Tag Archives: data breaches

June 2024 Data Breach Round Up

june 2024 data breach round up

The month of June has been marked by a series of significant data breaches impacting various industries. From retail giants to healthcare services, these incidents highlight the ongoing vulnerability of even the most robust systems. Here’s a detailed look at the notable breaches and vulnerabilities discovered in the past month of June 2024.

Panera Bread Informs Employees of Data Breach

Panera Bread has informed its employees about a data breach that occurred in March, resulting in the theft of personal information, including names and Social Security numbers. The company disclosed the breach through notification letters filed with the Office of California’s Attorney General, revealing that a cybersecurity firm had been engaged to investigate the incident. Although Panera asserts that there is no evidence of the stolen information being publicly accessible, it is offering a one-year membership to CyEx’s credit monitoring and identity theft resolution service. Despite not detailing the breach’s nature or the perpetrators, some researchers suspect a ransomware attack that disrupted Panera’s ordering system, mobile apps, and loyalty program in March.

Keytronic Confirms Data Breach and Cyber Attack Impact


Keytronic, a major manufacturer of printed circuit board assemblies, experienced a significant data breach following a May 6, 2024, cyberattack by the Black Basta ransomware gang, which leaked 530GB of stolen data. The breach caused substantial disruptions in the US and Mexico, halting operations for two weeks and affecting business applications and corporate functions like financial reporting. An investigation revealed the exfiltration of personal information, prompting Keytronic to notify affected parties and regulatory agencies. The incident has already cost the company approximately $600,000 in cybersecurity expenses and is expected to impact its financial results for the fourth quarter ending June 29, 2024. Black Basta, linked to former Conti ransomware members and notorious for breaching 500 organizations and extorting over $100 million in ransoms, claimed responsibility and shared sensitive employee and corporate data online.

Qilin Ransomware Attack Disrupts London Hospitals

A ransomware attack attributed to the Qilin ransomware gang has disrupted pathology services at Synnovis, affecting several major NHS hospitals in London, including Guy’s and St Thomas’ and King’s College Hospital. The attack, identified by Ciaran Martin, former CEO of the UK’s National Cyber Security Centre, locked Synnovis out of its systems, causing significant service disruptions and the postponement or cancellation of some medical procedures. Despite these issues, urgent and emergency services remain operational. The NHS England cyber incident response team is assessing the full impact on patient and employee data. Qilin, previously known as Agenda, has been active since 2022, using advanced techniques to infiltrate networks, steal data, and deploy ransomware, demanding ransoms ranging from $25,000 to millions of dollars.

Advance Auto Parts Confirms Data Breach

Advance Auto Parts has confirmed a data breach after a threat actor, ‘Sp1d3r’, attempted to sell stolen data on a hacking forum. The breach, involving a third-party cloud database, exposed personal information of current and former employees, job applicants, and potentially customers. Data leaked includes social security numbers, government identification numbers, full names, and email addresses. Advance Auto Parts is notifying affected individuals and offering free credit monitoring and identity restoration services. The breach, discovered on May 23, 2024, has resulted in $3 million in expenses for the company. Law enforcement has been notified, and an investigation with cybersecurity experts is ongoing.

Neiman Marcus Confirms Data Breach

Neiman Marcus has confirmed a data breach affecting 64,472 individuals, following the unauthorized access to its Snowflake database platform between April and May 2024. The breach, detected in May, exposed personal information including names, contact details, birth dates, and gift card numbers (without PINs). The retailer has since disabled the compromised database, engaged cybersecurity experts, and notified law enforcement. The breach is linked to a broader series of Snowflake data theft attacks by a threat actor known as “Sp1d3r,” who attempted to sell Neiman Marcus’ data for $150,000 on a hacking forum. This attack, part of a campaign targeting at least 165 organizations, exploited stolen credentials from accounts lacking multi-factor authentication.

Crown Equipment Cyberattack Disrupts Manufacturing

Crown Equipment, a major forklift manufacturer, confirmed a cyberattack that disrupted its manufacturing operations since June 8, 2024. The attack, attributed to an “international cybercriminal organization,” led to the shutdown of IT systems, preventing employees from clocking hours, accessing service manuals, and delivering machinery. Initial reports suggest the breach resulted from a social engineering attack where an employee allowed unauthorized access. Despite earlier communications suggesting employees use PTO or file for unemployment, the company later decided to provide regular pay as an advance. Crown, working with cybersecurity experts and the FBI, emphasized that existing security measures limited data access and found no evidence of compromised employee personal information. While not explicitly confirmed, the attack likely involved ransomware, raising concerns about potential data theft and leakage. The company is gradually restoring systems and resuming normal operations.

Vulnerability in Hotel Check-In Terminals Exposes Guest Information

A vulnerability in Ariane Systems’ self-check-in terminals, used in hotels worldwide, exposed guests’ personal information and enables unauthorized access to room keys. These terminals handle bookings, payments, invoice printing, and RFID transponder provisioning for room access. In March, security researcher Martin Schobert from Pentagrid discovered that entering a single quote character in the reservations lookup screen caused the application to hang, granting access to the Windows desktop when touched again. This exposed guest details, reservation entries, and invoices, potentially allowing attacks on the hotel network or unauthorized room key creation. Despite multiple attempts to alert Ariane Systems, Schobert received minimal response, with the vendor briefly claiming the issues were fixed. Details about the firmware version addressing the flaw and the extent of vulnerable installations remain unclear. Hotel operators using these terminals are advised to isolate them from critical systems and contact the vendor to ensure they are running a secure version. This vulnerability highlights the importance of maintaining updated security measures to protect sensitive guest information.

Highlighting the Need for Vigilant Cybersecurity

The data breaches and vulnerabilities uncovered in June emphasize the critical importance of robust cybersecurity measures across all industries. From healthcare to retail, no sector is immune to cyber threats, and the impacts can be far-reaching. Companies must prioritize timely updates, comprehensive response strategies, and continuous monitoring to safeguard sensitive information and maintain operational integrity. These incidents serve as a stark reminder of the evolving nature of cyber threats and the necessity for constant vigilance and proactive security measures. By learning from these breaches, organizations can better protect themselves and their customers, ensuring a more secure digital landscape.

Spotting Red Flags: What are Indicators of Compromise?

indicators of compromise with findings.co (IOCS)

One crucial aspect of defending against newly sophisticated and pervasive threats is recognizing Indicators of Compromise (IoCs). These indicators serve as red flags, signaling that a system or network may have been breached. As a leader in cybersecurity and ESG compliance, we believe that understanding IoCs is essential for maintaining a robust security posture. This blog explores what IoCs are, how they work, and how to spot them to safeguard your organization.

Understanding Indicators of Compromise (IoCs)

Indicators of Compromise (IoCs) are pieces of forensic data that suggest a cyber-attack has taken place. They provide valuable information about what has happened and can also help prepare for future attacks by identifying patterns and behaviors of past incidents. IoCs can include a variety of data points, such as unusual network traffic, changes in file attributes, or unexpected user behavior. By identifying these indicators early, organizations can respond swiftly and mitigate potential damage.

How Do Indicators of Compromise Work?

When a malware attack occurs, traces of its activity can be left in system and log files. These traces, or IoCs, provide evidence of potentially malicious activity on your network that might not be immediately visible. For instance, an IoC could be a specific virus signature detected by antivirus software or unusual outbound network traffic indicating data exfiltration. Modern security tools use known IoCs to detect malware infections, data breaches, and other security threats in their early stages, enabling proactive prevention.

Common Types of Indicators of Compromise

  1. Unusual Network Traffic: One of the most common signs of a security breach is anomalies in network traffic patterns and volumes. Monitoring both inbound and outbound traffic can help detect if an attack is in progress or if data is being exfiltrated.

