Cyber Security Highlights from SecureFact

July 1st to July 29th, 2024

Data Breaches

1. Neiman Marcus confirms data breach after Snowflake account hack

Luxury retailer Neiman Marcus confirmed that it suffered a data breach after hackers gained unauthorized access to a database platform used by the company. The breach impacted 64,472 people and exposed personal information such as names, contact details, dates of birth, and Neiman Marcus or Bergdorf Goodman gift card numbers (without PINs). The data breach was linked to recent "Snowflake data theft attacks" carried out by a threat actor known as UNC5537. This group used stolen customer credentials to target at least 165 organizations that had not enabled multi-factor authentication on their Snowflake accounts

2. IRS apologizes for data breach that leaked taxpayer information - mlive.com

The Internal Revenue Service (IRS) experienced a significant data breach that resulted in the unauthorized disclosure of tax return information for thousands of taxpayers. The IRS has notified over 70,000 taxpayers that their tax return information was compromised in the breach, making it one of the largest IRS data breaches in recent history. Prominent figures impacted include former President Donald Trump, billionaire Elon Musk, and Bloomberg co-founder Michael Bloomberg, among others. The IRS is taking steps to prevent similar breaches in the future, including implementing additional security controls, restricting access to sensitive data, and enhancing monitoring and logging.

3. Credit Suisse Data Breach Allegedly Exposes Info of 19,000 Indian Employees

Credit Suisse, a major global financial institution, recently suffered a data breach that exposed sensitive information of its Indian clients. The breach occurred due to a vulnerability in the bank's systems, which allowed unauthorized access to customer data. The compromised information included personal details such as names, addresses, and account numbers of Credit Suisse's Indian clients. Credit Suisse has notified the affected customers and the Indian authorities about the incident. The bank is also offering credit monitoring and identity theft protection services to those impacted.

4. Evolve Bank Confirms Data Breach, Customer Information Exposed

Evolve Bank & Trust, a U.S. banking-as-a-service provider, has confirmed a data breach that exposed the personal information of its retail bank customers and financial technology partners' customers (end users). The breach was caused by a known cybercriminal organization that illegally obtained and released the data on the dark web. The exposed information varies by individual but may include names, Social Security numbers, dates of birth, account information, and other personal details

5. Indonesia’s Civil Aviation Data Breached? Hacker Claims Access to Employees, Flight Data

A threat actor operating under the alias "Hacker Mail" has claimed to have breached the database of Indonesia's Directorate General of Civil Aviation (DGCA), exfiltrating over 3GB of sensitive data. The alleged breach includes employee information, passwords, ID card photos, drone pilot certificates, flight data, and other airport activities. To substantiate the claim, the hacker provided sample data such as user logs for unmanned aircraft certificates, employee ID card photos, and employee login credentials. However, the DGCA website appears to be functioning normally, and the authorities have not yet confirmed or denied the alleged breach

6. Geisinger Healthcare Data Breach: Former Employee Exposes Over One Million Patient Records

Geisinger, a major healthcare provider in Pennsylvania, recently experienced a data breach that exposed the personal information of over 3.6 million patients. The breach occurred due to a vulnerability in a third-party vendor's software, which allowed unauthorized access to Geisinger's systems. The exposed data included patient names, dates of birth, addresses, phone numbers, email addresses, and in some cases, Social Security numbers and medical information.

7. Ticketmaster sends notifications about recent massive data breach

Ticketmaster has notified customers impacted by a recent data breach where hackers stole the company's Snowflake database containing personal information of millions of customers. The breach exposed names, contact information, and extra details depending on the user. Ticketmaster says the unauthorized activity occurred between April 2 and May 18, 2024. The threat actor known as ShinyHunters claimed to have stolen 1.3TB of data for 560 million customers, including ticket sales, events, fraud, and partial credit card information.

8. Infosys McCamish says LockBit stole data of 6 million people

Infosys McCamish Systems (IMS), a subsidiary of Infosys, disclosed that the LockBit ransomware attack it suffered in November 2023 compromised the personal data of over 6 million individuals. The stolen data included sensitive information such as Social Security numbers, dates of birth, medical records, biometric data, login credentials, financial account details, and passport numbers. The attack occurred between October 29 and November 2, 2023, and impacted IMS's clients, including major financial institutions like Bank of America and insurance providers. IMS has notified the affected individuals and is providing them with free credit monitoring and identity protection services to mitigate the risks.

