very tight IT and security budgets, so news on Thursday that Wegmans agreed to pay the state of New York $400,000 and upgrade its cybersecurity operations for a cloud misconfiguration was hardly a shocker to security industry insiders.
- According to reports, the breach was identified by an unnamed third-party security researcher in April 2021, who reported that the personal data of more than 3 million Wegmans customers nationwide was exposed.
- Customer names, email addresses, mailing addresses, Shoppers Club numbers, and usernames and passwords for Wegmans.com accounts were stored in an unsecured cloud storage container and openly exposed as far back as January 2018.
Apparent cyberattack disrupts unemployment benefits in multiple states
- An apparent cyberattack this week on Florida-based IT provider Geographic Solutions has disrupted unemployment and workforce benefits for thousands of people in multiple states and Washington, DC.
- Unemployment payments are delayed for people in Tennessee, where about 12,000 people rely on the program, and in Nebraska, according to statements from state labor departments.
- In Washington, the outage has prevented residents from filing new paid family leave claims and conducting job searches using a tool provided by Geographic Solutions.
- In a statement, Geographic Solutions described “anomalous activity” on its computer network but did not specify the cause; the Nebraska Department of Labor called it a “cyberattack.”
TikTok seeks to reassure lawmakers on U.S. data security
- TikTok said as it continues to work on data issues it expects “to delete U.S. users protected data from our own systems and fully pivot to Oracle cloud servers located in the U.S.”
- A TikTok spokesperson confirmed the company sent a response to the senators’ letter. “We look forward to connecting with Members of congress to discuss the substance of our letter,” the spokesperson said in a statement to Reuters.
- The letter comes nearly two years after a U.S. national security panel ordered parent company ByteDance to divest TikTok because of fears that U.S. user data could be passed on to China’s communist government.