  2. Geographical Irregularities: Accessing accounts or systems from unexpected geographical locations can indicate a compromised account. Monitoring these irregularities helps identify if attackers are operating from different regions.

  3. Anomalies with Privileged User Accounts: Changes in activity patterns of accounts with high privileges can indicate that attackers are trying to escalate their permissions or misuse the account for malicious purposes.

  4. Suspicious File Changes: Unauthorized modifications to system files, configuration files, or the creation of unexpected files can signal malicious activity.

  5. A Substantial Rise in Database Read Volume: Spikes in database read volumes can indicate that an attacker is trying to access sensitive information stored in databases.

How to Spot Indicators of Compromise

  1. Implement Continuous Monitoring: Real-time visibility into your network and systems is essential for detecting IoCs. Continuous monitoring tools analyze data constantly, allowing for immediate detection of anomalies.

  2. Utilize Advanced Threat Detection Tools: Leveraging tools that use machine learning and behavioral analysis can help identify IoCs by recognizing patterns and deviations from normal behavior.

  3. Conduct Regular Audits and Assessments: Regularly auditing your systems and network traffic helps identify vulnerabilities and signs of compromise. Periodic assessments ensure your security measures are up-to-date.

  4. Analyze User Behavior: Monitoring user activity to detect unusual behavior can help identify compromised accounts. User and Entity Behavior Analytics (UEBA) solutions can detect deviations from typical user behavior.

  5. Stay Informed on Threat Intelligence: Keeping up-to-date with the latest threat intelligence and IoC databases helps recognize and respond to current threats more effectively.

  6. Train Your Team: Educating employees on recognizing IoCs and reporting suspicious activities adds an additional layer of defense against potential threats.

Responding to Indicators of Compromise

Detecting IoCs is only the first step. Effective response involves:

  1. Contain the Threat: Isolate affected systems to prevent further spread of malicious activity.

  2. Investigate the Incident: Conduct a thorough investigation to understand the scope and impact of the compromise.

  3. Eradicate the Threat: Remove any malicious code or malware and address vulnerabilities exploited during the attack.

  4. Recover Systems: Restore systems to normal operations using clean backups and ensure all malicious activity has been eradicated.

  5. Review and Improve Security Measures: Analyze the incident to identify areas for improvement and update security policies, procedures, and technologies.

Key Takeaways on Spotting IoCs

Recognizing and responding to Indicators of Compromise is vital for maintaining a robust cybersecurity posture. By understanding common IoCs and implementing best practices for detection and response, organizations can protect their systems and data from potential threats. At Findings, we are dedicated to helping businesses stay ahead of cyber threats with advanced security solutions; automating security assessments and audits, and offering cloud telemetry monitoring to ensure continuous and consent-based monitoring. 

The Ultimate Guide to Cloud Data Protection

the ultimate guide to cloud data protection

Essential Strategies for Cloud Data Protection

The cloud has become a cornerstone for businesses of all sizes, providing scalable, cost-effective, and efficient solutions for data storage and operations. However, with the convenience of the cloud comes the critical need for robust data protection strategies. As a leading cybersecurity and ESG compliance company, we understand the complexities of cloud data protection. This blog aims to provide a comprehensive overview of cloud data protection, highlighting key strategies and best practices to ensure your data remains secure.

Understanding Cloud Data Protection

Cloud data protection encompasses a range of strategies and technologies designed to safeguard data stored in the cloud. This includes protecting data from unauthorized access, ensuring data privacy, maintaining data integrity, and ensuring data availability. As businesses increasingly migrate to the cloud, the importance of implementing strong data protection measures cannot be overstated.

Key Challenges in Cloud Data Protection

  1. Data Breaches: Unauthorized access to sensitive data can lead to significant financial and reputational damage.

  2. Data Loss: Accidental deletion, software bugs, or cyberattacks can result in irreversible data loss.

  3. Compliance: Adhering to regulatory requirements and industry standards is essential to avoid legal penalties.

  4. Shared Responsibility: Cloud providers and clients share the responsibility for data security, necessitating clear policies and collaboration.

Best Practices for Cloud Data Protection

  1. Implement Strong Access Controls: Utilize multi-factor authentication (MFA) and robust password policies to prevent unauthorized access. Ensure that only authorized personnel have access to sensitive data.

  2. Encrypt Data: Encrypt data both at rest and in transit to protect it from unauthorized access. Use strong encryption protocols and regularly update encryption keys.

  3. Regular Backups: Perform regular backups to ensure that you can recover data in case of accidental deletion or a cyberattack. Store backups in multiple locations to mitigate the risk of data loss.

  4. Continuous Monitoring: Implement continuous monitoring solutions to detect and respond to security threats in real-time. At Findings we offer advanced cloud monitoring solutions that provide comprehensive visibility into your cloud environment.

  5. Compliance Management: Ensure that your cloud data protection strategies align with regulatory requirements and industry standards. Conduct regular audits and assessments to maintain compliance.

  6. Incident Response Plan: Develop and regularly update an incident response plan to quickly address and mitigate the impact of data breaches or other security incidents.

The Role of Continuous Cloud Monitoring

Continuous cloud monitoring plays a crucial role in cloud data protection by providing real-time insights into your cloud environment. With continuous monitoring, you can:

  • Detect Anomalies: Identify unusual activities and potential security threats before they escalate.

  • Ensure Compliance: Monitor compliance with regulatory requirements and internal policies.

  • Optimize Performance: Gain insights into cloud performance and optimize resource usage.

  • Improve Incident Response: Enhance your ability to respond to security incidents quickly and effectively.

By integrating our solutions into your cloud data protection strategy, you can ensure that your data remains secure and compliant with industry standards.

Moving Forward With Confidence 

Protecting your data in the cloud is a continuous and evolving process. By implementing robust data protection strategies and leveraging advanced monitoring solutions, you can truly protect your sensitive information against a wide range of threats. At Findings we are committed to helping businesses navigate the complexities of the cloud, ensuring that your data remains secure, compliant, and resilient.

 

For more information on our cloud monitoring solutions and how we can help protect your data, don’t hesitate to reach out.

May 2024 Data Breach Round Up

Discover the latest major data breaches in May 2024, impacting organizations like Ticketmaster, Santander, BBC, Cooler Master, and Singing River Health System, and learn about the critical need for enhanced cybersecurity measures.

The Rising Tide of Data Breaches in 2024

This past month, a series of significant data breaches have highlighted the vulnerabilities in the cybersecurity measures of various organizations. From healthcare systems to prominent companies, the exposure of sensitive personal information has caused widespread concern. Among the most notable incidents, Singing River Health System in Mississippi experienced a severe ransomware attack that compromised the data of nearly 900,000 individuals. This breach, along with others involving prominent entities like Ticketmaster and Cooler Master, underscores the critical need for robust data protection strategies. The following summaries detail these incidents and the implications for affected individuals and organizations.

Massive Data Breach at Ticketmaster Exposes Personal Information of 560 Million Users

Ticketmaster experienced a significant data breach, confirmed by Live Nation, following the compromise of a third-party cloud database, likely Snowflake. Discovered on May 20, 2024, the breach led to a criminal actor offering Ticketmaster user data for sale on the dark web a week later. The stolen data, allegedly 1.3TB in size, includes detailed personal information and ticketing data for 560 million users. The hacker group, Shiny Hunters, claimed responsibility, stating they accessed the data using stolen credentials and unexpired tokens from a Snowflake employee’s ServiceNow account. Despite this, Ticketmaster believes the breach won’t materially impact its operations. Snowflake attributed the breaches to weak customer account security, lacking multi-factor authentication, and has provided indicators of compromise to affected customers.