9. Prudential Data Breach Grows Nearly 70-Fold: Over 2.5 Million Affected

Prudential, the second largest life insurance company in the United States, has reported a massive data breach that has affected over 2.5 million individuals, In February 2024, insurance giant Prudential experienced a data breach that initially affected 36,545 individuals, according to the company's initial reports. The stolen information included names, addresses, driver's license numbers, and non-driver identification card numbers. Prudential stated that it has taken measures to secure its systems, including enhancing access controls, implementing additional monitoring technologies, and strengthening authentication protocols.

10. Healthcare FinTech HealthyEquity Latest in Sector Hit With Data Breach

HealthEquity, a health tech company, suffered a data breach where hackers stole "protected health information" of some customers. The breach was an "isolated incident" and not connected to other recent high-profile cyberattacks in the sector, according to the company. HealthEquity discovered the breach on March 25, 2024 and took immediate action to resolve the issue and conduct forensic analysis, which was completed on June 10, 2024.The breach stemmed from a compromised third-party vendor account that had access to some of HealthEquity's SharePoint data. The breach comes amid a broader wave of cyberattacks across various industries, including recent high-profile incidents at companies like Change Healthcare, CDK Global, Neiman Marcus, and Evolve Bank & Trust.

11. RockYou2024: 10 billion passwords leaked in the largest compilation of all time

The largest password compilation ever, containing nearly 10 billion unique plaintext passwords, was leaked on a popular hacking forum on July 4th, 2024. The leaked file, titled "rockyou2024.txt", was posted by a user named ObamaCare. The Cybernews research team believes this leak poses severe dangers to users prone to reusing passwords. The RockYou2024 compilation is a mix of old and new data breaches, with an additional 1.5 billion passwords added since the previous RockYou2021 leak. Threat actors can exploit this password compilation.

12. Bharti Airtel denies data breach, report said 375 million users' details up for sale

Bharti Airtel has denied any breach of its security system, refuting reports of a major data leak of 375 million customers. An Airtel spokesperson stated that based on preliminary investigation, there has been no data breach of Airtel's system. The reports had suggested that details such as phone numbers, emails, addresses, and Aadhaar numbers were allegedly available for sale on the dark web for $50,000

13. Neiman Marcus data breach: 31 million email addresses found exposed

The Neiman Marcus data breach in May 2024 exposed over 31 million customer email addresses, according to analysis by founder Troy Hunt. This is significantly more than the 64,472 people the company initially reported in its data breach notification. The stolen data also included names, contact information, dates of birth, gift card info, transaction data, partial credit card details, Social Security numbers, and employee identification numbers. Neiman Marcus linked the breach to the Snowflake data theft attacks, where a threat actor used stolen customer credentials to target organizations without multi-factor authentication on their Snowflake accounts. Other recent breaches tied to these attacks include Ticketmaster, Santander, Pure Storage, QuoteWizard/LendingTree, Advance Auto Parts, and Los Angeles Unified.

14. 7.64 Million Individuals Impacted in Evolve Bank Ransomware Attack

Evolve Bank & Trust, an Arkansas-based financial institution, disclosed a data breach affecting 7.64 million individuals. The breach was initially believed to be caused by a hardware failure in late May, but an investigation revealed that hackers had infiltrated the network as early as February, potentially compromising sensitive customer data. The stolen information includes names, Social Security numbers, bank account numbers, and contact details. The breach also impacted customers of Evolve's open banking platform, used by fintech firms such as Affirm and Wise.

