Data Breaches

A hacker claims to be selling data relating to thousands of current and former employees of India's Piramal Group.

Exclusive: The Minnesota-based spyware maker Spytech snooped on thousands of devices before it was hacked earlier this year.

Leidos serves prominent clients including the US Department of Defense (DOD), the Department of Homeland Security (DHS), NASA, and various other US and foreign agencies.

The private member information of the BreachForums v1 hacking forum from 2022 has been leaked online, allowing threat actors and researchers to gain insight into its users.

Verizon Communications has agreed to a $16,000,000 settlement with the Federal Communications Commission (FCC) in the U.S. concerning three data breach incidents its wholly-owned subsidiary, TracFone Wireless, suffered after its acquisition in 2021.

A new listing on Daixin Team’s leak site suggested serious problems for Acadian Ambulance.

The Land Registry agency in Greece has announced that it suffered a limited-scope data breach following a wave of 400 cyberattacks targeting its IT infrastructure over the last week.

The largest trial court in the United States, the Superior Court of Los Angeles County, closed all 36 courthouse locations on Monday to restore systems affected by a Friday ransomware attack.

MediSecure, an Australian prescription delivery service provider, revealed that roughly 12.9 million people had their personal and health information stolen in an April ransomware attack.

Though the number of victims has risen, the actual number of breaches has gone down, as fewer, bigger breaches affect more individuals.

A threat actor has leaked a database containing the personal information of 442,519 Life360 customers collected by abusing a flaw in the login API.

MarineMax, self-described as the world's largest recreational boat and yacht retailer, is notifying over 123,000 customers whose personal information was stolen in a March security breach claimed by the Rhysida ransomware gang.

We're over halfway through 2024, and already this year we have seen some of the biggest, most damaging data breaches in recent history. And just when you think that some of these hacks can't get any worse, they do. From huge stores of customers' personal information getting scraped, stolen and posted online, to reams of medical data covering most people in the United States getting stolen, the worst data breaches of 2024 to date have already surpassed at least 1 billion stolen records and rising. These breaches not only affect the individuals whose data was irretrievably exposed, but also embolden the criminals who profit from their malicious cyberattacks. Travel with us to the not-so-distant past to look at how some of the biggest security incidents of 2024 went down, their impact and. in some cases, how they could have been stopped.

• AT&T's Data Breaches: AT&T experienced two data breaches in 2024, affecting nearly all its customers and many non-customers. The breaches exposed phone numbers, call records, and personal information, risking account hijacks for 7.6 million customers.

• Change Healthcare Hack: A ransomware attack on Change Healthcare resulted in the theft of sensitive medical data, affecting a substantial proportion of Americans. The breach caused widespread outages in healthcare services across the U.S. and compromised personal, medical, and billing information.

• Synnovis Ransomware Attack: The cyberattack on U.K. pathology lab Synnovis disrupted patient services in London hospitals for weeks, leading to thousands of postponed operations and the exposure of data related to 300 million patient interactions. Snowflake Data Theft (Including Ticketmaster): Cybercriminals stole hundreds of millions of records from Snowflake's corporate customers, including 560 million records from Ticketmaster. The breach affected data from multiple companies and institutions, exposing vast amounts of customer and employee information.

• Snowflake Data Theft: (Including Ticketmaster): Cybercriminals stole hundreds of millions of records from Snowflake's corporate customers, including 560 million records from Ticketmaster. The breach affected data from multiple companies and institutions, exposing vast amounts of customer and employee information.

Rite Aid, the third-largest drugstore chain in the United States, says that 2.2 million customers' personal information was stolen last month in what it described as a "data security incident."

A threat actor has released over 15 million email addresses associated with Trello accounts that were collected using an unsecured API in January.

Hacktivist group NullBulge claims to have breached Disney, leaking 1.1 TiB of internal Slack data. The leak allegedly includes messages, files, code, and more. This comes amidst breaches affecting AT&T and Ticketmaster.

The American Radio Relay League (ARRL) finally confirmed that some of its employees' data was stolen in a May ransomware attack initially described as a "serious incident."

Most observers attribute the attack, which leveraged VPN and Microsoft 365 security holes, to state actors working for China.

Dallas County is notifying over 200,000 people that the Play ransomware attack, which occurred in October 2023, exposed their personal data to cybercriminals.

Advance Auto Parts is sending data breach notifications to over 2.3 million people whose personal data was stolen in recent Snowflake data theft attacks.

IntelBroker shared snippets of data from the breach of Lulu Hypermarket, threatening a full database leak at a future date.

Fujitsu confirms that information related to some individuals and customers' business has been compromised during the data breach detected earlier this year.

The City of Philadelphia revealed that a May 2024 disclosed in October impacted more than 35,000 individuals' personal and protected health information.

Evolve Bank & Trust (Evolve) is sending notices of a data breach to 7.6 million Americans whose data was stolen during a recent LockBit ransomware attack.

Stolen data includes millions of AT&T customer phone numbers, calling and text records, and location-related data

[...] AT&T said the stolen data “does not contain the content of calls or texts,” but does include calling and texting records that an AT&T phone number interacted with during the six-month period, as well as the total count of a customer’s calls and texts, and call durations — information that is often referred to as metadata. The stolen data does not include the time or date of calls or texts, AT&T said.

Additional article: https://krebsonsecurity.com/2024/07/hackers-steal-phone-sms-records-for-nearly-all-att-customers/