Santander Hacked: Data of 30 Million Customers and Employees Compromised

Hackers, identified as the ShinyHunters group, are attempting to sell data purportedly belonging to millions of Santander staff and customers. This group, which also claimed responsibility for the recent Ticketmaster breach, has accessed data from Santander’s branches in Chile, Spain, and Uruguay, affecting current and former employees globally. While no transactional data or online banking credentials were compromised, the breach includes bank account details, credit card numbers, and HR information. Santander is contacting affected individuals directly and assures that their banking systems remain secure. Researchers link this breach to a larger hack of the cloud storage company Snowflake, where hackers allegedly used stolen credentials to access a demo account of a former employee. Snowflake denies any vulnerability in its product, stating the compromised account did not contain sensitive data.

BBC Pension Scheme Data Breach: Personal Details of 25,000 Members Stolen

On May 21, the BBC’s information security team discovered a data breach involving personal details of BBC Pension Scheme members. The breach, which occurred via a cloud-based storage service, exposed names, National Insurance numbers, dates of birth, gender, and home addresses, but no financial or login information. The incident has been reported to relevant authorities, and affected individuals were notified on May 29. The BBC has secured the data source and enhanced security measures. There is no current evidence of misuse of the stolen data. The BBC advises vigilance against unsolicited communications and offers affected members two years of free access to Experian Identity Plus for monitoring and protection.

Cooler Master Suffers Major Data Breach: Personal Information of 500,000 Customers Exposed

Cooler Master, a Taiwanese computer hardware manufacturer, experienced a data breach on May 19, 2024, where a threat actor named ‘Ghostr’ claimed to have stolen 103 GB of data. This breach exposed personal information of over 500,000 Fanzone members, including names, addresses, dates of birth, phone numbers, email addresses, and unencrypted credit card details. The breach reportedly occurred through one of Cooler Master’s front-facing websites, allowing the attacker to access various databases. Despite attempts to extort the company, Cooler Master did not respond. A sample of the stolen data confirmed the legitimacy of customer support records. However, the claim of stolen credit card information remains unverified. Cooler Master has yet to comment on the incident.

Ransomware Attack on Singing River Health System Affects 895,000 Individuals

Singing River Health System in Mississippi has confirmed that a ransomware attack in August 2023 affected the personal data of 895,204 individuals. This attack, perpetrated by the Rhysida ransomware gang, caused significant operational disruptions and data theft from Singing River’s hospitals, hospices, pharmacies, imaging centers, specialty centers, and clinics. The stolen data includes full names, dates of birth, physical addresses, Social Security Numbers, and medical and health information. While there is no evidence of misuse of the exposed data, Singing River is offering 24 months of credit monitoring and identity restoration services through IDX. The gang has leaked around 80% of the stolen data, totaling 754 GB. Impacted individuals are advised to use the offered services, stay vigilant against unsolicited communications, and monitor their accounts for suspicious activities.

Strengthening Cybersecurity Amidst Escalating Data Breach Incidents

 

The alarming frequency and scale of recent data breaches underscore the critical need for enhanced cybersecurity measures across all sectors. The attacks on Singing River Health System, Ticketmaster, Cooler Master, and other organizations reveal not only the sophistication of cybercriminals but also the significant impact on personal data security. As these entities work to mitigate the damage and protect their stakeholders, it is essential for individuals to remain vigilant and proactive in safeguarding their information. The collective response to these breaches will shape the future landscape of data security, highlighting the importance of both technological advancements and user awareness in combating cyber threats.

April 2024 Data Breach Round Up

april 2024 data breaches

In April 2024, numerous cybersecurity incidents occurred, mirroring previous occurrences. These incidents, yet again, serve as a reminder of the ongoing threat landscape that organizations across various sectors face. From retail giants to healthcare conglomerates, no entity appears to be immune to the ever-changing tactics employed by malicious actors in the digital sphere.

Let’s explore these breaches in detail, uncovering the stories that underscore the critical need for continuous monitoring and proactive risk management strategies in today’s interconnected world.


  1. Giant Tiger

    Giant Tiger, a prominent Canadian discount retailer, suffered a data breach that affected approximately 2.8 million of its customers. This breach came to light when an anonymous hacker posted the stolen data, including email addresses, names, phone numbers, and physical addresses, on a cybercrime forum. The breach data has since been added to the HaveIBeenPwned website, enabling users to check if their information has been compromised. The source of the breach was traced to a third-party vendor responsible for handling Giant Tiger’s customer interactions and communications. Although the leak did not include payment details or passwords, it poses a significant risk of phishing and identity theft. Giant Tiger has informed all affected customers and is actively managing the fallout from the disclosure.

  2. Home Depot

    On April 8, Home Depot confirmed a data breach involving a third-party SaaS vendor, which accidentally exposed names, work email addresses, and user IDs of some employees during system tests. This breach was disclosed after threat actor IntelBroker leaked data about 10,000 employees on a hacking forum. Security experts stress the importance of robust third-party risk management and the need for uniform security protocols across business ecosystems to mitigate such breaches, which could lead to targeted phishing attacks and further security compromises.

  3. Roku

    In a recent statement, Roku disclosed that its security systems detected unauthorized access to approximately 15,000 user accounts earlier this year through credential stuffing—using stolen login details from other sources. Despite these intrusions, Roku confirmed there was no compromise within their systems. A second incident involved around 576,000 accounts, but again, no sensitive information or full payment details were accessed. In response, Roku has reset passwords for affected accounts, implemented refunds for unauthorized transactions, and introduced two-factor authentication for all accounts to enhance security. Roku urges customers to create strong, unique passwords and remain vigilant against suspicious communications to further protect their accounts.

  4. Nextperia

    On April 12, 2024, Nexperia announced that an unauthorized party had accessed certain IT servers in March. The company quickly isolated the compromised systems and cut off internet access to contain the breach. With the help of cybersecurity firm FoxIT, Nexperia is actively investigating the breach’s scope and has taken significant steps to terminate the unauthorized access. The incident has been reported to the relevant authorities, including the ‘Autoriteit Persoonsgegevens’ and the police, who are being updated on the investigation’s progress. Due to the ongoing investigation, Nexperia has stated that further details cannot be disclosed at this time. Nexperia, headquartered in the Netherlands, is a leading global semiconductor company, noted for its significant contributions to electronic components across various industries.

  5. MITRE

    On April 19, 2024, MITRE acknowledged a cybersecurity breach within its Networked Experimentation, Research, and Virtualization Environment (NERVE), a platform used for collaborative research and development. Despite robust security measures, a foreign nation-state was identified as the perpetrator of this breach. Immediate steps were taken to contain the breach by disconnecting the NERVE environment and launching a comprehensive investigation with both in-house and external cybersecurity experts. MITRE has informed the relevant authorities and those affected, and is working on secure alternatives for collaboration. Jason Providakes, president and CEO of MITRE, emphasized the organization’s commitment to transparency and the advancement of cybersecurity practices across the industry. MITRE, known for its contributions to cybersecurity standards and tools, continues to share insights gained from this incident to aid the broader security community.

  6. Kaiser

    Kaiser, a prominent U.S. health conglomerate, is informing millions of current and former members about a data breach that occurred when the company inadvertently shared patients’ data with third-party advertisers, including tech giants like Google and Microsoft. The breach was identified after an investigation revealed that certain online technologies used by Kaiser transmitted personal information to external vendors. The compromised data includes member names, IP addresses, and details indicating usage of Kaiser’s services and websites. Kaiser promptly removed the tracking code from its platforms. This incident underscores a concerning trend in the healthcare sector, where online tracking codes have been used to share sensitive patient information with advertisers. Kaiser plans to notify approximately 13.4 million affected individuals and has fulfilled legal requirements by reporting the breach to relevant authorities. This breach marks one of the largest health-related data breaches of 2024, as listed by the U.S. Department of Health and Human Services.

