CYBER SECURITY NEWS – WEEK OF APRIL 22, 2024
Ransomware gang starts leaking alleged stolen Change Healthcare data
- The RansomHub extortion gang has started leaking what they claim is stolen corporate and patient data from United Health subsidiary Change Healthcare.
- The cyberattack on Change Healthcare occurred in February and caused significant disruption to the US healthcare system, preventing pharmacies and doctors from billing or sending claims to insurance companies.
- The attack was linked to the BlackCat/ALPHV ransomware operation, who stole 6 TB of data during the attack.
Threat actor leaks info of 2.8 million Giant Tiger shoppers online
- A threat actor operating on the underground forum called BreachForums has recently leaked the personal information of 2.8 million Giant Tiger shoppers.
- The leaked data includes unique email addresses, names, phone numbers, physical addresses, and website activity.
- The data breach occurred in March 2024, and the stolen information is available for download on the forum for eight forum credits, which are easily obtained by forum members. The data set has been leaked for free, but members need to unlock the download link by spending the credits.
- The company has sent notices to all relevant customers informing them of the situation. The leaked data may not seem high value, but threat actors can do a lot of harm with contact details by targeting individuals with phishing emails, texts, or phone calls and tricking them into divulging sensitive information such as passwords and credit card numbers.
Patients Sue Ernest Health After Data Breach of 94,747 Exposed
- Ernest Health, a US-based healthcare system, faces lawsuits after a cyberattack compromised the data of around 94,747 patients.
- The breach, which occurred from January 16 to February 4, 2024, involved unauthorized access to Ernest Health’s networks.
The LockBit ransomware group claimed responsibility and threatened to release stolen information, including patient names, contact details, health data, and Social Security numbers.
The healthcare provider filed a notice of data breach with the Attorney General of Massachusetts, and patients were notified about the breach to ensure transparency.
UNDP Hit by Cyberattack: HR and Procurement Data Breached
- The United Nations Development Programme (UNDP) that resulted in the breach of human resources and procurement data.
- The UNDP received a threat intelligence notification in late March 2024, indicating that a data-extortion actor had breached its systems and stolen sensitive information.
- The organization responded swiftly, initiating measures to identify the source of the breach and notifying those affected.
Alleged Luxor Data Breach: Sensitive Information from Indian Stationery Giant Leaked
- The alleged Luxor data breach involves Luxor International Private Limited, a prominent Indian manufacturer of stationery products.
- The breach was first detected on April 19, 2024, when postmaster, operating within the nuovo BreachForums, disclosed the leak of a database purportedly belonging to Luxor.
- The leaked data comprises 692 MB of SQL data, encompassing a trove of sensitive information, including first names, middle names, last names, dates of birth, hashed passwords, billing and shipping details, tax information, and more.
- The breach included information about individuals registered on the Luxor’s website, implying that the leaked data could be authentic.
Victorian Councils Hit by OracleCMS Breach: Multiple Australian Cities Report Data Exposure
- The Australian publication Cyber Daily reported a major data breach involving OracleCMS, a localized provider of customer care solutions and call center services based in Australia.
- OracleCMS confirmed the breach, stating that the compromised data may include corporate information, contract details, invoices, and triage process workflows.
- The breach has affected various government entities, including the Campbelltown Council, Tweed Shire Council, Dandenong City Council, and several law firms, a real estate agent giant, and the Queensland branch of the Philadelphia Church of God
Alleged Cyberattack on Bureau van Dijk: US Consumer Data Compromised
- The threat actor USDoD, previously known for attacks against U.S. infrastructure and Airbus, has claimed Bureau van Dijk as its latest victim in a cyberattack.
- Bureau van Dijk, a business intelligence firm owned by Moody’s Analytics, offers consumer and private company intelligence products focused on sales, marketing, and customer support.
- The attack involved the theft of sensitive data, including a US consumer database with information like names, emails, phone numbers, job titles, and addresses.