CYBER SECURITY NEWS – WEEK OF JULY 17, 2023
HCA Healthcare says data breach ‘appears to be a theft’
- The health system says the patient data, which was posted online, includes names, phone numbers and appointment information, but not clinical or payment info.
- According to the for-profit health system, with 180 hospitals and 2,300 ambulatory clinics across 20 U.S. states and the United Kingdom, the data security incident involved data such as patient name and address information (city, state, ZIP code), as well as emails, telephone numbers, dates of birth and gender. Additionally, some of the data posted included medical appointment dates and locations, according to HCA.
- But the health system said the breached data does not include clinical information (information on treatment, diagnosis or condition), payment information (credit card or account numbers) or other sensitive information, such as passwords, driver’s license or social security numbers.
China-based hackers breach email accounts at State Department
- Microsoft said a known group that primarily focuses on hacking Western governments to spy on them had breached some accounts.
- Hackers based in China recently broke into email accounts of at least two major U.S. government agencies, Microsoft and U.S. officials said.
- Microsoft said approximately 25 organization were part of the hack. The other organizations that were breached have not been identified.
Colorado State University says data breach impacts students, staff
- Colorado State University (CSU) has confirmed that the Clop ransomware operation stole sensitive personal information of current and former students and employees during the recent MOVEit Transfer data-theft attacks.
- The University informed its students and staff on July 12th, 2023, that the threat actors have gained access to the personal data of staff and students through these attacks.
- Although the actual extent and impact of the data breach are still being evaluated, CSU has provided the following statement on a webpage dedicated to the cyber incident.
- The University says that the stolen data is from as far back as 2021, possibly earlier, meaning that graduates may have been impacted.
3 tax prep firms shared ‘Extraordinarily Sensitive’ data about taxpayers with Meta, lawmakers say
- A group of congressional Democrats reported that three large tax preparation firms sent “extraordinarily sensitive” information on tens of millions of taxpayers to Facebook parent company Meta over the course of at least two years.
- They say some of that data was then used by Meta to create targeted advertising to its own users, other companies, and to train Meta’s algorithms.
- The Democrats’ report urges federal agencies to investigate and potentially go to court over the wealth of information that H&R Block, TaxAct and TaxSlayer shared with the social media giant.
- In a letter to the heads of the IRS, the Department of Justice, the Federal Trade Commission and the IRS watchdog, seven lawmakers say their findings “reveal a shocking breach of taxpayer privacy by tax prep companies and by Big Tech firms.”
Norwegian Refugee Council hit by cyberattack
- The Norwegian Refugee Council (NRC) announced that it recently discovered a cyberattack targeting an online database that stores the personal information of project participants.
- The NRC said it immediately suspended the database to protect the data and prevent further attacks. They also launched an external forensic investigation to determine the scope and impact of the cyberattack.
- The agency didn’t provide details about the method of attack or who carried it out. The NRC didn’t immediately respond to a request for comment.
Deutsche Bank confirms provider breach exposed customer data
- Deutsche Bank AG has confirmed to BleepingComputer that a data breach on one of its service providers has exposed its customers’ data in a likely MOVEit Transfer data-theft attack.
- “We have been notified of a security incident at one of our external service providers, which operates our account switching service in Germany,” a spokesperson told BleepingComputer.
- “In addition to our service provider, we understand that more than 100 companies in more than 40 countries are potentially affected,” reads the statement, hinting that the incident is related to Clop ransomware’s wave of MOVEit attacks.
- “Deutsche Bank’s systems were not affected by the incident at our service provider at any time,” assured the banking giant.