  7. FBI Warning

On April 12, the FBI issued a warning regarding a significant surge in SMS phishing attacks aimed at Americans concerning unpaid road toll fees. Beginning last month, thousands of individuals reported being targeted by scammers. The FBI’s Internet Crime Complaint Center received over 2,000 complaints since early March, indicating a widespread campaign across at least three states. The malicious texts claim recipients owe money for outstanding tolls, with identical language across reports. The phishing messages contain hyperlinks impersonating state toll services, with phone numbers varying between states. Although the FBI did not mention E-ZPass in their warning, it’s noted that the scam also targets E-ZPass customers. The FBI advises recipients to report the scam, avoid clicking links, verify their accounts through legitimate websites, contact customer service, delete any phishing texts, and take measures to secure personal and financial information if they’ve interacted with the messages.


As April comes to a close, these data breaches serve as powerful reminders of the urgent need to strengthen our systems. Each breach brings new insights, pushing everyone involved to take a hard look at their security measures, beef up their defenses, and stay sharp against emerging threats.


In our quest for cyber resilience, teamwork and sharing what we know are key. By working together and staying committed to protecting our digital world, we can tackle the challenges of cyberspace head-on, with confidence and resolve.


March 2024 Data Breach Round Up

March 2024 Data Breaches

A few months into 2024, and data breaches are on the rise. This surge highlights the need for improved security measures and greater awareness. These instances of unauthorized access to confidential data expose vulnerabilities in our interconnected systems. A deeper look into these breaches uncovers broader cybersecurity issues that necessitate immediate, coordinated efforts for digital information protection. In a time when data breaches are becoming more advanced, traditional security measures are no longer adequate.

This is where comprehensive security assessments and compliance become invaluable. Evaluating your company’s security posture and aligning it with industry standards can help identify vulnerabilities before exploitation. Compliance isn’t just about ticking boxes—it’s about creating a robust framework that bolsters security measures and instills trust in clients.

However, the real game-changer in the fight against cyber threats is the integration of AI  into your security strategies. AI can analyze vast amounts of data at an unprecedented speed, identifying potential threats and anomalies that might go unnoticed by human eyes. It can also predict potential vulnerabilities, allowing companies to fortify their defenses proactively.

Let’s jump into the data breaches that shook the industry in March 2024, a stark reminder of the ever-evolving challenge of maintaining digital security. 

AT&T

AT&T has initiated a mass reset of customer account passcodes following a leak that exposed millions of records online, including sensitive information such as names, addresses, and Social Security numbers. The leaked data, dating back to 2019 or earlier, affects about 7.6 million current and 65.4 million former AT&T account holders. Despite the leak, AT&T has stated there’s no evidence of unauthorized system access. The leak, including encrypted passwords easily decryptable, was first identified when a security researcher shared their findings with TechCrunch. AT&T is contacting affected current and former customers to inform them about the breach and the steps being taken to secure their accounts.

Fujitsu

Fujitsu, a leading global IT services provider, recently announced a significant security breach where malware infected its systems, leading to the theft of customer data. The company, ranking as the sixth largest in its sector with a workforce of 124,000 and revenues of $23.9 billion, plays a pivotal role in technology, offering a wide array of products and services, including cloud solutions and IT consulting. The breach, affecting systems holding sensitive customer information, prompted immediate action from Fujitsu to isolate infected computers and enhance monitoring. Despite no reports of the data’s misuse, Fujitsu has notified relevant authorities and is in the process of alerting affected customers. This incident follows a 2021 security breach involving Fujitsu’s ProjectWEB tool, which compromised government agencies and led to significant data theft, underscoring ongoing cybersecurity challenges.

MarineMax

MarineMax, a leading yacht retailer, reported a cyberattack in March, revealing that hackers, identified by the Rhysida ransomware gang, compromised its systems and stole data including employee and customer personal information. Despite initial claims of not storing sensitive data on the breached systems, a subsequent investigation uncovered that the cybercrime group accessed and extracted data, which is now being offered for sale on the dark web for 15 Bitcoin (over $1 million). MarineMax, with operations spanning 130 locations globally and reporting $2.39 billion in revenue last year, has engaged external cybersecurity experts to mitigate the breach’s impact, notified law enforcement, and is in the process of notifying affected individuals and regulatory bodies. The Rhysida gang, known for its ransomware-as-a-service operations since May 2023, has targeted various organizations, including the British Library and healthcare entities, marking this incident as part of a broader pattern of cyberattacks by the group.

PandaBuy

PandaBuy, an online shopping platform facilitating purchases from Chinese e-commerce sites, experienced a data breach affecting over 1.3 million users. The breach, executed by threat actors ‘Sanggiero’ and ‘IntelBoker’ through exploiting critical API vulnerabilities, exposed comprehensive user data including names, contact details, order information, and addresses. The compromised data was offered on a forum for a nominal cryptocurrency fee, with a sample provided to validate its authenticity. Despite attempts to downplay the incident, evidenced by moderated discussions on Discord and Reddit, the breach’s reality was confirmed by data breach aggregator Have I Been Pwned (HIBP), advising impacted users to change their passwords and be cautious of potential scams. PandaBuy has yet to officially address the breach publicly, as concerns over user privacy and platform security escalate.

France Travail

France Travail, the national unemployment agency in France, has reported a significant data breach affecting approximately 43 million individuals, stemming from a cyberattack between February 6 and March 5. The agency, which aids in job placement and financial support, acknowledged that personal details of job seekers over the past two decades, including sensitive information like social security numbers and contact details, were compromised. While bank details and passwords remain unaffected, the exposed data raises serious concerns for identity theft and phishing risks. France Travail has notified the National Commission of Informatique and Liberties (CNIL) and is advising those potentially impacted to exercise caution with their communications. This incident, surpassing the scale of previous breaches including a 10 million person breach last August and the recent Viamedis and Almerys breach, marks a record for cybersecurity incidents in France.

Prioritizing Compliance & Cybersecurity in the Wake of Rising Data Breaches:

Digital security is a complex tapestry, with challenges increasing in both frequency and severity. This complexity calls for action. We must strengthen our defenses, both as organizations and individuals. At Findings we understand the pivotal role of security assessments, compliance, and AI in safeguarding your digital assets. Our suite of services is designed to provide a comprehensive security solution that not only helps prevent data breaches but also ensures that your company is equipped to handle any cyber threats that come its way. From detailed security assessments that highlight your strengths and weaknesses to AI-driven insights that keep you one step ahead of cybercriminals, we are your partner in establishing a resilient and compliant security posture.

As we reflect on the lessons from the top breaches in March 2024, let us use them as a stepping stone towards a more secure and trustworthy digital future. 

February 2024 Data Breach Round Up

Supply chain security concept illustration

From Healthcare to Finance: The Shocking Cybersecurity Wake-Up Call of February 2024

Lately, it feels like we’ve been hit by a wave of cybersecurity incidents that have really shaken things up. It’s not just a bunch of breaches we’re talking about here; we’re seeing huge, flashing signs telling companies it’s high time to beef up their cybersecurity defenses and get smarter about how they handle incidents when they happen. In this blog, I’ll dive into the chaos of these cyber incidents, break down their effects, and tease out the valuable lessons they’re teaching us. So, come along for the ride and read up about the top breaches of February! 


