Tag Archives: data breaches 2023

Top Cyber Attacks and Data Breaches: May 2023 Round Up

May 2023 data breaches

In an era dominated by digital connectivity, the frequency and impact of data breaches continue to escalate, leaving individuals and organizations vulnerable to devastating consequences. From state-sponsored hacking campaigns to opportunistic cybercriminals, the realm of data security is constantly under siege. Recent events have once again thrust data breaches into the spotlight, as major corporations and industry giants grapple with the aftermath of malicious intrusions. In this blog post, I will delve into a series of alarming incidents that have unfolded in May 2023, shedding light on the tactics employed, the extent of compromised information, and the potential ramifications for affected individuals and businesses. Brace yourself for an eye-opening exploration of the evolving threat landscape as we navigate the treacherous waters of data breaches and their far-reaching impact.


  1. On May 24,2023, Microsoft reported that it found targeted malicious activity by Volt Typhoon, a state-sponsored group from China, aiming to access unauthorized credentials and explore critical infrastructure networks in the US. This campaign supposedly  intends to disrupt communication infrastructure between the US and Asia during future crises. Volt Typhoon has been active since mid-2021, primarily targeting critical infrastructure organizations in Guam and other US regions across various sectors. They employ stealth techniques, living-off-the-land methods, and manipulate systems using command line instructions. The threat actor maintains persistent access and attempts to conceal their activities by routing network traffic through compromised SOHO network equipment. 


  1. Sysco, a major U.S. multinational food distribution corporation, recently revealed that approximately 126,243 current and former employees may have had their sensitive data accessed and acquired in a cyberattack that took place in January. According to notification letters sent to affected individuals, Sysco’s systems were initially breached on January 14, but the intrusion was only discovered nearly two months later. The company assured that its operational systems, business functions, and customer services remained unaffected by the breach. While specific details about the data accessed for each individual are yet to be confirmed, Sysco stated that the compromised information may include personal data provided for payroll purposes, such as names, Social Security numbers, account numbers, or similar information. 


  1. On May 26, 2023, Managed Care of North America (MCNA) Dental published a data breach notification on its website, informing approximately 9 million patients that their personal data was compromised. MCNA Dental is one of the largest government-sponsored (Medicaid and CHIP) dental care and oral health insurance providers in the U.S. On March 6, 2023, the insurance provider discovered unauthorized activity in their computer system. They took immediate action to halt the activity and initiated an investigation with the assistance of a specialized team. It was determined that an unauthorized user was able to access and make copies of certain information between February 26, 2023, and March 7, 2023. The potentially compromised information includes contact details such as first and last name, address, date of birth, phone number, and email address. Social Security numbers, driver’s license numbers or other government-issued ID numbers were also accessed. Additionally, health insurance information such as plan details, insurance company information, member numbers, and Medicaid-Medicare ID numbers may have been involved. Specific information related to dental care, including visits, dentist and doctor names, past treatments, x-rays/photos, prescribed medicines, and treatment details, as well as bills and insurance claims, were also potentially exposed. 


  1. NextGen Healthcare, a vendor of cloud-based electronic health records, has been informing over 1 million individuals about a data compromise that involves the unauthorized acquisition of login credentials. This incident marks at least the second alleged data security breach that the company has probed since January. The company explained an unknown third-party gained unauthorized access to a limited set of personal data between March 29, 2023, and April 14, 2023. The accessed information includes names, dates of birth, addresses, and social security numbers. Out of the 198 significant breaches of health data that have been reported on the Department of Health and Human Services’ HIPAA Breach Reporting Tool website in 2023, impacting a total of 17.4 million individuals, it has been disclosed that at least 75 of these incidents affecting 9.8 million individuals were reported to involve business associates. Approximately 38% of the major health data breaches reported on the HIPAA Breach Reporting Tool website in 2023 involved vendors and other business associates. Interestingly, despite accounting for a smaller proportion of breaches, these incidents were responsible for impacting 56% of the individuals affected by breaches in the healthcare sector.


