WEEK OF DECEMBER 27, 2021
Escalation in healthcare data breaches
- The number of healthcare data breaches reported in the United States has increased for the third month in a row.
- Records kept by the Department of Health and Human Services’ Office for Civil Rights (OCR) indicate that the total number of reported data breaches impacting the US health sector in 2021 is likely to be higher than the total reported in any previous year.
- In November, the OCR received reports of 68 data breaches exposing 500 or more health records. This number was 15.25% higher than the 59 breaches reported in October.
- While the number of individual data breaches has been increasing in recent months, the total number of records impacted by data breaches has diminished from October to November.
Fantom DeFi project Grim Finance suffers $30M hack
- An unknown hacker has stolen $30 million from the Fantom-based DeFi project Grim Finance.
- The hacker exploited a reentrancy bug in the project’s smart contracts.
- Following the attack, Grim Finance’s total value locked has tumbled from $98.9 million to $4.2 million, while its native token GRIM is down 70%.
- Following the hack, the Grim Finance team announced that it had paused its vaults and notified Circle, Maker, and AnySwap to “potentially freeze” further transfers.
Belgian defense ministry hacked by attackers exploiting Apache vulnerability
- They confirmed that the attack took place due to the exploitation of the log4j vulnerability.
- A spokesperson for the ministry told Belgian newspaper De Standaard on Monday that the ministry had “discovered an attack on its computer network with internet access” last week and that the organization had taken steps to quarantine the impacted network areas.
- The ministry posted on Facebook on Monday that “due to technical issues, we are unable to process your requests via mil.be or answer your queries via Facebook. We are working on a resolution and we thank you for your understanding.”
- Cybersecurity professionals around the world are scrambling to patch the log4j vulnerability before it can be exploited.
Privacy body starts probe into BDO hacking incident
- BDO said clients should also adjust their privacy settings and choose those who can see their information and posts.
- The probe started last December 11 and would also touch on the Sy-led bank’s decade-old system — which is set to be replaced next year — to see if it was equipped with necessary defenses against cybercrimes, Privacy Commissioner John Henry Naga said in a statement.
- But more importantly, Naga said the investigation would zero in on any violations of the Data Privacy Act. The online fraud — which happened amid the Christmas shopping season — affected close to 700 clients of BDO.
- The Philippines’ largest bank in total asset terms is now processing the reimbursements of compromised accounts.
Ubisoft reveals player data breach came from user error
- Data stolen related to players of the wildly popular Just Dance game.
- The French gaming giant explained in a brief post that the misconfiguration of its IT infrastructure was quickly identified, but not before unauthorized individuals were able to access and perform a “possible copy” of the information.
- Ubisoft claimed all affected players would be contacted via email shortly and would be able to follow up with any queries by getting in touch with the firm’s support team.
UK police data leaked by Cl0p ransomware group
- The stolen data may include the personal information and records of up to 13 million UK residents
- Following a ransomware attack on a British IT company in October, confidential data belonging to the UK police was leaked on Sunday by the Cl0p ransomware gang, The Daily Mail reports.
- It appears that the data was posted on the ransomware operator’s leak site after the victim, Dacoll, refused to pay an undisclosed amount in ransom to the attackers.
- Cl0p seems to have gained access to Dacoll systems via a phishing attack and exfiltrated the data, which includes PNC information, in October.