  1. Change Healthcare


Change Healthcare, a subsidiary of UnitedHealth Group, experienced a cybersecurity incident on February 21, 2024, that has led to significant disruptions across the U.S. healthcare sector, affecting hospitals, pharmacies, and millions of patients. This breach, described by government and industry officials as one of the most severe attacks on the health-care system in U.S. history, has highlighted critical vulnerabilities within the U.S. healthcare infrastructure. Change Healthcare, crucial for processing 15 billion claims amounting to over $1.5 trillion annually, acts as an intermediary between healthcare providers and insurers. The attack has not only compromised patient data but has also strained the financial operations of healthcare organizations reliant on Change’s services for billing and reimbursement.


The ramifications of this incident are widespread, with some hospitals unable to discharge patients due to medication access issues and others facing severe financial strains. Senate Majority Leader Charles E. Schumer has called for expedited payments to affected healthcare providers to mitigate the financial impact. Despite efforts to manage the situation, including temporary assistance from Optum and manual claims processing, the industry faces “very, very imperfec t workarounds,” according to Molly Smith from the American Hospital Association. The attack underscores the urgent need for enhanced cybersecurity measures across the healthcare ecosystem to prevent future disruptions and safeguard patient information.


In a company update, they confirm that they are “experiencing a cybersecurity issue perpetrated by a cybercrime threat actor who has represented itself to us as ALPHV/Blackcat.”


  1. Unlocking the Impact: Fidelity’s Third-Party Vendor Vulnerability Exposed


On February 13, 2024, Fidelity Investments Life Insurance Company and Empire Fidelity Life Insurance Company discovered a cybersecurity incident involving their third-party vendor, Infosys McCamish Systems (IMS), which may have impacted the security of personal information belonging to approximately 28,268 people. IMS, responsible for administering certain life insurance policies for a limited number of customers, experienced a cybersecurity event when an unauthorized third party gained access to IMS systems between October 29, 2023, and November 2, 2023, potentially compromising data including names, Social Security Numbers, dates of birth, and bank account details used for premium payments. 


  1. Medical Management Resource Group: Eyes Wide Open

American Vision Partners, a company specializing in providing administrative support to ophthalmology practices, has recently addressed a significant cybersecurity breach affecting patient information. On February 15, 2024, the company sent out notification letters explaining that on November 14, 2023, the organization detected unauthorized access within its network infrastructure. Immediate action was taken to mitigate the breach by isolating the affected systems, initiating a thorough investigation with the help of leading cybersecurity experts, and notifying law enforcement authorities. Despite these efforts, it was confirmed by December 6, 2023, that the breach led to unauthorized access to personal data of patients linked to the practices serviced by American Vision Partners. The compromised data encompasses a range of sensitive information, including names, contact details, dates of birth, Social Security numbers, and specific medical and insurance details. 


It has also come to light that not only patients but also employees of the affected organization were victims of a data breach. The compromised information varies among individuals but could include a range of personal details such as names, contact information, dates of birth, Social Security numbers, driver’s license and passport details, and even bank account numbers. While not every piece of information was accessed for each individual, the breach’s potential impact is taken with utmost seriousness. In response, the organization is proactively offering identity protection and credit monitoring services to all impacted employees for two years at no charge, demonstrating a commitment to the security and welfare of its personnel. 


About 2,264,157 individuals were impacted by this incident. 


  1. Spark Driver: A Rough Road for Walmart’s Workforce

On February 23, 2024, Walmart Inc. notified employees about a recent security incident that has impacted Spark Driver™ accounts. This breach, discovered in late January, allowed unauthorized access to employees’ driver profiles, potentially compromising sensitive information, including Social Security Numbers, drivers licenses, dates of birth, names, and contact details. The breach provided the intruder with the ability to view details about earnings, tax information, driver verification documents, and background checks.


  1. LoanDepot: A Flood of Personal Data at Risk


LoanDepot issued a notice on February 23, 2024, regarding a data breach that potentially compromised sensitive personal information of almost 17 million people due to unauthorized access to its systems. This security incident was first identified on January 4, 2024, prompting immediate actions to contain and address the breach, including contacting law enforcement and initiating a thorough investigation with external cybersecurity experts. The breach, occurring between January 3 and January 5, 2024, may have exposed personal details such as names, addresses, email addresses, financial account numbers, Social Security numbers, phone numbers, and dates of birth.


In response to this incident, LoanDepot has taken significant measures to secure its systems and mitigate any potential impact on affected individuals. Although there is currently no evidence to suggest that the accessed information has been used maliciously, LoanDepot is offering 24 months of complimentary identity protection and credit monitoring services through Experian. This service is designed to assist in detecting and resolving identity theft and fraud. Affected individuals are encouraged to follow the provided instructions to enroll in these protection services to safeguard their personal information.


  1. UNITE HERE: A Union Under Siege


UNITE HERE, representing a substantial workforce across the U.S. and Canada, has formally reported a data breach to the Maine Attorney General on February 23, 2024, following the detection of unauthorized access to its IT network. The breach was discovered on October 20, 2023, when it was found that an unauthorized entity had gained access to their systems, impacting about 791,273 individuals. The potentially compromised information includes a wide array of personal data such as names, Social Security numbers, driver’s licenses, state ID numbers, alien registration numbers, tribal identification numbers, passport numbers, birth certificates, dates of birth, marriage licenses, signatures, financial account information, and medical data. 


Although there is no current evidence to suggest that this breach has led to identity theft or fraud, UNITE HERE is proactively informing affected individuals and has implemented several security measures. These measures include resetting system passwords, enhancing security protocols, and cooperating with law enforcement to prevent future incidents.


  1. Xerox Corporation: Copying Catastroph


On February 20, 2024, Xerox issued an alert regarding a security breach within its subsidiary, Xerox Business Services (XBS), emphasizing that safeguarding the data privacy and protection of its clients, partners, and employees remains a paramount concern. In early December 2023, an unauthorized entity managed to infiltrate a segment of the XBS network. Despite the swift detection and containment efforts by Xerox personnel, the investigation revealed that on December 10, 2023, the intruder succeeded in extracting a limited set of data from XBS’s systems.


The compromised information primarily includes names, contact details, and Social Security numbers of those affected. Xerox is actively conducting a comprehensive investigation into the breach and has already involved law enforcement agencies. Despite the ongoing legal probe, Xerox has chosen to promptly inform all impacted parties, underscoring its commitment to transparency and the importance of immediate action to address the security incident.


  1. PJ&A: Confidentiality on the Line


Perry Johnson & Associates, Inc. (PJ&A), a provider of medical transcription services for healthcare organizations including Concentra Health Services, Inc. (Concentra), has reported February 8th, a security incident affecting certain patient information. This incident, which did not affect Concentra’s systems directly, resulted from unauthorized access to PJ&A’s systems between March 27, 2023, and May 2, 2023. Notably, on April 7 and April 19, 2023, an unauthorized actor accessed a system containing Concentra patients’ information.


Upon detecting suspicious activity, PJ&A promptly initiated an investigation with cybersecurity experts to assess the incident’s scope and impact. The investigation identified that personal information, such as names and addresses, of almost 13 million Concentra patients was potentially compromised. Following the investigation, PJ&A informed Concentra, which then undertook efforts to verify affected patients and expedite notification.


To mitigate potential risks and support affected individuals, PJ&A is offering credit monitoring services through IDX for a specified period at no cost. Individuals are advised to remain vigilant by monitoring their account statements and credit reports for any suspicious activity and to consider enrolling in the provided credit monitoring service. Detailed instructions for enrollment and additional protective measures are included in PJ&A’s communication to the impacted parties.