  1. Luxottica, the world’s largest eyewear company known for brands like Ray-Ban, Oakley, and Chanel, has officially confirmed a data breach that occurred in 2021 via BleepingComputer. The breach exposed the personal information of approximately 70 million customers when a database was recently made available for free on hacking forums. Luxottica revealed that one of its partners experienced the breach, involving a security incident that affected a third-party contractor responsible for holding customer data. The exposed data includes sensitive details such as full customer names, email addresses, phone numbers, residential addresses, and dates of birth. Luxottica emphasized that financial information, social security numbers, login credentials, and other critical data that could endanger customer safety were not compromised. The FBI has made an arrest in connection with the incident, resulting in the shutdown of the website where the data was published. 


  1. On May 11, 2023, Brightly informed present and past SchoolDude users that a security incident occurred. SchoolDude is an online platform used by educational institutions for placing and tracking maintenance work orders. Information such as name, email address, account password, phone number, and school district name were potentially breached. 


  1. On May 8, 2023, Dragos, a company specializing in industrial cybersecurity, experienced a failed extortion scheme by a cybercriminal group. The group gained unauthorized access by compromising the personal email of a new sales employee, allowing them to impersonate a Dragos employee and access resources in SharePoint and the contract management system. Although they accessed a report with customer IP addresses, Dragos’ security controls prevented the threat actor from deploying ransomware or making further infrastructure changes. The cybercriminals resorted to extortion attempts, escalating their messages and contacting Dragos executives and known contacts. However, Dragos chose not to engage with the criminals and promptly activated their incident response retainer and involved their third-party MDR provider. The investigation is ongoing, but Dragos has implemented additional verification steps for their onboarding process and emphasizes identity and access management, multi-factor authentication, continuous monitoring, and incident response preparedness.


In other news, in May, it was discovered that Apple banned its employees from using generative AI tools like OpenAI’s ChatGPT and GitHub’s Copilot due to concerns about potential data leaks and disclosure of sensitive information. Apple’s decision is based on the fact that OpenAI stores all user interactions by default, including conversations with ChatGPT, which are used for training and subject to moderation. While OpenAI introduced an option to disable chat history, conversations are retained for 30 days for abuse review before permanent deletion. Apple worries that employees may unintentionally reveal confidential project information within ChatGPT, which could be accessed by OpenAI moderators. Similar restrictions have been implemented by other companies like JP Morgan, Verizon, and Amazon. Despite the ban, OpenAI recently launched an iOS app for ChatGPT, making Apple’s decision notable, considering the app’s availability and future expansion plans. 


As data breaches continue to make headlines, it becomes abundantly clear that the protection of sensitive information is of paramount importance. The incidents highlighted in this blog post serve as a stark reminder that no individual or organization is immune to the persistent and ever-evolving threats posed by cybercriminals. As we move forward, it is imperative for individuals and businesses alike to prioritize robust security measures, including stringent access controls, advanced encryption protocols, and employee education programs. By staying vigilant, proactive, and informed, companies can fortify their defenses and mitigate the risks associated with data breaches. 


Learn More About Findings



March Data Breach Round-Up

findings shares the top breaches that happened in March 2023

As we move forward, it’s becoming increasingly clear that even large corporations aren’t safe from cyber attacks. From Chick-fil-A and Dole Food Company to Acer and Procter & Gamble, the number of companies that have suffered data breaches continues to grow. Today, I’ll delve into some of the latest confirmed data breaches from March, and examine what they could mean for both these businesses and their customers. With personal data security on the line, it’s time to brace yourself for a rollercoaster ride into the realm of cybercrime!


  1. Attention all Chick-fil-A lovers! Unfortunately, Chick-fil-A has sent a notice to customers about a data security incident that may have involved their personal information. The company has taken measures to prevent unauthorized activity and engaged a national forensics firm to investigate the issue. Based on their investigation, it was discovered that unauthorized parties launched an automated attack against Chick-fil-A’s website and mobile application between December 18, 2022, and February 12, 2023, using account credentials obtained from a third-party source. The information that may have been involved includes name, email address, Chick-fil-A One membership number, mobile pay number, QR code, masked credit/debit card number, and the amount of Chick-fil-A credit on the account, as well as the month and day of the birthday, phone number, and address if saved to the account. Unauthorized parties were only able to view the last four digits of the payment card number. Chick-fil-A recommends affected customers change their password immediately and choose a strong, unique password. 


