CYBER SECURITY NEWS – WEEK OF APRIL 1, 2024
Harvard Pilgrim health network updates data breach total to nearly 2.9 million
- Harvard Pilgrim Health Care recently updated the total number of individuals affected by a ransomware attack to nearly 2.9 million, which is larger than initially reported.
- The company’s systems were affected by the ransomware attack, which was executed by an unidentified gang.
- The breach involved personal data and protected health information of current and former subscribers, dependents, and contracted providers.
Trove of UK Student Records Exposed in School Software Server Leak
- Cybersecurity researcher Jeremiah Fowler discovered this breach, which impacted hundreds of thousands of students in the UK.
- The exposed server contained nearly a million records, including around 214,000 unique images of children, along with sensitive information like student names, enrolled subjects, academic achievements, and indications of learning disabilities.
Retail chain Hot Topic hit by new credential stuffing attacks
- American retailer Hot Topic disclosed that two waves of credential stuffing attacks in November exposed affected customers’ personal information and partial payment data.
- The cybercriminals targeted Hot Topic Rewards accounts using valid credentials obtained from an unknown third-party source.
- The compromised information included names, email addresses, order histories, phone numbers, birth dates, and mailing addresses.
UnitedHealth Admits Patient Data Was ‘Taken’ in Mega Attack
- UnitedHealth Group has confirmed that data was “taken” in a cyberattack on its Change Healthcare unit.
- The company is analyzing the types of sensitive personal, financial, and health information that may have been compromised.
- Additionally, the U.S. Department of State is offering a reward of up to $10 million for information leading to the identification or location of the ransomware-as-a-service group BlackCat/Alphv, which claimed responsibility for the attack.
Discount retailer Giant Tiger says customer data was compromised in third-party breach
- Discount retailer Giant Tiger experienced a data breach where customer data was compromised due to a third-party breach.
- The breach involved contact information of customers, including names, email addresses, phone numbers, and addresses for some.
- Giant Tiger took immediate action upon discovering the incident, contacting affected customers and advising caution regarding suspicious emails and calls.
Vans claims cyber crooks didn’t run off with its customers’ financial info
- The Register reports that VF Corporation, the parent company of Vans and North Face, disclosed a security breach that impacted approximately 35.5 million customers.
- The breach involved unauthorized access to personal information such as names, addresses, emails, and phone numbers, but VF Corporation assured customers that no financial details like credit card or bank account information were compromised.
- While there is no evidence of the stolen personal information being used for malicious purposes, the company warned of potential risks like identity theft, phishing, and fraud.
INC Ransom claims responsibility for attack on NHS Scotland
- The INC Ransom group has claimed responsibility for the assault on ‘NHS Scotland’, saying it stole 3TB worth of data while leaking a small number of sensitive files.
- The attack targeted NHS Dumfries and Galloway, a regional health board within NHS Scotland.
- The cybercriminals leaked sensitive documents and patient information, including medical assessments and psychological reports.