  1. Verizon: An Inside Job


Verizon, one of the largest telecommunications service providers in the US has issued a notification concerning unauthorized access to certain personal information of its employees by one of its employees, in breach of company policies. This incident, identified around September 21, 2023, but addressed in February to the Maine Attorney General, involved unauthorized acquisition of a file containing employee data such as names, addresses, Social Security numbers or other national identifiers, gender, union affiliations, dates of birth, and compensation details. Currently, there is no indication that this information has been misused or disseminated outside of Verizon.


In response to this incident, Verizon undertook an immediate review to ascertain the nature of the compromised information and has taken steps to enhance its technical controls to prevent similar incidents in the future. The company has also informed relevant regulatory bodies about the breach.




From the major upset at Change Healthcare to the breach in Verizon’s backyard, it’s pretty obvious we’re standing at a major fork in the road. These incidents aren’t just cautionary tales; they’re wake-up calls, highlighting just how crafty and relentless cyber threats have become, and just how tough our defenses need to be.  Each month, we compile a summary of the most significant breaches from the preceding period. Be sure to explore our latest round-up! At Findings, we streamline the process of cybersecurity compliance assessments, ensuring your systems adhere to pertinent regulations while safeguarding your infrastructure.




Automate Your Cybersecurity Compliance Journey

* indicates required
Your work email please

Vendor Breach Reporting in the Modern Market

Vendor Breach Reporting guidelines findings 2024

We’ve hit a point in time where data breaches are becoming more common and the repercussions more severe. This highlights that the importance of effective vendor breach reporting cannot be overlooked. As companies are relying more and more on third-party vendors for a variety of services — from cloud storage solutions to customer relationship management systems, the potential for data breaches originating from these vendors escalates. This blog will explore the current landscape of vendor breach reporting, highlighting the challenges, best practices, and the evolving regulatory environment that shapes how businesses respond to and report breaches.

Understanding the Landscape

The modern market is interconnected, with businesses routinely sharing sensitive information with vendors. This symbiotic relationship, however, introduces vulnerabilities. A breach at a vendor can have cascading effects, compromising the data integrity of all connected businesses. The 2023 Verizon Data Breach Investigations Report underscores this point, noting an uptick in incidents originating from third-party vendors.

Challenges in Vendor Breach Reporting

One of the primary challenges in vendor breach reporting is the detection and attribution of breaches. Identifying that a breach has occurred, and tracing it back to a specific vendor, requires sophisticated monitoring tools and a high degree of coordination between parties. Moreover, the variability in reporting requirements across jurisdictions adds a layer of complexity, making compliance a moving target for global businesses.

Best Practices for Effective Reporting

To navigate these challenges, businesses must adopt a proactive and comprehensive approach to vendor management and breach reporting. Key strategies include:

  • Due Diligence: Before entering into agreements with vendors, assess their security policies and incident response capabilities. Regular audits can ensure ongoing compliance with agreed-upon standards.

  • Transparent Communication: Establish clear lines of communication for reporting potential security incidents. This includes setting up contractual obligations for vendors to notify you immediately in the event of a breach.

  • Incident Response Planning: Develop a coordinated incident response plan that includes vendors. This plan should outline steps for breach investigation, notification, and mitigation, ensuring a swift and unified response.

  • Regulatory Compliance: Stay informed about the evolving regulatory landscape. Many regulations have set stringent requirements for data breach notification, including specific timelines and conditions under which breaches must be reported. Failure to comply can result in significant fines, legal fees, and damage to a company’s reputation.

The Evolving Regulatory Environment

Governments around the world are tightening regulations around data protection and breach notification. The trend is towards more stringent reporting requirements, with an emphasis on consumer protection. For instance, amendments to the GDPR and CCPA are pushing for shorter notification windows and greater transparency in the event of a breach. More recently, in 2024, The Federal Communications Commission (FCC) has finalized new breach reporting rules that significantly tighten the requirements for telecommunications carriers in the US. Now, these carriers have only seven days to disclose data breaches. The rules have expanded the definition of breaches to include inadvertent access or disclosure of customer information, which now encompasses not only Customer Proprietary Network Information (CPNI) but also personally identifiable information (PII) such as names, government ID numbers, biometric data, and email addresses/passwords. This change aims to cover a broader range of data and ensure customers are notified of breaches unless the carrier determines no harm is reasonably likely to occur. The updated rules now require that, in addition to the FBI and U.S. Secret Service, the FCC must also be notified of breaches.

Lastly, The Federal Trade Commission (FTC) has introduced an amendment to its Safeguards Rule, imposing a 30-day deadline for non-banking financial organizations to report incidents involving 500 consumers or more. This amendment aims to bolster consumer data security by demanding comprehensive incident reports, driving stronger security practices in the financial sector.

Closing Thoughts:

In the modern market, effective vendor breach reporting is not just a regulatory requirement; it’s a critical component of a company’s overall cybersecurity strategy. By implementing best practices for vendor management and staying abreast of regulatory changes, businesses can better protect themselves and their customers from the fallout of data breaches. As the digital landscape continues to evolve, so too must the strategies for safeguarding against and responding to security incidents. The key to resilience in the face of these challenges lies in preparation, partnership, and proactive engagement with the issue of vendor breach reporting.

 

Findings Can Help

2024 Trends Unveiled: Cybersecurity as a Key Business Enabler

As 2024 unfolds, we are witnessing a revolutionary transformation in the cybersecurity landscape. No longer a mere aspect of IT, cybersecurity is now a pivotal driver in reshaping business operations on a global scale. This blog post delves into the forefront of cybersecurity, compliance, highlighting pivotal regulations such as the ASEAN Guidelines on Consumer Impact Assessment (CIA), CMMC, PCI DSS 4.0, DORA, and SEC incident disclosure regulations. These emerging trends are rapidly becoming the gold standard in global business cybersecurity practices.

 

CMMC: Evolving from Defense to a Universal Cybersecurity Benchmark

  • The Cybersecurity Maturity Model Certification (CMMC) is evolving from its U.S. defense sector roots to a worldwide cybersecurity standard. Now applicable across various industries, CMMC’s layered cybersecurity approach is garnering universal acceptance. Its comprehensive framework, focused on continuous improvement, is especially vital for entities managing sensitive or critical data, signifying a move towards standardized cybersecurity excellence.

PCI DSS 4.0: Revolutionizing Payment Security Standards

  • PCI DSS 4.0 is revolutionizing payment security standards globally in 2024. This updated version introduces an adaptive, risk-based approach, essential for any business involved in digital transactions. Its flexibility and focus on tailored security measures are vital for e-commerce, financial institutions, and others in the payment ecosystem, making PCI DSS 4.0 compliance synonymous with secure and trustworthy payment processing.

DORA: Spearheading Digital Resilience in the Financial Sector

  • The Digital Operational Resilience Act (DORA) is a groundbreaking EU regulation shaping the financial sector’s approach to digital risks in 2024. Its influence extends globally, affecting financial entities interacting with the EU market. DORA emphasizes operational resilience, highlighting the need for robust digital risk management in today’s interconnected digital finance landscape.

SEC Incident Disclosure: Championing Transparency in Corporate Cybersecurity

  • The SEC’s incident disclosure regulations are leading a worldwide movement towards transparency in corporate cybersecurity. These mandates, which require prompt and detailed disclosure of cybersecurity incidents, are becoming critical for publicly traded companies globally. This shift towards transparency and accountability in cybersecurity reflects an increasing demand from investors and consumers for trustworthiness and integrity in corporate practices.

