Cyber Security Highlights from SecureFact

May 01 to May 27, 2024

Data Breach

1. Panda Restaurants discloses data breach after corporate systems hack

Panda Restaurant Group, the parent company of Panda Express, Panda Inn, and Hibachi-San, disclosed a data breach after attackers compromised its corporate systems in March, affecting the personal information of current and former associates. The compromised information includes names, Social Security numbers, driver's license numbers, financial account information, and payment card data of current and former employees, as well as customer payment card data. Panda Express confirmed that only associate data was compromised, with no guest data involved.

2. London Drugs stores remain closed, cybersecurity incident may have breached personal data

London Drugs stores across Western Canada remain closed due to a cybersecurity incident Initially, the company stated that no personal data had been breached, but they have now reversed this, acknowledging that personal information may have been compromised. London Drugs is working with security experts to assess the extent of the breach and will notify affected individuals in accordance with privacy laws if personal information was impacted.

3. UnitedHealthcare CEO says ‘maybe a third’ of US citizens were affected by recent hack

UnitedHealthcare CEO estimates that the personal data of "maybe a third" or around 33% of U.S. citizens was impacted by the breach. The full extent of the breach is still under investigation, and it may take months before all affected individuals can be notified. The breach occurred due to compromised credentials accessing a Citrix portal that lacked multi-factor authentication. While full medical records like doctor charts do not appear to have been stolen, personal health information was accessed by the attackers.

4. Dropbox Warns Hacker Accessed Customer Passwords And 2FA Data

Dropbox has confirmed a cybersecurity incident where a hacker gained access to customer information, including emails, usernames, phone numbers, hashed passwords, OAuth tokens, and multi-factor authentication data. The breach specifically impacted the Dropbox Sign platform, with unauthorized access to the production environment.

5. UK confirms Ministry of Defence payroll data exposed in data breach

The UK Government confirmed a recent data breach at the Ministry of Defence, where a threat actor gained access to part of the Armed Forces payment network. This breach exposed personal data belonging to active and reserve personnel, as well as some recently retired veterans. The compromised system, managed by a contractor and separate from the MoD's core network, contained names, banking details, and in some cases, addresses. Approximately 270,000 payroll records were exposed, but the incident did not significantly impact salaries, expense payments, or veterans' pensions.

6. MedStar Health Reports Data Breach Impacting 183,000 Patients

MedStar Health, a prominent non-profit healthcare provider disclosed a data breach that impacts more than 183,000 patients from its hundreds of care locations which it operates in the Baltimore-Washington area in the U.S. The impacted individuals’ personal data may have been compromised when an outsider gained access to emails and files of three employees, MedStar Health said in a statement on the data breach. MedStar Health reported notifying 183,709 affected patients via letters and filed a notice with the Department of Health and Human Services. Patient information including names, addresses, dates of birth, service dates, provider names and insurance details, were contained in the compromised emails and files.

7. Massive webshop fraud ring steals credit cards from 850,000 people

A massive webshop fraud ring called 'BogusBazaar' has stolen credit card details from over 850,000 people in the US and Europe. The criminal group operated a network of 75,000 fake online shops that tricked victims into making purchases, allowing them to steal payment information and attempt to process an estimated $50 million in fraudulent orders. The BogusBazaar network, which has recently diminished to around 22,500 active sites, hosted fake shops on previously expired domains with good reputations.

8. Dell API abused to steal 49 million customer records in data breach

The recent Dell data breach involved a threat actor who accessed the company's partner portal API as a fake company, scraping information from 49 million customer records. The breach exposed customer order data, including warranty information, service tags, customer names, installed locations, customer numbers, and order numbers. The threat actor, known as Menelik, created a program to generate service tags and submitted them to the portal, allowing them to harvest the data by generating 5,000 requests per minute for three weeks without Dell blocking the attempts.

9. JPMorgan Chase Suffers Data Breach Affecting Personal Information of 451,809 Customers

JPMorgan Chase recently experienced a data breach affecting the personal information of approximately 451,809 customers. The breach, discovered by the banking giant, was due to a software issue that had been active since August 2021. This bug allowed unauthorized access to retirement plan records containing sensitive data like names, addresses, Social Security numbers, and bank account numbers.

?10. Largest non-bank lender in Australia warns of a data breach

Firstmac, the largest non-bank lender in Australia, experienced a cyber incident where unauthorized individuals accessed part of their IT system and stole customer data. The exposed data includes sensitive information like full names, addresses, email addresses, phone numbers, dates of birth, bank account details, and driver's license numbers for some customers. Firstmac reassured customers that their accounts and funds are secure and implemented enhanced security measures such as two-factor authentication (2FA) for account changes. The Embargo cyber extortion group claimed responsibility for the breach and leaked over 500GB of stolen data from Firstmac.

