Q4 '24 Data Breaches
V2verify Is The Key To Preventing Data Breaches
V2verify is the answer for preventing data breaches like these, but until they are no longer an issue, we want to provide you with tools and information to minimize your risk and exposure.
Fourth Quarter ~ 2024
DECEMBER 2024
DEC 21
CONNECTONCALL
The doctor-patient communications platform ConnectOnCall, owned by health tech firm Phreesia, says 914,138 users are affected, according to data from the U.S. Department of Health and Human Services Office for Civil Rights.
In a statement, the firm says the breach exposed records shared in communications between doctors and patients including full names, phone numbers, dates of birth, health conditions, treatments, medications as well as Social Security numbers.
“ConnectOnCall’s investigation revealed that between February 16, 2024, and May 12, 2024, an unknown third party had access to ConnectOnCall and certain data within the application, including certain information in provider-patient communications…
ConnectOnCall took the ConnectOnCall product offline and has been working through a phased restoration of the product in a new, more secure environment.”
ConnectOnCall allows patients to contact their doctors via text, phone call or telehealth for concerns about prescriptions, lab results and other medical issues.
The firm sent letters to affected users earlier this month to shed light on the security incident while offering identity and credit monitoring services to individuals whose Social Security numbers were stolen.
ConnectOnCall says users should stay alert and immediately report any suspicious activity related to identity theft or healthcare fraud.
DEC 20
ASCENSION HOSPITAL
Hospital operator Ascension told Maine's state attorney general on Friday that nearly 5.6 million people were affected in a ransomware attack that hit it earlier this year.
The company said an unspecified amount of medical data - including patients' medical records, lab tests and insurance information - was compromised.
Cybercriminals use ransomware to paralyze computer networks and extort a payment, typically in cryptocurrency. Many also steal data for added leverage.
Hospitals and healthcare providers - whose data is particularly sensitive and whose operations are especially critical - have regularly been targeted.
In a letter, opens new tab to the attorney general, Ascension's lawyer said the incident happened on May 7 and 8 and blamed it on a "cybercriminal", whom the company did not identify. Ascension did not immediately return a message seeking further comment.
DEC 19
RP FEDERAL CREDIT UNION
RP Federal Credit Union, a South Carolina-based financial institution, had a major data breach impacting more than 240,000 people.
The credit union handles highly sensitive information of hundreds of thousands of Americans, which is now in the hands of cybercriminals.
SRP revealed in a notice that the data breach was part of a two-month attack by hackers, raising concerns about how it took the company so long to detect unauthorized entry into its systems. I discuss the details of the data breach, its impact on people and what you need to do to stay safe.
DEC 18
CENTER FOR VEIN RESTORATION
CVR, a clinic headquartered in Maryland, experienced a massive data breach where hackers stole highly sensitive personal information, including lab results and health insurance details, as reported by Cybernews. The breach occurred in early October, with the clinic detecting "unusual activity" in its systems on Oct. 6.
CVR has more than 110 branches across the country, from Alabama to Alaska. This breach has affected hundreds of thousands of individuals. According to a notice filed by CVR with the U.S. Department of Health and Human Services Office for Civil Rights, more than 445,000 people had their personal information compromised.
As the name suggests, CVR specializes in vein restoration, a very specialized procedure aimed at improving the health and function of veins. This means the clinic keeps a very elaborate record of its patients’ health, and now all that is in the hands of hackers, along with copious amounts of personal information.
DEC 18
CISCO
A hacker has leaked data stolen recently from a Cisco DevHub instance, but claims it’s only a fraction of the total amount of files that was taken.
The notorious hacker IntelBroker announced in October that he and others had breached Cisco systems and obtained source code, certificates, credentials, confidential documents, encryption keys and other types of information. The hacker claimed to have obtained source code associated with several major companies.
Cisco’s investigation showed that its systems had not been breached and that the data was actually obtained from a public-facing DevHub environment that serves as a resource center from where customers can obtain source code, scripts and other content.
The networking giant noted that while a majority of the data hosted in the DevHub environment was public, the hackers also obtained some files that were not intended for public download and were inadvertently published on the site due to a configuration error. The downloaded data included files related to some CX Professional Services customers.
DEC 13
RIBRIDGES
Gov. Dan McKee's office said Friday that the RIBridges computer system, previously called UHIP, was hit by a cybersecurity breach.
The system is used to deliver a wide range of health and human services benefits in Rhode Island.
The state said anyone who receives or has applied for benefits through the system could be impacted..
DEC 13
PIH HEALTH
Cybercriminals claim they stole 17 million patient records from a southern California regional healthcare provider that is still struggling with IT and phone systems outages that have been disrupting patient care since the organization was hit by a ransomware attack on Dec. 1.