ASEAN CIA: Redefining Cybersecurity with a Consumer-Centric Approach

  • The ASEAN Guidelines on Consumer Impact Assessment, originating from Southeast Asia, are now setting a global precedent. These guidelines shift the focus towards assessing cybersecurity’s impact on consumers, prioritizing their rights and data privacy. This consumer-centric approach, especially critical for businesses in or targeting the ASEAN market, is now a global best practice. It underscores the imperative of balancing robust security with consumer rights, a notion gaining traction across various industries.

Other Regulatory Developments Shaping the Cybersecurity Domain

Additional global regulations also predict significant cybersecurity trends:

  • GDPR: Continues to influence data privacy and protection globally, impacting businesses handling EU citizens’ data.

  • ISO/IEC 27001: Gaining traction as a comprehensive framework for managing information security, key for organizations striving for global best practices.

  • NIST Framework: Increasingly adopted worldwide, indicating a move towards unified approaches in cybersecurity risk management.

Cybersecurity Compliance: A Strategic Business Advantage

In 2024, adherence to these emerging cybersecurity regulations offers businesses a strategic advantage. It transcends legal compliance, fostering trust, enhancing brand reputation, and providing a competitive edge. The integration of AI in cybersecurity is another emerging practice, offering efficient and effective solutions for meeting these standards.

  • Increased Focus on Supply Chain Attacks: Modern supply chains are interconnected and complex, making them susceptible to cyberattacks. A breach in one part can have a cascading effect, impacting multiple businesses. This emphasizes the need for rigorous cybersecurity measures across the entire supply chain.

  • Collaborative Risk Management: The trend towards collaborative defense strategies is based on the principle that sharing threat intelligence and best practices can strengthen the security posture of all involved parties. By learning from each other’s experiences, industries can develop more effective defenses against common threats.

State-Sponsored Cyber Attacks: An Escalating Concern

  • Global Ramifications: State-sponsored cyberattacks are particularly concerning due to their scale and impact. These attacks target critical infrastructure, such as energy grids or financial systems, and can compromise national security. The global nature of these threats requires an international response and cooperation.

  • Advanced Countermeasures: To combat these sophisticated threats, organizations need to implement advanced threat detection systems that can identify and neutralize attacks quickly. A zero-trust security model, where trust is never assumed and verification is required from everyone, can be crucial in mitigating these risks. Continuous monitoring ensures that any suspicious activity is detected and addressed promptly.

AI in Cybersecurity: A Complex Role

  • Enhanced Detection and Response: AI can significantly improve threat detection by analyzing vast amounts of data to identify patterns that may indicate a cyberattack. However, this technology can also be used by attackers to create more sophisticated threats, such as deepfakes or AI-driven phishing attacks.

  • Proactive Mitigation Strategies: Organizations must not only invest in AI-based defense systems but also ensure that their workforce is trained to recognize and respond to AI-generated threats. This includes understanding the limitations of AI and being able to identify when a human response is required.

Ransomware Evolution: The Changing Landscape of Cyber Extortion

  • Sophisticated Tactics: Modern ransomware attacks are more than just data encryption; attackers are now threatening to leak sensitive data if the ransom isn’t paid, adding an extra layer of coercion. This dual-threat approach makes it even more challenging for victims to decide whether to pay the ransom or risk public exposure of their data.

  • Comprehensive Defense Strategies: To protect against these evolving ransomware threats, organizations must have robust backup systems that can restore data with minimal loss. Employee training is crucial to help staff recognize and avoid potential ransomware attacks. Additionally, a well-prepared incident response plan can ensure quick action to mitigate damage if an attack occurs.

The Metaverse and Cloud Security: New Frontiers, New Risks

  • Expanded Attack Vectors: As businesses venture into new digital domains like the metaverse and cloud platforms, they face new cybersecurity challenges. These platforms can provide attackers with novel ways to exploit security vulnerabilities.

  • Proactive Security Measures: Ensuring security in these new environments involves a comprehensive approach that includes strong encryption to protect data, robust identity management to verify users, and regular security audits to identify and address vulnerabilities.

The Human Element: Bolstering the Frontlines of Cyber Defense

  • Empowering Through Training and Awareness: Regular and comprehensive training programs are essential in equipping employees with the necessary skills to recognize and prevent security breaches. This training should cover the latest cybersecurity threats and best practices.

  • Cultivating a Security-First Mindset: Creating a culture of security within the organization is crucial. This involves fostering an environment where employees are aware of the importance of cybersecurity and are motivated to take proactive steps to protect the organization’s digital assets.

As 2024 progresses, it’s clear that these cybersecurity trends and regulations are not just shaping, but redefining business strategies. From the consumer-centric ASEAN CIA guidelines to CMMC’s comprehensive security model, and the transparency demanded by SEC disclosure regulations, these developments are crucial in enabling businesses to thrive in the digital era. By staying ahead of these trends, companies can harness cybersecurity not only as a compliance requirement but as a cornerstone for growth and success. Understanding evolving regulations, embracing innovative technologies, and reinforcing human-centric defenses remain key to ensuring business resilience and triumph in an increasingly digitized world.

November Security Breach Round Up

November Security Breaches

Welcome to this month’s edition of our data breach round up, where we unravel the recent cyber threats that have sent shockwaves across industries. In a digital landscape fraught with challenges, our commitment at Findings is to equip you with the knowledge and tools necessary to navigate these turbulent waters.

This month’s featured breaches spotlight the vulnerabilities that transcend sectors, from the technology giant Samsung to the healthcare domain with McLaren Health Care, and even reaching into the retail space with Dollar Tree. Each incident reveals not only the compromise of personal and sensitive data but also the profound implications for privacy, security, and trust in our increasingly interconnected world.

  1. Samsung:

    Samsung has acknowledged a significant data breach affecting its U.K. customer base. The breach, which spanned a year, was first brought to light in a statement to TechCrunch by Chelsea Simpson, a spokesperson for Samsung via a third-party agency. According to Simpson, the breach led to unauthorized access to contact details of some Samsung U.K. e-store customers. The specifics of the breach, including the number of affected customers and the method used by hackers, remain undisclosed.

    In communications with affected customers, Samsung revealed that the breach stemmed from a vulnerability in an unspecified third-party business application. This vulnerability exposed the personal data of customers who made purchases on the Samsung U.K. store from July 2019 to June 2020. The company only discovered the breach on November 13, 2023, over three years after the fact, as detailed in a letter to customers that was shared on X (formerly Twitter).

    The compromised data includes names, phone numbers, postal and email addresses, but Samsung assures that no financial information or passwords were affected. The company has reported the breach to the U.K.’s Information Commissioner’s Office (ICO), where spokesperson Adele Burns confirmed that the regulator is conducting enquiries into the incident.

    This breach marks the third such incident disclosed by Samsung in the past two years. Previous breaches include a September 2022 attack on Samsung’s U.S. systems, with undisclosed customer impact, and a March 2022 breach where Lapsus$ hackers allegedly leaked around 200 gigabytes of Samsung’s confidential data, including source codes and biometric unlock algorithms.

  2. KidSecurity:

    KidSecurity, a popular parental control app, inadvertently exposed user data due to a security oversight. The app, with over a million downloads, tracks children’s locations and activities. Researchers discovered that the app failed to secure its Elasticsearch and Logstash databases, leaving over 300 million records publicly accessible for over a month. This exposed data included 21,000 phone numbers, 31,000 email addresses, and partial credit card information.

    The unprotected data became a target for malicious actors, with indications of a compromise by the ‘Readme’ bot. Cybersecurity expert Bob Diachenko highlighted the severity of this breach, especially considering the app’s focus on children’s safety. The exposure of sensitive information such as contact details and payment information poses serious risks, including identity theft and fraud. KidSecurity had yet to comment on the breach at the time of the report.

