Cyber Security Highlights from SecureFacts

September 30th to October 28th, 2024

1. Comcast and Truist Bank customers caught up in FBCS data breach

Comcast and Truist Bank have reported that their customers were affected by a significant data breach at Financial Business and Consumer Solutions (FBCS), a debt collection agency. The breach occurred between February 14 and February 26, 2024, and initially impacted 1.9 million individuals, a number that later rose to 4.2 million. The stolen data includes full names, Social Security Numbers (SSNs), dates of birth, account information, and driver's license numbers. FBCS initially assured Comcast that no customer data was compromised. However, it later confirmed that 273,703 Comcast customers were affected. These customers are being offered 12 months of free identity theft protection. Truist Bank has also notified its customers about the breach, although the exact number of affected individuals remains unspecified. The bank indicated that the type of compromised information varies per individual.

2. Highline Public Schools confirms ransomware behind shutdown

Highline Public Schools confirmed that a ransomware attack led to the shutdown of all its schools in early September. The district discovered unauthorized activity on its network, prompting the closure and cancellation of school activities. The school district engaged a third-party cybersecurity firm to investigate, which confirmed the ransomware nature of the attack. They have notified the FBI and are cooperating with their investigation, although details about the attackers or potential data breaches remain unclear.

3. Ransomware attack forces UMC Health System to divert some patients

UMC Health System in Texas has been forced to divert some patients to other facilities due to a ransomware attack that caused significant IT outages. While the healthcare provider, which operates 30 clinics and serves around 400,000 patients annually, remains open, both emergency and non-emergency services are affected. The attack has led to the unavailability of medical prescription lists, and patients are advised to bring their prescriptions when visiting. Certain departments, such as radiology, are either closed or experiencing significant delays. Communication via phone or online portals is unreliable, prompting patients needing immediate assistance to visit clinics directly.

4. Chinese hackers breached US court wiretap systems: Report

Chinese hackers have reportedly breached the networks of major U.S. telecom companies, including Verizon, AT&T, and Lumen Technologies, gaining access to systems used for court-authorized wiretapping. This intrusion, which may have lasted for months, allowed the hackers to collect sensitive communications data and intercept internet traffic. In response to the allegations, China's foreign ministry denied any knowledge of the attack and accused the U.S. of fabricating a narrative to blame China. The ministry emphasized that cybersecurity is a global challenge that requires cooperation rather than accusations. The hacking group responsible for this breach has been identified as "Salt Typhoon," part of a broader pattern of Chinese cyber espionage activities. This follows previous incidents involving other groups like "Flax Typhoon" and "Volt Typhoon," which have also drawn scrutiny from U.S. authorities. Verizon, AT&T, and Lumen Technologies have not yet commented on the situation.

5. Cloudflare blocks largest recorded DDoS attack peaking at 3.8Tbps

Cloudflare successfully blocked the largest recorded DDoS attack, which peaked at 3.8 terabits per second (Tbps), targeting sectors such as financial services, internet, and telecommunications. This month-long campaign involved over 100 hyper-volumetric attacks that overwhelmed network infrastructure with excessive data. The attack involved more than two billion packets per second and utilized a network of compromised devices, primarily Asus routers, MikroTik systems, DVRs, and web servers located globally, particularly in Russia, Vietnam, the U.S., Brazil, and Spain. Cloudflare autonomously mitigated all attacks, with the peak attack lasting 65 seconds. The previous record for a DDoS attack was held by Microsoft at 3.47 Tbps targeting an Azure customer.

6. Community Clinic of Maui says 123,000 affected by May cyberattack

The Community Clinic of Maui, also known as Mālama I Ke Ola Health Center, experienced a significant cyberattack in May 2024, impacting over 123,000 individuals. The breach occurred between May 4 and May 7, during which hackers accessed sensitive personal information, including Social Security numbers, passport numbers, financial account details, and medical treatment data. The incident was attributed to the LockBit ransomware group, which claimed responsibility in June. The clinic was forced to take its systems offline for nearly two weeks, leading to limited services upon reopening. The stolen information included names, Social Security numbers, financial account numbers with CVV details, and some biometric data. Despite the breach, Mālama stated there is no evidence that the compromised data has been misused. The clinic notified affected individuals and offered complimentary credit monitoring for those whose Social Security numbers were potentially exposed.

