SecureFact: Cyber Security News Highlights

Data Breaches

January 27 2025 to February 24 2025

1. US healthcare provider data breach impacts 1 million patients

Community Health Center (CHC), a prominent healthcare provider in Connecticut, has reported a significant data breach affecting over 1 million patients. The breach, which occurred in mid-October 2024 but was only discovered on January 2, 2025, involved unauthorized access to CHC's network by skilled hackers. Approximately 1,060,936 individuals had their personal and health information compromised, including names, Social Security numbers, medical diagnoses, and treatment details. Fortunately, the attackers did not encrypt any systems or disrupt daily operations, and CHC claims to have contained the breach quickly. This incident highlights the increasing prevalence of data theft in the healthcare sector and has prompted discussions about enhancing security measures, including proposed updates to HIPAA regulations by the U.S. Department of Health and Human Services.

2. DeepSeek exposes database with over 1 million chat records

DeepSeek, a Chinese AI startup known for its DeepSeek-R1 language model, has inadvertently exposed two unsecured databases containing over 1 million chat records and sensitive operational information. Discovered by Wiz Research during a security assessment, the databases were accessible without authentication and included plaintext user chat histories, API keys, and internal logs dating back to January 6, 2025. This exposure posed significant security risks, as attackers could potentially access sensitive data and execute arbitrary SQL queries. Although Wiz reported the issue to DeepSeek, which promptly secured the databases, concerns remain about the company's overall security posture and its ability to protect user data from both external threats and compliance pressures from the Chinese government. The incident raises alarms for organizations utilizing DeepSeek's AI in sensitive operations, highlighting the need for robust data protection measures.

3. State of emergency declared in Dover due to potential cybersecurity threat

Dover Mayor Robin Christiansen declared a state of emergency on January 29, 2025, due to a potential cybersecurity breach affecting the city's IT systems. The declaration, effective from 8 a.m., was prompted by credible information suggesting that protected data may have been compromised. While a confirmed data breach has not been established, the mayor expressed concerns about possible impacts on emergency services and personal data security. The state of emergency allows the city to take necessary actions to safeguard residents, including hiring external experts for investigation and response. This situation follows a previous data loss incident reported earlier in January.

4. Globe Life data breach may impact an additional 850,000 clients

Globe Life announced that a data breach discovered in June 2024 may have affected an additional 850,000 clients, significantly increasing the scope of the incident initially thought to involve only 5,000 individuals. The breach occurred when hackers accessed a web portal and specific databases linked to independent agency owners, exposing sensitive personal information such as names, email addresses, phone numbers, Social Security numbers, and health-related data. Following the breach, Globe Life opted to notify all potentially affected customers and offered credit monitoring services. Although the company faced an extortion attempt from the hacker, it refused to pay the ransom and reported that the breach did not disrupt its IT operations.

5. Ransomware attack disrupts New York blood donation giant

New York Blood Center (NYBC) reported a ransomware attack that disrupted its operations and forced the rescheduling of blood donation appointments. The attack was detected on January 26 after suspicious activity was observed in its IT systems. Although NYBC continues to accept donations, it has had to cancel some blood drives due to operational challenges. The organization is collaborating with cybersecurity experts to contain the threat and restore services. This incident follows a recent blood emergency caused by a significant drop in donations and raises concerns about potential data breaches involving donor information.

6. Massive brute force attack uses 2.8 million IPs to target VPN devices

A large-scale brute force attack is underway, utilizing nearly 2.8 million IP addresses to guess credentials for networking devices from Palo Alto Networks, Ivanti, and SonicWall. The attack, which has been ongoing since last month, originates from a large number of countries, with Brazil accounting for the most attacking IPs. The compromised devices, including routers and IoTs from manufacturers like MikroTik and Cisco, are likely part of a botnet or residential proxy network. To protect against such attacks, it’s crucial to use strong, unique passwords, enable multi-factor authentication, utilize IP allowlists, disable unnecessary web admin interfaces, and apply the latest firmware and security updates.

7. HPE notifies employees of data breach after Russian Office 365 hack

Hewlett Packard Enterprise (HPE) is notifying employees about a data breach stemming from a May 2023 cyberattack where Russian state-sponsored hackers, known as Cozy Bear (Midnight Blizzard/APT29/Nobelium), accessed the company’s Office 365 email environment. The breach, discovered in December 2024, resulted in the theft of personal information, including driver’s licenses, credit card numbers, and Social Security numbers, from a limited number of employee mailboxes. The same group is believed to be behind a related breach of HPE’s SharePoint server in May 2023. This incident follows previous security breaches at HPE, including a 2018 hack by Chinese actors and a 2021 compromise of the Aruba Central network monitoring platform. More recently, HPE investigated potential breaches related to claims of stolen credentials and source code by a threat actor named IntelBroker.