  3. McLaren Health Care:

    McLaren Health Care recently informed its patients of a cybersecurity incident affecting its computer systems. The healthcare provider noticed suspicious activity around August 22, 2023, and immediately commenced an investigation with third-party forensic specialists. This inquiry revealed unauthorized access to McLaren’s network between July 28 and August 23, 2023, with potential data acquisition by the unauthorized party.

    A thorough review, completed by October 10, 2023, indicated that sensitive information might have been compromised. The data at risk includes names, Social Security numbers, health insurance details, medical information like diagnoses, physician details, medical records, and Medicare/Medicaid data.

    In response, McLaren has taken steps to secure its network and is reviewing and reinforcing its data protection policies and procedures. They are also offering affected individuals identity theft protection services through IDX, including credit monitoring and a $1,000,000 insurance policy, valid until February 9, 2024.

    McLaren urges individuals to stay vigilant, monitor their financial statements, and report any suspicious activity. For further assistance, IDX is available for inquiries, with representatives knowledgeable about the incident. McLaren emphasizes that, as of now, there is no evidence of misuse of the compromised information.

  4. Staples:

    Staples, a prominent American office supply retailer, recently confirmed a cyberattack that led to significant service disruptions and delivery issues. The company, operating 994 stores across the US and Canada and 40 fulfillment centers, took immediate action to contain the breach and safeguard customer data. The incident came to light following multiple Reddit posts from earlier in the week, reporting issues with Staples’ internal operations. Employees noted problems accessing various systems, including Zendesk, VPN employee portals, and email services. Comments on Reddit from Staples employees expressed surprise and concern, with one stating, “I’ve never seen anything like this in my 20 years with Staples.”

    Unconfirmed reports also suggested that employees were advised against using Microsoft 365’s single sign-on and that call center staff were sent home. Staples confirmed to BleepingComputer that they had to take protective measures against a “cybersecurity risk,” which disrupted their backend processing, product delivery, and customer service communications. Although Staples stores remain open, the company’s online operations, including staples.com, continue to face challenges. A company spokesperson stated that systems are gradually coming back online, but some delays in processing orders are expected. Staples has assured a swift return to normal operations and has posted a similar notice on their website.

    BleepingComputer reported that no ransomware or file encryption was involved in the attack. Staples’ rapid response, including shutting down networks and VPNs, may have prevented the attack from reaching its full potential. The extent of any data theft and the potential consequences, such as ransom demands, remain to be seen. This cyberattack is not Staples’ first brush with cybersecurity issues. In March 2023, Essendant, a Staples-owned distributor, faced a multi-day outage impacting online orders. Furthermore, in September 2020, a data breach at Staples exposed customer and order information due to an unpatched VPN vulnerability.

  5. Dollar Tree:

    Dollar Tree, a notable discount retail chain with stores across the United States and Canada, has been affected by a data breach involving a third-party service provider, Zeroed-In Technologies. This breach has impacted nearly 2 million individuals, specifically targeting Dollar Tree and Family Dollar employees.

    The breach, occurring between August 7 and 8, 2023, was disclosed in a notification to the Maine Attorney General. While the intrusion into Zeroed-In’s systems was confirmed, the exact details of accessed or stolen files remained unclear. Consequently, Zeroed-In conducted a thorough review to identify the compromised information, which included names, dates of birth, and Social Security numbers (SSNs).

    Affected individuals have been notified and offered a twelve-month identity protection and credit monitoring service. In response to inquiries from BleepingComputer, a Family Dollar spokesperson stated, “Zeroed-In is a vendor that we and other companies use. They informed us that they identified a security incident, and they provided notice of the incident to current and former employees.”

    The breach’s impact may extend beyond Dollar Tree and Family Dollar, potentially affecting other Zeroed-In customers, although this has not been confirmed. Zeroed-In has not responded to inquiries about the incident.

    The breach’s magnitude has prompted law firms to investigate the possibility of a class-action lawsuit against Zeroed-In.

  6. General Electric:

    General Electric (GE), a prominent American multinational involved in various industries, is investigating a possible cyberattack and data theft. A hacker known as IntelBroker allegedly breached GE’s development environment, initially attempting to sell access on a hacking forum for $500. After failing to attract buyers, the threat actor claimed to offer both network access and stolen data, including sensitive military and DARPA-related information.

    IntelBroker, recognized for previous high-profile cyberattacks, provided screenshots as evidence of the breach, showing data from GE Aviation’s database on military projects. GE confirmed to BleepingComputer their awareness of these allegations and their ongoing investigation.

    IntelBroker’s past exploits include a breach of the Weee! grocery service and a significant data theft from D.C. Health Link, a healthcare marketplace used by White House and House staff. The D.C. Health Link breach, which led to a congressional hearing, revealed that a misconfigured server had exposed sensitive data online.

  7. HSE:

    Holding Slovenske Elektrarne (HSE), Slovenia’s largest electricity provider, was recently hit by a ransomware attack. Despite this, the company’s power generation remained unaffected. HSE, which accounts for about 60% of Slovenia’s domestic power production, managed to contain the attack within a few days.

    The company’s IT systems and files were encrypted, but operational functions continued normally. HSE informed national cybersecurity authorities and the police, and engaged external experts for mitigation. While no ransom demand has been received yet, the company remains cautious during the cleanup process.

    Unofficial sources attribute the attack to the Rhysida ransomware gang, known for high-profile attacks without immediate ransom demands. The breach might have occurred through stolen passwords from unprotected cloud storage, although this has not been confirmed. Rhysida has been active since May 2023 and is notorious for targeting various organizations internationally. HSE is yet to issue a formal response to these allegations.

The array of cyberattacks faced by the companies above demonstrate the complexity and severity of the cybersecurity landscape. These incidents serve as stark reminders of the persistent threats in the digital domain, urging organizations to fortify their defenses and adopt more robust data protection measures. As the aftermath of these breaches unfolds, it is imperative for companies to not only address the immediate security gaps but also to engage in proactive measures to safeguard against future threats. Furthermore, these events underscore the need for ongoing vigilance, transparency, and collaboration among businesses, regulatory bodies, and cybersecurity experts to enhance the resilience of our digital ecosystem against such pervasive and evolving threats.

Supply Chain Risk Monitoring as a Service
Join us today
Supply Chain Risk Monitoring as a Service
Join us today

Let's Tackle Compliance Together

Waitlist signup

Welcome to Findings

Let's go over some details to setup your tailor-made account


Please fill your details below and click "Next" to create your account:

Payment

Feature
Startup
Business
Enterprise
Price
$10 / Month
$10 / Month
$25 / Month
VDPaaS
Alerts
Assessments
Integrated Apps
API
Join today and scan ALL YOUR VENDORS for FREE*
* FREE VENDOR SCAN for all of your vendors during your first month.
Feature
Startup
Business
Enterprise
Price
$25 / Month
$200 / Month*
Contact Us
Free vendors scan for 1 month
Findings search engine
Rapid security and compliance profile
Profile/showcase engagements per year
5
40
Unlimited
Multi/unlimited showcase use cases
Showcase compliance badge for your website
Best practice self-assessment
1 Findings or 1 BYOC
Assessment response automation
Personalizable, branded security & compliance showcase page
File/evidence repository
OKTA
DKIM
Out-of-the-box TPRM
20 vendors +
20 rating scans
50 vendors +
50 rating scans
Support
Email
Priority via Phone / Email
Internal Workflows (SO/BO)
Onboarding and customization account setup
*Price for every 40 engagements
Automate assessment response and showcase your cybersecurity posture
Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!

Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!