CYBER SECURITY NEWS – WEEK OF JANUARY 08, 2024
West Virginia city latest municipality hit with cyberattack
- City officials said they recently discovered issues with their computer network and apologized for any inconveniences.
- “We are working diligently to investigate the source of the incident, confirm the incident’s full scope and impact, and identify whether data may be impacted,” they said.
- They urged anyone with questions to reach out but did not respond to requests for comment about whether the incident involved ransomware or whether the group behind the incident had identified itself.
San Bernardino housing authority cyberattack affected nearly 19,000 people
- The housing authority in California’s San Bernardino County notified nearly 19,000 people this week that their information was compromised in a June cyberattack.
- The organization said names and Social Security numbers were leaked after hackers accessed an employee email account on June 19.
- The organization sent notices to regulators in Maine and California. The 18,689 people affected will get one year of free credit monitoring services.
Orrick, Herrington & Sutcliffe data breach exposes information of over 600000 individuals
- The intrusion into Orrick’s network compromised a file share, revealing personal information and sensitive health data of victims. The affected individuals, numbering 637,620, included 830 residents from Maine.
- The Orrick data leak, classified as an external system breach caused by hacking, occurred on 02/28/2023, with discovery reported on 03/13/2023.
- The stolen data encompassed a vast array of information, including names, dates of birth, addresses, email addresses, and government-issued identification numbers like Social Security, passport, driver’s license, and tax identification numbers.
Data breach at healthcare tech firm impacts 4.5 million patients
- HealthEC LLC, a provider of health management solutions, suffered a data breach that impacts close to 4.5 million individuals who received care through one of the company’s customers.
- On December 22, the firm disclosed that it suffered a data breach between July 14 and 23, 2023, which resulted in unauthorized access to some of its systems.
- The company recommends that “suspicious activity should be promptly reported to relevant parties including an insurance company, health care provider, and/or financial institution.”
Defunct Ambulance Service data breach impacts nearly 1 million people
- The ALPHV ransomware gang claimed responsibility for the attack on Transformative Healthcare in late April 2023 and exported a terabyte of data, including medical and paramedic reports.
- According to the breach notification submitted to the Maine Attorney General, around 911,757 individuals nationwide, including 20,486 Maine residents, have been affected by the attack which occurred on 17 February 2023 and was discovered on 21 April 2023.
- The perpetrator accessed a server containing patient information, which the company claims was stored to “comply with legal obligations.” Fallon Ambulance Services had ceased operations in December 2022. However, in April 2023, Transformative detected suspicious activity within its data storage archive from late February 2023 to late April 2023.
- The company hired third-party cybersecurity specialists for an investigation. Initial probing revealed that files were obtained by an “unauthorized party,” possibly containing personal information and COVID-19 testing information.
Iranian food delivery giant Snappfood cyber attack: 3TB of data stolen
- A hacker or hacker group, identified as “irleaks” (presumably indicating Iran Leaks), publicly disclosed the Snappfood cyber attack on Breach Forums and Telegram over New Year’s Eve.
- The company maintains that customers’ payment data, especially card security codes (CCV), passwords, and expiration dates, remain secure and were not accessed by hackers.
- Snappfood’s social media representative disclosed that Iran’s Cyber Police (FATA) is actively working to identify the breach’s source.