11. Banco Santander Confirms Data Breach, Assures Customers’ Transactions Remain Secure

Banco Santander, a major global bank, has suffered a data breach impacting customers in Spain, Chile, and Uruguay, as well as current and former employees. The breach occurred after an unauthorized actor accessed a database hosted by one of Santander's third-party service providers. While the bank has not disclosed the specific types of data exposed, it has assured customers that transaction information and online banking credentials were not affected.

12. Nissan Cybersecurity Incident Update: 53,000 Employees Affected

Japanese automaker, Nissan, experienced a significant cyberattack affecting 53,000 employees in North America. The breach, which occurred in November of the previous year, exposed Social Security numbers of both current and former employees. Following the breach, Nissan engaged in a thorough investigation, notified law enforcement, and implemented measures to contain and neutralize the threat. Despite the breach, Nissan has not detected any instances of fraud or identity theft resulting from the incident.

13. MediSecure Data Breach Confirms Impact on Personal and Health Information of Individuals

The MediSecure data breach is a significant cybersecurity incident that has impacted the personal and health information of individuals in Australia. The breach was confirmed by the Australian National Cyber Security Coordinator and is believed to have originated from a third-party vendor. The company has acknowledged the incident and stated that it has taken immediate steps to mitigate any potential impact on its systems. While the full extent of the breach is still being investigated, early indicators suggest that the incident originated from one of MediSecure’s third-party vendors.

14. WebTPA data breach impacts 2.4 million insurance policyholders

The WebTPA data breach, disclosed earlier this month, has impacted approximately 2.4 million insurance policyholders in the United States. The breach occurred between, when an unauthorized actor accessed WebTPA's network. The affected individuals are customers of large insurance companies such as The Hartford, Transamerica, and Gerber Life Insurance. The exposed data includes full names, contact information, dates of birth, and Social Security numbers. However, financial account information, credit card numbers, medical treatment, and diagnostic information were not compromised.

15. OmniVision discloses data breach after 2023 ransomware attack

OmniVision, a California-based imaging sensors manufacturer, disclosed a data breach following a Cactus ransomware attack in 2023, during which unauthorized parties accessed and stole personal information. The attackers also leaked and released the stolen data online. The data stolen includes passport scans, nondisclosure agreements, contracts, and confidential documents. The exact number of affected individuals remains unknown, but the company has offered 24-month credit monitoring and identity theft restoration services to those impacted. OmniVision's internal investigation concluded on April 2024, and the company has since enhanced its security measures to prevent future incidents.

16. Western Sydney University data breach exposed student data

Western Sydney University (WSU) suffered a data breach that exposed student and employee data after threat actors breached its Microsoft 365 and SharePoint environment. The unauthorized access began in May 2023, and included email accounts and SharePoint files. The investigation found that approximately 7,500 individuals were impacted, including students graduating in August 2023. Exposed data varied per person but included full names, phone numbers, and email addresses of students and staff.

17. LockBit says they stole data in London Drugs ransomware attack

LockBit ransomware operation has claimed responsibility for the April cyberattack on Canadian pharmacy chain London Drugs. The ransomware gang claims that negotiations with London Drugs to pay a $25 million ransom have failed, but it has yet to provide proof that they stole any files from London Drugs servers. London Drugs initially reported that no customer or employee data was impacted by the intrusion, but later acknowledged that corporate head office files, some of which may contain employee information, were compromised. The company has refused to pay the ransom and is aware that the gang may leak stolen London Drugs corporate files, possibly including employee information, on the Dark Web.

18. CentroMed Data Breach Exposed 400,000 Patient Records

CentroMed, a San Antonio-based healthcare organization, suffered a data breach in May 2024 that exposed the personal and medical information of 400,000 current and former patients. The breach occurred when an unauthorized party gained access to CentroMed's IT network in April 2024 and was able to acquire files containing sensitive patient data. The exposed information included names, addresses, Social Security numbers, financial account details, health insurance data, diagnoses, dates of birth, and claims information. This was the second data breach experienced by CentroMed, as the organization had previously suffered a breach in June 2023 that impacted 350,000 individuals.

19. An ‘Unwelcome Development’ in MediSecure Data Breach Incident

Update on the Medisecure data breach incident. The breach occurred in April 2024 and affected the personal and medical information of over 200,000 individuals. The compromised data included names, addresses, medical records, and other sensitive details of patients associated with Medisecure. The breach was discovered in late April 2024, prompting Medisecure to take immediate action to secure its systems and notify those impacted. In response to the incident, Medisecure is offering credit monitoring and identity theft protection services to the affected individuals to mitigate the risks of potential identity theft and fraud resulting from the data exposure.

20. Sav-Rx Data Breach Potentially Compromised Health Data of 2.8M Individuals

The Sav-Rx data breach, which occurred in October 2023, compromised the personal and health information of approximately 2,812,336 individuals in the United States. The breach was caused by unauthorized access to Sav-Rx's computer network, which was detected in October 2023. The compromised data included non-clinical files containing personal and health information such as names, dates of birth, addresses, and health insurance information. The company advises affected individuals to monitor their credit reports and account statements for signs of fraud or identity theft.