15. Change Healthcare Data Breach: Over 110 Million Potentially Affected, Free Credit Monitoring Offered

Change Healthcare, a subsidiary of UnitedHealth Group, suffered a major data breach that potentially impacted over 110 million people. Hackers were able to access Change Healthcare's internal systems and stole a significant amount of sensitive data. The stolen information includes health insurance details, medical records, billing and claims data, as well as personal information like Social Security numbers and financial data. Change Healthcare has confirmed that the stolen data was obtained by an affiliate of the BlackCat ransomware group, who remain in possession of a copy. The RansomHub ransomware group has also claimed to have acquired the data. To mitigate the impact, Change Healthcare is providing 2 years of complimentary credit monitoring and identity theft protection services to affected individuals

16. Advance Auto Parts data breach impacts 2.3 million people

Advance Auto Parts, a major auto parts retailer, suffered a data breach that impacted over 2.3 million current and former employees and job applicants. The stolen data included full names, Social Security numbers, driver's licenses, and government ID numbers of the affected individuals. This information was collected as part of Advance's job application process. Advance Auto Parts notified the impacted individuals and is providing 12 months of complimentary identity theft protection and credit monitoring services through Experian. The breach was initially reported to only impact Advance employees, but the company later clarified that 2.3 million people were affected, including job applicants and former employees. The stolen data was offered for sale by a threat actor named 'Sp1d3r', who claimed to have 380 million Advance customer.

17. Rite Aid confirms data breach after June ransomware attack

Rite Aid, the third-largest drugstore chain in the U.S., experienced a cyberattack that resulted in a data breach. The attack was claimed by the RansomHub ransomware group, which claimed to have stolen over 10GB of customer data, including names, addresses, driver's license IDs, dates of birth, and Rite Aid rewards numbers - around 45 million lines of personal information. Rite Aid confirmed the data breach but stated that no social security numbers, financial information, or patient health data was impacted. The company said it has restored its systems with the help of cybersecurity experts and is in the process of notifying affected customers.

18. Massive AT&T data breach exposes call logs of 109 million customers

AT&T, one of the largest telecommunications companies in the U.S suffered a massive data breach where threat actors stole the call logs of approximately 109 million customers, nearly all of AT&T's mobile customers. The stolen data included telephone numbers, call and text records, aggregate call durations, and cell site IDs for calls made between May 2022 and January 2023. The data was stolen from AT&T's Snowflake account, a cloud-based data warehouse, as part of a wave of recent attacks targeting Snowflake customers using stolen account credentials. While the stolen data did not contain sensitive information like Social Security numbers or financial details, the communications metadata can be used to identify customers and their activities.

19. French Telecom Giant SFR’s Data Breached? Hacker Claims 1.4 Million Users Affected

Societe Francaise Du Radiotelephone (SFR), a major French telecommunications company, has reportedly experienced a significant data breach. The incident, attributed to a hacker named “KevAdams,” allegedly occurred on July, 2024, compromising the personal data of over 1.4 million landline users. The hacker claims to have accessed sensitive personal identifiable information (PII), including names, phone numbers, and addresses, and is attempting to sell the data on a dark web marketplace for $300 or $850 for exclusive access, with payment requested in cryptocurrency.

20. Disney Data Breach Fears: Hackers Threaten Leak of Unreleased Projects

A hacktivist group known as "NullBulge" has claimed responsibility for a significant data breach involving Disney, alleging that they accessed and exfiltrated over 1.1 terabytes of data from the company's internal Slack channels. This breach reportedly includes sensitive information such as details about unannounced projects, raw images, code, login credentials, and various employee communications from approximately 10,000 Slack channels. On July 2024, the group posted on Breachforums, revealing that they had gathered a wide range of files, including personal details like phone numbers and even pictures of employees' pets.

21. Rite Aid says June data breach impacts 2.2 million people

Rite Aid has reported that a data breach in June 2024 affected approximately 2.2 million customers. The incident was detected on June 6, shortly after attackers accessed the network using an employee's credentials. The compromised data includes purchaser names, addresses, dates of birth, and driver's license numbers from transactions made between June 6, 2017, and July 30, 2018. The RansomHub ransomware gang has claimed responsibility for the breach, stating they stole over 10 GB of customer information, which they threatened to leak after ransom negotiations stalled two weeks.

22. Over 400,000 Life360 user phone numbers leaked via unsecured API

A significant data leak has exposed the personal information of 442,519 Life360 users due to an unsecured Android API. A threat actor leaked personal information of customers, including names, email addresses and phone numbers. This was done by exploiting a flaw in Life360's Android login API that returned user data in the API response. The API flaw has since been fixed by Life360, with the API now returning placeholder phone numbers instead of real ones. The breach occurred in March 2024. The threat actor, known as 'emo', claims they did not carry out the actual breach, but obtained the data from the leaked database. In a separate incident, Life360 disclosed it was the target of an extortion attempt after attackers breached a Tile customer support platform and stole sensitive customer data including names, addresses, emails and phone numbers.

