Mage Data strengthens its data security posture with the ISO 27001 certification. READ MORE >


Integris Health says data breach impacts 2.4 million patients

  • Integris Health, Oklahoma’s largest not-for-profit healthcare network, reported that the data breach it suffered last November exposed personal information belonging to almost 2.4 million people.
  • Integris published a notification last week that the incident impacted patient data, which included Full Name, Date of Birth, Contact Information, Demographic Information and Social Security Number (SSN).
  • Patients received extortion mails informing that their sensitive personal information would be sold to other cybercriminals unless Integris Health met the attacker’s demands. The threat actors said that they are selling the data for 2.3 million Integris patients on a dark web marketplace.



Bank of America warns customers of data breach after vendor hack

  • Bank of America is warning customers of a data breach exposing their personal information after Infosys McCamish Systems (IMS), one of its service providers, was hacked last year.
  • Customer personally identifiable information (PII) exposed in the security breach includes the affected individuals’ names, addresses, social security numbers, dates of birth, and financial information, including account and credit card numbers
  • While Bank of America has yet to disclose how many customers were impacted by the data breach, an IMS breach notification letter filed on behalf of Bank of America revealed that a total of 57,028 people were directly impacted.



US military notifies 20,000 of data breach after cloud email leak

  • The U.S. Department of Defense is notifying tens of thousands of individuals that their personal information was exposed in an email data spill last year.
  • According to the breach notification letter sent out to affected individuals on February 1, the Defense Intelligence Agency said “numerous email messages were inadvertently exposed to the Internet by a service provider,” between February 3 and February 20, 2023.
  • The breach disclosure letter relates to an unsecured US government cloud mail server that was spilling sensitive emails to the open internet. The DOD is sending breach notification letters to around 20,600 individuals whose information was affected.



Hackers Leak Alleged Partial Facebook Marketplace Database

  • The infamous threat actor known as IntelBroker has claimed responsibility for leaking a partial database of the Facebook Marketplace. The database was made public on Sunday, February 11, 2024.
  • IntelBroker disclosed that the hack targeted a contractor responsible for managing cloud services for Facebook. The breach resulted in the theft of approximately 200,000 entries from the user database, compromising sensitive personal information.
  • The compromised data includes full names, Facebook IDs, phone numbers, physical IDs, and Facebook profile settings of the affected users. There are also 24,127 email addresses involved in the leak.



Massive Cloud Database Leak Exposes 380 Million Records

  • A cybersecurity researcher uncovered a cloud database leak allegedly belonging to the global network service provider Zenlayer, left unprotected and misconfigured. It contained 380 million records containing sensitive data totaling 57.46 GB in size.
  • Within this database, numerous servers, error, and monitoring logs were found documenting both internal operations and customer activities.
  • The server also contained logging records for various applications, dashboards, vendors, notifications, and security. The exposed customer data included names and emails of authorized individuals.



ALPHV ransomware claims loanDepot, Prudential Financial breaches

  • The ALPHV/Blackcat ransomware gang has claimed responsibility for the recent network breaches of Fortune 500 company Prudential Financial and mortgage lender loanDepot.
  • loanDepot revealed on January 22 that at least 16.6 million people had their personal information stolen in the ransomware attack they confirmed on January 8, two days after disclosing it as a “cyber incident” on January 6. Prudential Financial also revealed that a suspected cybercrime group breached its network on February 4 and stole employee and contractor data.
  • loanDepot it would notify those impacted by the data breach and provide them with free credit monitoring and identity protection services.