Tag Archives: ticketmaster breach

May 2024 Data Breach Round Up

Discover the latest major data breaches in May 2024, impacting organizations like Ticketmaster, Santander, BBC, Cooler Master, and Singing River Health System, and learn about the critical need for enhanced cybersecurity measures.

The Rising Tide of Data Breaches in 2024

This past month, a series of significant data breaches have highlighted the vulnerabilities in the cybersecurity measures of various organizations. From healthcare systems to prominent companies, the exposure of sensitive personal information has caused widespread concern. Among the most notable incidents, Singing River Health System in Mississippi experienced a severe ransomware attack that compromised the data of nearly 900,000 individuals. This breach, along with others involving prominent entities like Ticketmaster and Cooler Master, underscores the critical need for robust data protection strategies. The following summaries detail these incidents and the implications for affected individuals and organizations.

Massive Data Breach at Ticketmaster Exposes Personal Information of 560 Million Users

Ticketmaster experienced a significant data breach, confirmed by Live Nation, following the compromise of a third-party cloud database, likely Snowflake. Discovered on May 20, 2024, the breach led to a criminal actor offering Ticketmaster user data for sale on the dark web a week later. The stolen data, allegedly 1.3TB in size, includes detailed personal information and ticketing data for 560 million users. The hacker group, Shiny Hunters, claimed responsibility, stating they accessed the data using stolen credentials and unexpired tokens from a Snowflake employee’s ServiceNow account. Despite this, Ticketmaster believes the breach won’t materially impact its operations. Snowflake attributed the breaches to weak customer account security, lacking multi-factor authentication, and has provided indicators of compromise to affected customers.

Santander Hacked: Data of 30 Million Customers and Employees Compromised

Hackers, identified as the ShinyHunters group, are attempting to sell data purportedly belonging to millions of Santander staff and customers. This group, which also claimed responsibility for the recent Ticketmaster breach, has accessed data from Santander’s branches in Chile, Spain, and Uruguay, affecting current and former employees globally. While no transactional data or online banking credentials were compromised, the breach includes bank account details, credit card numbers, and HR information. Santander is contacting affected individuals directly and assures that their banking systems remain secure. Researchers link this breach to a larger hack of the cloud storage company Snowflake, where hackers allegedly used stolen credentials to access a demo account of a former employee. Snowflake denies any vulnerability in its product, stating the compromised account did not contain sensitive data.

BBC Pension Scheme Data Breach: Personal Details of 25,000 Members Stolen

On May 21, the BBC’s information security team discovered a data breach involving personal details of BBC Pension Scheme members. The breach, which occurred via a cloud-based storage service, exposed names, National Insurance numbers, dates of birth, gender, and home addresses, but no financial or login information. The incident has been reported to relevant authorities, and affected individuals were notified on May 29. The BBC has secured the data source and enhanced security measures. There is no current evidence of misuse of the stolen data. The BBC advises vigilance against unsolicited communications and offers affected members two years of free access to Experian Identity Plus for monitoring and protection.

Cooler Master Suffers Major Data Breach: Personal Information of 500,000 Customers Exposed

Cooler Master, a Taiwanese computer hardware manufacturer, experienced a data breach on May 19, 2024, where a threat actor named ‘Ghostr’ claimed to have stolen 103 GB of data. This breach exposed personal information of over 500,000 Fanzone members, including names, addresses, dates of birth, phone numbers, email addresses, and unencrypted credit card details. The breach reportedly occurred through one of Cooler Master’s front-facing websites, allowing the attacker to access various databases. Despite attempts to extort the company, Cooler Master did not respond. A sample of the stolen data confirmed the legitimacy of customer support records. However, the claim of stolen credit card information remains unverified. Cooler Master has yet to comment on the incident.

Ransomware Attack on Singing River Health System Affects 895,000 Individuals

Singing River Health System in Mississippi has confirmed that a ransomware attack in August 2023 affected the personal data of 895,204 individuals. This attack, perpetrated by the Rhysida ransomware gang, caused significant operational disruptions and data theft from Singing River’s hospitals, hospices, pharmacies, imaging centers, specialty centers, and clinics. The stolen data includes full names, dates of birth, physical addresses, Social Security Numbers, and medical and health information. While there is no evidence of misuse of the exposed data, Singing River is offering 24 months of credit monitoring and identity restoration services through IDX. The gang has leaked around 80% of the stolen data, totaling 754 GB. Impacted individuals are advised to use the offered services, stay vigilant against unsolicited communications, and monitor their accounts for suspicious activities.

Strengthening Cybersecurity Amidst Escalating Data Breach Incidents

 

The alarming frequency and scale of recent data breaches underscore the critical need for enhanced cybersecurity measures across all sectors. The attacks on Singing River Health System, Ticketmaster, Cooler Master, and other organizations reveal not only the sophistication of cybercriminals but also the significant impact on personal data security. As these entities work to mitigate the damage and protect their stakeholders, it is essential for individuals to remain vigilant and proactive in safeguarding their information. The collective response to these breaches will shape the future landscape of data security, highlighting the importance of both technological advancements and user awareness in combating cyber threats.

Supply Chain Risk Monitoring as a Service
Join us today
Supply Chain Risk Monitoring as a Service
Join us today

Let's Tackle Compliance Together

Waitlist signup

Welcome to Findings

Let's go over some details to setup your tailor-made account


Please fill your details below and click "Next" to create your account:

Payment

Feature
Startup
Business
Enterprise
Price
$10 / Month
$10 / Month
$25 / Month
VDPaaS
Alerts
Assessments
Integrated Apps
API
Join today and scan ALL YOUR VENDORS for FREE*
* FREE VENDOR SCAN for all of your vendors during your first month.
Feature
Startup
Business
Enterprise
Price
$25 / Month
$200 / Month*
Contact Us
Free vendors scan for 1 month
Findings search engine
Rapid security and compliance profile
Profile/showcase engagements per year
5
40
Unlimited
Multi/unlimited showcase use cases
Showcase compliance badge for your website
Best practice self-assessment
1 Findings or 1 BYOC
Assessment response automation
Personalizable, branded security & compliance showcase page
File/evidence repository
OKTA
DKIM
Out-of-the-box TPRM
20 vendors +
20 rating scans
50 vendors +
50 rating scans
Support
Email
Priority via Phone / Email
Internal Workflows (SO/BO)
Onboarding and customization account setup
*Price for every 40 engagements
Automate assessment response and showcase your cybersecurity posture
Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!

Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!