Mage Data strengthens its data security posture with the ISO 27001 certification. READ MORE >




CYBER SECURITY NEWS – WEEK OF AUGUST 05, 2024


HealthEquity says data breach impacts 4.3 million people

  • HealthEquity, a major provider of health savings accounts, has confirmed that a cybersecurity incident has compromised the personal information of approximately 4.3 million individuals.
  • The breach, which occurred on March 9, 2024, was linked to the theft of credentials from a partner organization.
  • The exposed data includes full names, addresses, phone numbers, Social Security numbers, and general dependent information, among other sensitive details.
  • HealthEquity has secured the affected data repository and implemented a global password reset for the compromised vendor account.
  • Affected individuals will receive notifications on August 9, 2024, along with two years of credit monitoring and identity theft protection services.

*Source

 Cencora confirms patient health info stolen in February attack

  • Cencora, a healthcare logistics company, has confirmed that sensitive patient health information was stolen during a cyberattack in February 2024.
  • The breach affected the data of approximately 3.3 million individuals, including names, addresses, dates of birth, Social Security numbers, and health insurance information.
  • The company has stated that it has implemented enhanced security measures and is cooperating with law enforcement and regulatory bodies.
  • Affected individuals are being notified, and Cencora is offering credit monitoring services to help mitigate potential identity theft risks.

*Source

City of Columbus Offers Credit Monitoring to Employees After Massive Cyberattack Hits Government Facilities

  • The city of Columbus, Ohio, recently experienced a ransomware attack that disrupted several municipal services.
  • The attack occurred on July 3, 2024, impacting the city’s information technology systems and services.
  • City officials confirmed the attack but did not provide details on the specific ransomware variant used or the extent of the data breach.
  • The attack affected various city departments, including the Department of Public Service, the Department of Public Utilities, and the Department of Public Safety.
  • Citizens were advised to use alternative methods to access city services, as the attack caused intermittent disruptions

*Source

WSU Data Breach Impact Grows, Sensitive Information Exposed

  • Western Sydney University (WSU) has disclosed a significant data breach involving unauthorized access to its Isilon storage platform, which contained personal information of students, staff, and alumni.
  • Approximately 580 terabytes of data across 83 out of 400 directories in Isilon were accessed between July 2023 and March 2024
  • Compromised data includes names, contact details, dates of birth, health information, sensitive workplace conduct details, government IDs, tax file numbers, superannuation details, and bank account information
  • WSU has engaged digital forensics experts, relevant authorities, and the NSW Supreme Court to investigate the incident and prevent further data misuse
  • The university has implemented security measures like password resets, enhanced monitoring, and additional firewall protection to mitigate the breach
  • Affected individuals will be notified in the coming weeks, and free identity protection services are being offered through IDCARE

*Source

Dark Web Actor Claims ADT Data Breach; Company Aware and Investigating Incident

  • ADT, a major American security firm, has suffered a significant data breach, with a dark web actor claiming responsibility.
  • The threat actor, known as “netnsher,” has publicly announced their involvement and released over 30,812 records, including approximately 30,400 unique email addresses, physical addresses, user IDs, and purchase history of ADT customers.
  • This breach follows a previous incident on July 8, 2024, where another threat actor, “Abu_Al_Sahrif,” disclosed internal ADT documents from 2020 to 2023.
  • It remains unclear if the recent breach by “netnsher” involved data from this earlier leak or was obtained through a different method.
  • ADT has confirmed the incident and stated that it is under investigation.
  • The company is evaluating the full extent of the breach and its implications for affected customer

*Source

McDowall Affleck Confirms ‘Cyber Incident’ After RansomHub Claims Access to 470 GB Data

  • The McDowall Affleck law firm in Australia has been targeted by a cyberattack that resulted in the theft of sensitive client data.
  • The attack was carried out by a group known as “RansomHouse,” which has demanded a ransom for the stolen information.
  • The stolen data includes personal information of clients, such as names, addresses, dates of birth, and financial details.
  • The law firm has confirmed the breach and is working with cybersecurity experts to assess the situation and mitigate any potential damage.
  • McDowall Affleck is also cooperating with law enforcement agencies in their investigation of the incident.
  • The firm has advised affected clients to monitor their accounts for any suspicious activity and has implemented additional security measures to protect their systems

*Source

 

SECUREFACT ARCHIVE >