  1. While we all love fresh produce, it’s important to remember that cybersecurity is vital to ensuring that we can continue to enjoy our favorite fruits and veggies. Fresh produce provider, Dole Food Company, has confirmed that employee information was accessed by threat actors during a February ransomware attack. The number of employees affected was not disclosed, but Dole employs approximately 38,000 people worldwide. The company said the attack was sophisticated, but limited in impact on operations. However, Dole was forced to shut down production plants across North America and was unable to fulfill orders for a week, leading to complaints from customers. In response to the attack, Dole engaged cybersecurity experts and notified law enforcement. The incident has been disclosed in an annual report filed with the US Securities and Exchange Commission. The company very nicely explained the damage that a cyber attack can cause a company. In the report they write, “our information technology networks and systems, some of which rely on third-party service providers, may be vulnerable to service disruptions or system failures due to causes including intentional hacking, security breaches, intrusions, malware, denial of service attacks, phishing, or other cybersecurity attacks, as well as natural disasters, catastrophic events, power outages, or human error or malfeasance. If we are unable to prevent or adequately respond to and resolve these disruptions or failures, our operations may be impacted and any unauthorized access to, or acquisition of, customer, employee, or other confidential information could result in adverse consequences such as reputational damage, premature termination or reduction of existing contracts, reduction of operating revenue, remediation costs, ransomware payments, litigation, and/or penalties under various laws and regulations. Our customers could also refuse to continue to do business with us and prematurely terminate or reduce existing contracts, resulting in a significant reduction of our operating revenue.” This further shows that everyone in the supply chain is ultimately affected by cyber attacks. 


  1. The FBI just put the cuffs on the supposed mastermind behind a notorious cybercriminal hub that boasted stolen data from Congress members and countless other individuals. The founder of the BreachForums website, Conor Brian Fitzpatrick, has been arrested and charged with operating a hacking forum and marketplace for cybercriminals. Fitzpatrick, 20, allegedly created BreachForums in March 2022 to buy, sell and trade hacked or stolen data and other contraband, including personally identifying information, bank account details, and social security numbers. According to reports, Fitzpatrick is believed to have played a role as a mediator or intermediary for unlawful deals and personally offered access to legitimate breached databases using a credit-based system run by the online platform. The site’s various sections included “Cracking,” “Leaks,” and “Tutorials.” The FBI and the Department of Health and Human Services Office of Inspector General have conducted a disruption operation that caused BreachForums to go offline. Fitzpatrick’s alleged victims included millions of U.S. citizens and hundreds of U.S. and foreign companies, organizations, and government agencies. Deputy Attorney General Lisa O. Monaco has announced another successful crackdown on the cybercrime underworld, stating that the BreachForums platform – much like its predecessor RaidForums – facilitated the trade of stolen data between hackers and willing buyers. She warns all those involved in shady dealings on the dark web that they should take note: Law enforcement agencies are determined to dismantle these illicit forums and prosecute their administrators in U.S. courts. So if you’re operating in the shadows, you better watch out!


  1. On March 20th, Ferrari confirmed that Ferrari S.p.A., its wholly-owned Italian subsidiary, was recently contacted by a threat actor with a ransom demand related to certain client contact details. Twitter user Troy Hunt shared the breach letter sent to customers. Ferrari writes, “we regret to inform you of a cyber incident at Ferrari, where a threat actor was able to access a limited number of systems in our IT environment.” While the company explains that no no payment information or details of Ferrari cars owned or ordered had been stolen, hackers still accessed customers’ names, addresses, email addresses and telephone numbers. Let’s keep on dreaming about our favorite Italian sports cars and hope that Ferrari’s cybersecurity measures are strengthened to prevent any future incidents.