23. Email addresses of 15 million Trello users leaked on hacking forum

A threat actor has leaked the email addresses and public profile information of over 15 million Trello users on a hacking forum. The data was collected by abusing an unsecured Trello REST API that allowed querying for public user information using email addresses, which was secured in January 2024 after the initial breach was reported. The leaked data includes email addresses and names associated with Trello accounts, which can be used for targeted phishing attacks and doxxing.

24. Yacht giant MarineMax data breach impacts over 123,000 people

MarineMax, the largest recreational boat and yacht retailer, has reported a data breach affecting over 123,000 individuals, attributed to the Rhysida ransomware gang. The breach occurred between March 1 and March 10, 2024, when attackers accessed the company's network, initially claiming no sensitive data was compromised. However, subsequent investigations

25. WazirX suffers security breach; $235 million worth of funds moved

Indian cryptocurrency exchange WazirX has suffered a major security breach, with hackers stealing over $230 million worth of digital assets. The attack targeted one of WazirX's multisig wallets on the Ethereum blockchain, with the stolen funds including cryptocurrencies like Pepe, Gala, and Tether. The attacker used Tornado Cash, a privacy protocol, to obfuscate the transactions. In total, approximately $234.9 million was stolen from the wallet

26. 12.9 Million Australians Impacted in MediSecure Data Breach

A significant data breach at MediSecure, an Australian e-prescription delivery service, has compromised the personal and health information of approximately 12.9 million individuals, marking one of the largest healthcare data breaches in Australia. The breach, which was disclosed recently, involved a malicious actor accessing and potentially exfiltrating 6.5 terabytes of sensitive data, including full names, dates of birth, contact information, Medicare details, and prescription histories.

27. Bullhorn Refutes Data Breach Claims, Confirms Partner Company Was Impacted

Bullhorn, a staffing software provider, is facing a class-action lawsuit following a data breach that reportedly exposed sensitive personal information of over 1.5 million individuals. The breach, which occurred in early 2023, involved unauthorized access to data including names, addresses, Social Security numbers, and financial information. The lawsuit alleges that Bullhorn failed to implement adequate security measures to protect user data, leading to the breach. Plaintiffs are seeking damages for the potential risks of identity theft and fraud resulting from the exposure.

28. BMW Data Breach Exposes 14,000 Hong Kong Customers’ Personal Information

BMW has reported a major data breach affecting approximately 14,000 customers in Hong Kong. BMW Concessionaires (HK), the exclusive distributor of BMW vehicles in Hong Kong, revealed that sensitive information belonging to around 14,000 of its customers had been exposed. This includes names, mobile numbers, and SMS opt-out preferences, reported South China Morning Post. The company disclosed that the compromised data was managed by a third-party contractor, Sanuker, which had alerted both the police and the privacy watchdog about the BMW data leak.

29. FBCS data breach impact now reaches 4.2 million people

The data breach at Financial Business and Consumer Solutions (FBCS) has now affected approximately 4.2 million individuals in the U.S., significantly increasing from earlier estimates. Initially reported in April as impacting 1.9 million people, this number was later raised to 3.2 million in May. The breach, which was discovered on February, 2024, involved unauthorized access to FBCS's internal network between February 14 and February 26 2024. The types of sensitive personal information compromised include: Full names, Social Security Numbers (SSNs), Dates of birth, Account information, Driver's license numbers or ID cards, Medical information. FBCS has begun notifying affected individuals and is providing guidance on protective measures. They are also offering 24 months of complimentary credit monitoring and identity restoration services through CyEx.

30. India Confirms State-Owned Telecom Giant BSNL’s Data Breach, Millions of User Records Compromised

The Indian government has confirmed a data breach at Bharat Sanchar Nigam Limited (BSNL), which is a state-owned telecommunications company. The breach has compromised sensitive information related to BSNL employees and customers. An investigation has been launched by the government to assess the situation and implement measures to prevent future incidents. BSNL has not provided specific details regarding the extent of the breach or the types of data that were exposed.