8. US health system notifies 882,000 patients of August 2023 breach

Hospital Sisters Health System (HSHS) is notifying over 882,000 patients about a data breach that occurred in August 2023 after a cyberattack. The attackers gained access to HSHS’ network between August 16 and August 27, 2023. The compromised data includes names, addresses, dates of birth, medical record numbers, limited treatment information, health insurance information, Social Security numbers, and/or driver’s license numbers. While the incident had signs of a ransomware attack, no group has claimed responsibility. HSHS is offering affected individuals one year of free Equifax credit monitoring and advising them to monitor their accounts for suspicious activity.

9. GrubHub data breach impacts customers, drivers, and merchants

GrubHub disclosed a data breach affecting an undisclosed number of customers, merchants, and drivers. The breach occurred after attackers compromised a third-party service provider account. While the attackers didn’t access Grubhub Marketplace account passwords, full payment card numbers, bank account details, Social Security numbers, or driver’s license numbers, they did gain access to names, email addresses, and phone numbers. Some campus diners also had partial payment card information (card type and the last four digits of the card number) exposed. GrubHub has taken steps to address the breach, including terminating the compromised account, hiring forensic experts, rotating passwords, and adding anomaly detection mechanisms. They are also urging users to use unique passwords.

10. Huge healthcare data breach exposes over 1 million Americans’ sensitive information

Community Health Center, Inc. (CHC), a Connecticut-based health center, reported a data breach affecting 1,060,936 individuals after detecting unauthorized activity in its systems on January 2, 2025. A hacker accessed and extracted data, potentially including names, dates of birth, addresses, phone numbers, email addresses, diagnoses, treatment details, test results, Social Security numbers, and health insurance information. For those who received COVID-19 services at CHC, the compromised data might include names, dates of birth, phone numbers, email addresses, addresses, gender, race, ethnicity, insurance details, test dates, results, and vaccine details, with Social Security numbers exposed in rare cases. CHC claims its systems are secured, and there’s no current evidence of data misuse. They are offering free identity theft protection to those whose Social Security numbers were involved and are advising others to take steps to protect their information, including removing personal data from the internet, being wary of mailbox communications, remaining cautious of phishing attempts, using strong antivirus software, and monitoring accounts.

11. Massive Data Breach Exposes Americans’ Financial Details — Names, Card Numbers, PINs and More at Risk

A significant cybersecurity breach at NorthBay Healthcare Corporation exposed the personal, medical, and financial records of over 569,000 Americans. The breach, which occurred between January 11 and April 1, 2024, compromised sensitive data including names, Social Security numbers, financial account numbers, and credit card details. NorthBay Health has since updated its security and is offering affected customers a one-year membership to Experian IdentityWorks. While there is no current evidence of misuse of the data, the incident highlights the increasing threat of cyberattacks on healthcare institutions and the importance of robust cybersecurity measures.

12. New downloads of DeepSeek suspended in South Korea, data protection agency says

South Korea has suspended new downloads of the Chinese AI app DeepSeek due to the company’s failure to fully comply with the country’s privacy laws regarding the protection of personal data. The Personal Information Protection Commission (PIPC) stated that the suspension, which took effect on Saturday, aims to block new downloads of the app until DeepSeek makes the necessary improvements to comply with South Korean privacy law. DeepSeek’s web service remains accessible in the country. This action follows a similar move by Italy’s data protection authority, which blocked DeepSeek’s chatbot due to privacy concerns.

13. Massive IoT Data Breach Exposes 2.7 Billion Records

A massive IoT data breach exposed 2.7 billion records, including Wi-Fi network names, passwords, IP addresses, and device IDs, linked to Mars Hydro and LG-LED Solutions. Cybersecurity researcher Jeremiah Fowler discovered the unprotected 1.17 terabyte database, which likely belonged to users of Mars Hydro’s Mars Pro app. The exposed data poses significant risks, such as unauthorized network access and “nearest neighbor” exploits. Experts recommend encrypting sensitive logs, changing default passwords, conducting regular security audits, and limiting public cloud access to prevent future breaches, as many IoT devices are vulnerable due to outdated systems and weak credentials.

14. Hacker leaks account data of 12 million Zacks Investment users

Zacks Investment Research reportedly suffered a data breach in June 2024, potentially exposing the sensitive information of about 12 million users. A threat actor leaked data samples on a hacker forum, including full names, usernames, email addresses, physical addresses, and phone numbers. While Zacks hasn’t confirmed the breach, the actor claims to have accessed the company’s active directory and stolen source code. Have I Been Pwned (HIBP) has added the leaked database, confirming it contains 12 million unique email addresses, along with other personal data and unsalted SHA-256 hashed passwords. This could be the third major data breach for Zacks in the past four years, with previous incidents occurring in 2023 and a validated leak from 2020. HIBP notes that 93% of the leaked emails were already in their database from previous breaches, possibly from the same platform.