  1. After suffering at least two other hacking incidents in 2021, Acer, a Taiwanese electronics and computer manufacturer, has allegedly fallen victim to a ransomware attack, and the ransomware group, REvil, is claiming responsibility. The cybercriminals are demanding a staggering $50 million, the highest ransom on record to date. Acer is well-known for its laptops, desktops, and monitors, and employs around 7,000 people worldwide. The investigation is still ongoing, however Acer did confirm it suffered a breach. “We have recently detected an incident of unauthorized access to one of our document servers for repair technicians. While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server,” the company told PCMag in a statement. In another statement made to BleepingComputer, the company explained, “Acer routinely monitors its IT systems, and most cyberattacks are well defensed. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries. We have been continuously enhancing our cybersecurity infrastructure to protect business continuity and our information integrity.” It’s extremely important that companies continue to stay up to date with cybersecurity regulations and best practices.  


  1. Oh boy, it seems like GoAnywhere just can’t catch a break! This supposedly secure web file transfer solution has been at the center of a string of breaches, and the hits just keep on coming. Let’s take a closer look, shall we?


In early February, Fortra – a company that offers GoAnywhere as a secure managed file transfer (MFT) product – announced that it had identified a zero-day vulnerability in the system. This vulnerability could allow attackers to remotely execute code on vulnerable systems, and it was actively being exploited. The news was first reported by journalist Brian Krebs, and it set off a chain reaction of breaches affecting multiple companies.


One of the latest victims to come forward is Procter & Gamble, a consumer goods company that confirmed it was impacted by the GoAnywhere incident. The company’s GoAnywhere MFT platform was compromised, and an unauthorized third party was able to obtain some information about P&G employees. Fortunately, financial and social security information was not accessed, but some data was stolen. It’s believed that the Clop ransomware gang may be behind the attack, as they previously claimed to have stolen files from over 130 organizations.


And now, Crown Resorts – Australia’s largest gambling and entertainment company – has also fallen victim to the GoAnywhere breaches. Their secure file-sharing server was breached using a zero-day vulnerability, and a ransomware group has claimed to have illegally obtained a limited number of Crown files. Crown Resorts is just the latest in a long list of victims, including CHS, Hatch Bank, Rubrik, the City of Toronto, Hitachi Energy and Saks Fifth Avenue.


It’s safe to say that the GoAnywhere breaches have had a huge impact on multiple industries, and it’s important for companies to take extra precautions when it comes to data security. Stay vigilant, folks!



In recent years, cybercrime has affected not only small businesses but also large corporations. This blog post examined several data breaches that occurred in March 2023, including those affecting Chick-fil-A, Dole Food Company, Ferrari, and Acer. These breaches have impacted the personal information of customers and employees, leading to potential risks such as identity theft and fraud. With these incidents in mind, it is crucial for individuals and companies to prioritize cybersecurity measures and remain vigilant against cyber threats. 



SEE HOW FINDINGS CAN HELP YOUR BUSINESS

Supply Chain Risk Monitoring as a Service
Join us today
Supply Chain Risk Monitoring as a Service
Join us today
Waitlist signup

Welcome to Findings

Let's go over some details to setup your tailor-made account


Please fill your details below and click "Next" to create your account:

Payment

Feature
Startup
Business
Enterprise
Price
$10 / Month
$10 / Month
$25 / Month
VDPaaS
Alerts
Assessments
Integrated Apps
API
Join today and scan ALL YOUR VENDORS for FREE*
* FREE VENDOR SCAN for all of your vendors during your first month.
Feature
Startup
Business
Enterprise
Price
$25 / Month
$200 / Month*
Contact Us
Free vendors scan for 1 month
Findings search engine
Rapid security and compliance profile
Profile/showcase engagements per year
5
40
Unlimited
Multi/unlimited showcase use cases
Showcase compliance badge for your website
Best practice self-assessment
1 Findings or 1 BYOC
Assessment response automation
Personalizable, branded security & compliance showcase page
File/evidence repository
OKTA
DKIM
Out-of-the-box TPRM
20 vendors +
20 rating scans
50 vendors +
50 rating scans
Support
Email
Priority via Phone / Email
Internal Workflows (SO/BO)
Onboarding and customization account setup
*Price for every 40 engagements
Automate assessment response and showcase your cybersecurity posture
Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!

Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!