7. Internet Archive hacked, data breach impacts 31 million users

The Internet Archive has suffered a significant data breach affecting approximately 31 million users. A threat actor compromised the website, stealing a user authentication database that includes unique records such as email addresses, screen names, and Bcrypt-hashed passwords. The breach was revealed through a JavaScript alert displayed on the archive.org site, which directed users to the Have I Been Pwned (HIBP) service, indicating their data may have been exposed. The stolen database, named "ia_users.sql," is a 6.4GB SQL file containing authentication information for registered members. Cybersecurity expert Troy Hunt confirmed the authenticity of the data after reaching out to affected users.

8. Star Health Data Breach: Hacker Alleges Top Executive's Role In Leaking Personal Details, Records of Over 31 million Customers

Star Health Insurance has experienced a significant data breach, exposing the personal details of over 31 million customers. The breach includes sensitive information such as names, addresses, phone numbers, tax details, and medical records. A hacker has alleged that the Chief Information Security Officer (CISO), sold this data for $150,000. The hacker reportedly used Telegram chatbots to sell the stolen data, which included policy details and medical diagnoses. In response to the breach, Star Health has filed lawsuits against Telegram and Cloudflare for their roles in facilitating the leak.

9. Fidelity Investments says data breach affects over 77,000 people

Fidelity Investments has disclosed a data breach affecting over 77,000 customers, which occurred between August 17 and 19, 2024. An unknown attacker accessed personal information through two newly established customer accounts. Although Fidelity detected the unauthorized activity on August 19 and terminated access immediately, the specific types of personal information compromised have not been fully detailed, aside from names and identifiers. The company stated that there is no evidence of misuse of the stolen data and emphasized that no actual account access occurred. To support those affected, Fidelity is offering two years of free credit monitoring and identity restoration services through TransUnion.

10. ADT discloses second breach in 2 months, hacked via stolen credentials

ADT has disclosed a data breach affecting its systems for the second time in two months, with unauthorized access occurring through stolen credentials obtained from a third-party business partner. The breach, reported in an SEC filing, resulted in the exfiltration of encrypted employee account data. In response, ADT terminated the unauthorized access and initiated an investigation with third-party cybersecurity experts while cooperating with federal law enforcement. Although the company stated that customer data and security systems were not compromised, the containment measures have caused disruptions to internal operations. This incident follows a previous breach in August, where approximately 30,800 customer records were leaked on a hacking forum, including personal details like emails and addresses.

11. MoneyGram confirms hackers stole customer data in cyberattack

MoneyGram has confirmed that hackers stole customers' personal information and transaction data during a cyberattack that occurred in late September 2024. The attack, detected on September, forced the company to shut down its IT systems, disrupting services for five days. The breach reportedly took place between September 20 and 22, when threat actors accessed the network and extracted various sensitive customer information, including names, email addresses, postal addresses, phone numbers, utility bills, government IDs, and Social Security numbers. The extent of the stolen data varied by customer. The breach was initiated through a social engineering attack on MoneyGram's IT help desk, where attackers impersonated an employee to gain access.

12. Comcast Data Breach Exposes Personal Information of 237,000

Comcast has confirmed a data breach affecting over 237,000 individuals, including 22 residents of Maine, linked to a cyberattack on Financial Business and Consumer Solutions, Inc. (FBCS), a third-party service provider. The breach began on February 14, 2024, when unauthorized access to the FBCS network led to the downloading and encryption of sensitive data during a ransomware attack. Initially, FBCS informed Comcast on March 13 that no consumer data had been compromised. However, on July 17, they revealed that customer data had indeed been affected. The compromised information includes names, addresses, Social Security numbers, dates of birth, and Comcast account numbers, posing significant risks for identity theft and fraud. FBCS has reported the breach to the FBI and engaged third-party cybersecurity experts for investigation.

13. Casio confirms customer data stolen in a ransomware attack

Casio has confirmed that it suffered a ransomware attack earlier this month, resulting in the theft of personal and confidential data belonging to employees, job candidates, and some customers. The attack caused significant system disruptions and service outages, prompting the company to investigate the unauthorized access to its networks. The Underground ransomware group claimed responsibility for the breach and leaked various documents purportedly stolen from Casio's systems. Following this, Casio acknowledged that sensitive data had been compromised, including Personal information of permanent and temporary employees, Details related to business partners and certain affiliates, Information about individuals who interviewed for jobs at Casio, Customer data linked to services provided by Casio, Financial data concerning invoices and sales transactions, Internal documents covering legal, financial, human resources, audit, sales, and technical matters. However, Casio clarified that no credit card information was exposed, as payment data is not stored on its systems. As the investigation continues, Casio warns that the impact may expand and advises those potentially affected to remain vigilant against unsolicited emails.

