CYBER SECURITY NEWS – WEEK OF AUGUST 21, 2023
Norfolk and Suffolk police: Victims and witnesses hit by data breach
- A total of 1,230 people, including victims of crime and witnesses, have had their data breached by Norfolk and Suffolk police forces.
- The constabularies said the personal information was included in Freedom of Information (FOI) responses due to a “technical issue”.
- The data included personal identifiable information on victims, witnesses and suspects relating to a range of offences including sexual offences, domestic incidents, assaults, hate crime and thefts, the forces said.
Brighthouse Financial says some policyholders’ data were stolen
- Brighthouse Financial said some of its policyholders’ personal data, including Social Security numbers and zip codes, were compromised in a cybersecurity incident at a third-party vendor.
- Brighthouse Financial said Genworth Life Insurance, which administers a block of long-term-care insurance policies for Brighthouse Life Insurance, notified Brighthouse in June of a security incident at Genworth’s third-party vendor, PBI Research Services.
- Affected policyholders’ names, Social Security numbers, birthdays, zip codes, states of residence and policy numbers were stolen, the company said. Brighthouse said it is notifying affected policyholders by mail.
Illinois hospital notifies patients, employees of data breach after Royal gang posting
- About 250,000 people potentially had their personal information exposed in a data breach in early April, an Illinois hospital disclosed.
- Morris Hospital & Healthcare Centers, located about 60 miles southwest of Chicago, said it discovered the incident on April 4 and “immediately took steps” to respond.
- In a separate filing on Maine’s data breach notification site, the hospital said 248,943 people were potentially affected overall.
- In late May, reports said the Royal ransomware gang had posted data from the organization on its leak site. As of May 23, the hospital had said it was still investigating the incident.
Finance Department sent every employee their colleagues’ personal info
- The city’s tax collection agency accidentally shared the home addresses, cell phone numbers and personal email addresses of more than 1,700 workers with all those employees.
- Everbridge spokesperson Jeff Young said there was no compromise of the firm’s platform and that the problems hadn’t been the result of a system error.
- The incident follows at least two larger data breaches at the Department of Education, most recently in June when data concerning 45,000 students, including 9,000 social security numbers, were accessed as part of a global hack, according to Chalkbeat NY.
Suburban DC school district responds to cyberattack
- The district is the second-largest in Maryland and serves more than 130,000 students in the Washington, D.C., suburbs. Officials did not respond to requests for comment.
- District leaders initially said they were working to address a “broad network outage” that knocked out email and other services. On Monday night, the district released a statement saying 4,500 of the system’s 180,000 accounts were “impacted.”
- The statement does not explain whether “impacted” means the accounts were simply accessed or if they had sensitive data stolen from them. The affected accounts primarily belonged to staff members, the statement said.
- “The school system is still assessing the full scope of this incident, but as of this time, the main business and student information systems — Oracle and SchoolMAX — do not appear to be impacted,” officials said.
German Police warn of increased foreign cybercrime threat
- In a report published on Wednesday, the Federal Criminal Police Office of Germany, or BKA, said the country had recorded 136,865 cases of cybercrime in 2022, resulting in an estimated loss of 203 billion euros.
- While domestic cybercrime decreased by 6.5% in comparison to 2021, the agency said crimes committed by foreign actors increased by 8%.
- The BKA attributed the surge in attacks to the geopolitical fallout from Russia’s February 2022 invasion of Ukraine, which resulted in many Russia-based cybercrime groups taking up politically motivated attacks against European allies of Ukraine, including Germany.