15. 120K Victims Compromised in Memorial Hospital Ransomware Attack

Ransomware attack on Memorial hospital. 120,000 individuals were notified that their personal information was stolen in a ransomware attack. The ransomware attack was first disclosed in November, but at the time, it said that though its systems were down, and staff would have to revert to pen and paper to record patient information, its operations remained uninterrupted. The Embargo ransomware group claimed responsibility for the attack, alleging that it stole 1.15 terabytes of data from the hospitals systems. The hospital is offering a year of complimentary identity protection services, credit monitoring, a $1 million identity fraud loss reimbursement policy, and identity theft recovery services through IDX. The hospital has no current evidence to suggest misuse or attempted misuse of personal information involved.

16. Global shipper Hipshipper exposes 14 million records in major data breach

A major data breach at Hipshipper, a shipping platform used by sellers on eBay, Shopify, and Amazon, has exposed 14 million customer shipping records due to an unprotected AWS bucket. The exposed data includes names, addresses, phone numbers, and order details, which could be exploited by cybercriminals for scams and phishing attacks. Cybersecurity experts recommend several steps to protect yourself, including being cautious of phishing attempts, using strong antivirus software, watching out for snail mail scams, investing in identity theft protection, enabling two-factor authentication, regularly monitoring credit reports, updating passwords, and removing personal data from public databases. The breach highlights the need for all industries to prioritize cybersecurity and protect customer data.

17. Venture capital giant Insight Partners hit by cyberattack

Venture capital firm Insight Partners disclosed that its systems were breached in January following a social engineering attack. The company, which manages over $90 billion in assets and has invested in over 800 companies, said it discovered the breach on January 16 and immediately took steps to contain and investigate the incident. Insight Partners has notified law enforcement and hired cybersecurity experts to investigate the breach. The company believes there will be no material impact on portfolio companies, Insight funds, or other stakeholders.

18. Fintech giant Finastra notifies victims of October data breach

Fintech giant Finastra is notifying victims of a data breach that occurred after an unauthorized third party accessed their Secure File Transfer Platform (SFTP) between October 31 and November 8, 2024. The company detected the malicious activity on November 7. Finastra, which provides financial services software to over 8,100 financial institutions across 130 countries, believes the risk to individuals is low and is offering two years of free credit monitoring and identity restoration services through Experian. The breach is believed to be linked to a post on BreachForums where a threat actor claimed to be selling 400GB of data stolen from Finastra’s network. Finastra suffered a similar ransomware attack in March 2020 and had unpatched Pulse Secure VPN and Citrix ADC servers before that attack.

19. Lee Enterprises newspaper disruptions caused by ransomware attack

Lee Enterprises, a major newspaper publishing group in the US, has confirmed that a ransomware attack caused significant disruptions to their operations starting February 3, 2025. The attack led to the encryption of critical applications and potential data exfiltration, impacting the distribution of print publications, billing, collections, and vendor payments. While core products are now being distributed normally, weekly and ancillary products (representing 5% of total operating revenue) have not yet been restored, with a phased recovery expected over the next few weeks. Lee is investigating whether sensitive data was compromised and has implemented temporary measures to maintain business functions. The cyberattack forced the shutdown of many networks, hindering reporters’ and editors’ access to files and causing widespread printing and delivery disruptions.

20. Heartland Bank Data Breach – Levi & Korsinsky, LLP Launches Investigation

An investigation launched by Levi & Korsinsky, LLP into a data breach at Heartland Bank. The breach involved unauthorized access to the bank’s email system, compromising sensitive personal data such as names and Social Security numbers. Heartland Bank filed a notice with the Attorney General of Massachusetts on February 7, 2025, and began sending notification letters to affected individuals. Compensation may be available for those whose personal information was compromised. The investigation aims to determine the extent of the breach and potential liability for any resulting harm5. This incident is similar to other recent data breaches, such as those affecting First Chatham Bank and Crown Mortgage Company, which also involved unauthorized access to sensitive personal information

21. Beware: PayPal “New Address” feature abused to send phishing emails

A new PayPal email scam is circulating where scammers are exploiting the platform’s address settings to send fake purchase notifications. These emails appear legitimate, coming directly from “[email protected],” bypassing spam filters and security checks. The emails state that a new address has been added to your account and often include a fake purchase confirmation for a MacBook M4, urging you to call a provided “PayPal support” number if you didn’t authorize the purchase. The goal is to trick you into thinking your account has been hacked. If you call the number, scammers will try to convince you to download remote access software, like ConnectWise ScreenConnect, under the guise of helping you regain access and block the transaction. Once they gain access, they can steal money, deploy malware, or steal data. To protect yourself, ignore emails with bogus purchase confirmations and don’t call the listed number. Instead, log into your PayPal account to check for unauthorized changes. PayPal has been contacted about this issue and needs to restrict the number of characters allowed in address fields to prevent the injection of scam messages.