14. Internet Archive breached again through stolen access tokens

The Internet Archive has experienced another data breach, this time involving its Zendesk email support platform, after hackers exploited exposed GitLab authentication tokens. The breach allowed unauthorized access to over 800,000 support tickets dating back to 2018. Despite prior warnings about the vulnerability, the Internet Archive failed to rotate the compromised API keys. The breach was linked to a previous incident where the organization’s source code and user data for 33 million users were stolen. The attackers claimed they accessed the Internet Archive's systems through an exposed GitLab configuration file, which contained authentication tokens that enabled them to download the source code and user database, reportedly stealing around 7TB of data.

15. Tech giant Nidec confirms data breach following ransomware attack

Nidec Corporation has confirmed a data breach resulting from a ransomware attack earlier this year, where hackers stole and leaked sensitive information on the dark web after their extortion demands were unmet. The breach, which targeted Nidec's Precision division in Vietnam, did not involve file encryption and has been fully remediated. The attackers gained access to the network using valid VPN credentials from a Nidec employee, compromising 50,694 files that included internal documents, business contracts, and labor safety policies. Nidec has implemented additional security measures and is providing training to employees to mitigate future risks.

16. Cisco investigates breach after stolen data for sale on hacking forum

Cisco is investigating claims of a data breach after a threat actor, known as "IntelBroker," began selling allegedly stolen data on a hacking forum. The breach reportedly occurred on June 10, 2024, and involved the theft of a significant amount of developer-related data, including GitHub and GitLab projects, source code, hard-coded credentials, certificates, customer documentation, API tokens, and more. IntelBroker claimed to have accessed various Cisco-related files and shared samples of the stolen data, which included databases and customer information. However, details on how the data was obtained remain unclear. This incident follows IntelBroker's previous activities involving data theft from other companies like T-Mobile and AMD. Sources suggest that the Cisco data may have been compromised through a third-party managed services provider specializing in DevOps and software development. Cisco has acknowledged the reports and is actively investigating the situation.

17. Boston Children’s Health Physicians Faces Data Breach, BianLian Cyber Group Claims Responsibility

Boston Children’s Health Physicians (BCHP) has reported a significant data breach following a cyberattack linked to an IT vendor's systems. The incident, which occurred on September 6, 2024, involved unauthorized access to parts of BCHP's network, leading to the exfiltration of sensitive information belonging to current and former employees, patients, and guarantors. The breach exposed a range of sensitive data, including: Names, Social Security numbers Billing details, Addresses, Driver’s license numbers, Medical record numbers, Health insurance information, BCHP assured that its electronic health records (EHR) remained secure on a separate network. The BianLian ransomware group claimed responsibility for the attack. The organization is offering complimentary credit monitoring services to those whose sensitive information was compromised.

18. Globe Life Faces Extortion After Hackers Steal Customer Data at a Subsidiary

Globe Life is currently facing extortion demands from hackers who stole data on over 5,000 individuals from its subsidiary, American Income Life Insurance Company. The company has reported the incident to the U.S. Securities and Exchange Commission (SEC) and federal law enforcement, emphasizing that its investigation is ongoing. Compromised Data includes - Social Security numbers, Names, Addresses, Health-related information However, Globe Life clarified that no financial information, such as credit card or banking details, was involved. The full scope of the data taken by the hackers has yet to be verified. The hackers have shared some of the stolen data with short sellers and attorneys involved in lawsuits, claiming to possess additional unverified information.

19. Microsoft warns it lost some customer's security logs for a month

Microsoft has warned that a bug caused the loss of critical security logs for enterprise customers from September 2 to September 19, 2024. This issue impacted various services, including Microsoft Entra, Azure Logic Apps, and Microsoft Sentinel, hindering companies' ability to detect unauthorized activities and threats. The logging failure was due to a bug introduced while fixing another issue in the log collection service, which led to a deadlock condition preventing the upload of telemetry data. Although Microsoft has resolved the problem and notified customers, cybersecurity expert Kevin Beaumont noted that at least two companies with missing logs did not receive alerts. This incident follows previous criticism of Microsoft for inadequate logging practices, particularly after a significant breach involving Chinese hackers in July 2023. In response to concerns, Microsoft expanded its free logging capabilities in February 2024 to enhance security for all customers.

20. Omni Family Health data breach impacts 468,344 individuals

Omni Family Health, a nonprofit healthcare provider in California, has disclosed a significant data breach affecting nearly 470,000 individuals. The breach was discovered on August 7, 2024, after claims surfaced that sensitive information had been stolen and leaked on the dark web. The exposed information includes names, addresses, Social Security numbers, dates of birth, health insurance details, and medical records of current and former patients. The Hunters International ransomware group claimed responsibility for the attack, asserting they stole 2.7 terabytes of data and subsequently listed Omni on their Tor leak site, releasing the stolen information on August 23. To assist those impacted, Omni is offering 12 months of free credit monitoring and identity protection services.

21. UnitedHealth says data of 100 million stolen in Change Healthcare breach

UnitedHealth has confirmed that a significant data breach involving its subsidiary Change Healthcare has affected over 100 million individuals, making it one of the largest healthcare data breaches in recent history. This breach was initially reported following a February ransomware attack orchestrated by the BlackCat (ALPHV) ransomware gang, which exploited vulnerabilities in the company's Citrix remote access service that lacked multi-factor authentication. The breach exposed a wide array of sensitive information, including: Health insurance details (e.g., policy numbers, member IDs), Medical records (e.g., diagnoses, treatment histories), Billing information (e.g., claim numbers, payment details), Personal identifiers (e.g., Social Security numbers, driver's licenses) The U.S. Department of Health and Human Services updated its records to reflect the scale of the breach, confirming that Change Healthcare had sent notifications to approximately 100 million individuals regarding the incident.

22. Henry Schein discloses data breach a year after ransomware attack

Henry Schein has reported a significant data breach affecting over 160,000 individuals due to two cyberattacks by the BlackCat ransomware gang in 2023. Approximately 35 TB of sensitive files were stolen during these incidents. The first attack prompted the company to take systems offline on October 15, disrupting manufacturing and distribution operations. The BlackCat gang claimed responsibility and threatened further encryption of the network if their ransom demands were not met. A second attack occurred on November 22, with some stolen data released on the gang's leak site. In a notification to the Maine Attorney General, Henry Schein confirmed that 166,432 people's personal data was compromised. The company has engaged an external firm to assess the breach and is offering a free 24-month membership to Experian's IdentityWorksSM for credit monitoring and fraud detection to those affected.

23. Insurance admin Landmark says data breach impacts 800,000 people

Landmark Admin has reported a data breach affecting over 800,000 individuals due to a cyberattack detected on May 13, 2024. The company, which provides administrative services for insurance carriers, shut down its IT systems to contain the incident and engaged a third-party cybersecurity firm to investigate. The investigation revealed that the attackers accessed files containing sensitive personal information of 806,519 people, including names, addresses, Social Security numbers, driver's license numbers, financial account details, medical information, and health insurance policy numbers. Affected individuals will be notified by mail regarding the specific information compromised. Landmark has not yet identified the responsible threat actors or confirmed whether the attack involved ransomware or data theft. The investigation is ongoing, and impacted individuals are advised to monitor their credit reports and bank accounts for any suspicious activity.

24. Data leaks: Irdai directs two insurers to conduct IT systems audit

The Insurance Regulatory and Development Authority of India (Irdai) has directed two unnamed insurers to conduct audits of their IT systems due to recent data leaks affecting policyholders. This action follows a breach admitted by Star Health Insurance, while the second insurer's identity remains undisclosed. Irdai is actively engaging with the management of these companies to address vulnerabilities and ensure the protection of policyholders' interests. The insurers have been instructed to appoint independent auditors for a comprehensive review of their IT systems to eliminate vulnerabilities. The affected insurers have isolated the compromised systems and enlisted external IT security firms for root cause analysis. Vulnerabilities identified in the audit are being addressed, and preventive measures are being implemented, including system upgrades and rectification of API vulnerabilities.

25. LinkedIn Fined More Than $300 Million in Ireland Over Personal Data Processing

Ireland's Data Protection Commission (DPC) has fined LinkedIn €310 million (approximately $335 million) for serious violations of the European Union's General Data Protection Regulation (GDPR). The fine stems from LinkedIn's failure to obtain valid consent from users for processing their personal data to deliver targeted advertising, which the DPC determined was neither "freely given" nor "informed" as required by GDPR standards123. The investigation, initiated in 2018 following a complaint from the French digital rights organization La Quadrature du Net, revealed that LinkedIn improperly justified its data processing practices under various legal bases, including consent, legitimate interests, and contractual necessity. The DPC found these justifications inadequate, emphasizing that LinkedIn did not provide clear information to users regarding their rights or the nature of data processing. Deputy Commissioner Graham Doyle stated that LinkedIn's actions constituted a "clear and serious violation" of users' fundamental rights to data protection. This fine is noted as one of the largest imposed under GDPR since its introduction in 2018.

?

?