PIH Health, in a statement Wednesday, said three of its hospitals - Downey Hospital, Good Samaritan Hospital and Whittier Hospital - as well as its urgent care centers, doctor offices, home health and hospice agency - are affected by the attack.
The organization serves more than 3 million residents in Los Angeles and Orange counties and throughout the San Gabriel Valley.
"PIH Health is working with cyber forensic specialists to assess the issue. Impacted individuals will be notified if protected health information is found to be compromised," the statement said.
The organization in its statement did not mention claims of cybercriminals who reportedly faxed letters to PIH Health last week threatening to publish 2 terabytes of data containing millions of patients' information that was stolen in the attack.
DEC 13
BYTE FEDERAL
Byte Federal, a leading Bitcoin ATM operator in the United States, has disclosed a data breach that compromised the sensitive personal information of approximately 58,000 customers. This breach, which stemmed from a vulnerability in GitLab underscores the persistent challenges businesses face in securing customer data in a hyperconnected world.
The Breach: What Happened?
The breach occurred on Sept. 30, when an unauthorized actor exploited a known vulnerability in GitLab, a widely used software platform Byte Federal relied on for internal operations. According to initial findings, the attackers accessed a trove of sensitive customer data, including: Names and birthdates, Home and email addresses, Phone numbers, Social Security numbers, overnment-issued ID numbers, Photographs of users, & Cryptocurrency transaction histories
Byte Federal immediately responded by shutting down the affected platform, isolating unauthorized access, and implementing a series of emergency security measures, including resetting all customer accounts and updating internal passwords, BleepingComputer reports.
November 2024
NOV 20
FINASTRA
Finastra, a London-based financial software company that serves most of the world’s top banks, has confirmed it’s investigating a data breach after a hacker claimed a compromise of the company’s internal file-transfer platform.
In a statement given to TechCrunch, Finastra spokesperson Sofia Romano confirmed the fintech giant detected what it calls “suspicious activity” related to an “internally hosted Secure File Transfer Platform (SFTP)” on November 7.
News of the breach, first reported by cybersecurity journalist Brian Krebs, comes after someone claimed on a known cybercrime forum to be selling stolen files allegedly belonging to Finastra’s largest banking clients. In a since-deleted forum posting, the hacker said they were in possession of 400 gigabytes of data from Finastra, including client files and internal documents.
NOV 18
ANNIEMAC
The American Neighborhood Mortgage Acceptance Company, doing business as AnnieMac Home Mortgage (“AnnieMac”), filed a notice of data breach with the Attorney General of Maine on Thursday, Nov. 14, disclosing unauthorized third-party access to the independent mortgage bank's (IMB) network occurring on or around Aug. 21, 2024.
The Mount Laurel, N.J.-based seller-servicer reportedly learned of the breach on Oct. 15, 2024, according to the company’s filing with Maine authorities, though a letter sent to impacted customers indicates the company became aware of suspicious activity on certain systems within its network on Aug. 23, two days after the breach.
The filing indicates that 171,074 customers may have had their names and social security numbers compromised in the incident, including 1,313 from Maine.
NOV 16
SELECT BRANDS
In a significant cybersecurity incident that remained undetected for nearly nine months, SelectBlinds, an Arizona-based window coverings retailer, has disclosed a massive data breach affecting 206,238 customers. The breach began on Jan. 7 and was only discovered on Sept. 28, when the company identified suspicious activity on its website.
Through their investigation, SelectBlinds discovered that attackers had gained access to customers' names, email addresses, shipping and billing information, phone numbers, and most critically, complete payment card details including card numbers, expiration dates and CVV security codes. For customers who logged into their accounts during checkout, their website credentials were also compromised.
NOV 15
T-MOBILE
T-Mobile's network was among the systems hacked in a damaging Chinese cyber-espionage operation that gained entry into multiple U.S. and international telecommunications companies, The Wall Street Journal reported on Friday citing people familiar with the matter.
Hackers linked to a Chinese intelligence agency were able to breach T-Mobile as part of a monthslong campaign to spy on the cellphone communications of high-value intelligence targets, the Journal added, without saying when the attack took place.
NOV 11
CASIO
Casio issued an official statement regarding a ransomware attack on Oct. 11. That statement confirmed that the ransomware attack occurred on Oct. 08 and had caused the leakage of personal information and confidential internal information. Today, Casio went a step further to confirm that the personal information could include my name, address and email. “At this time,” the Casio email signed by Richard Sharpe, Casio’s U.K. data protection officer, said, “there is no evidence that sensitive data like passwords or payment details were compromised.”
NOV 4
LANDMARK ADMIN
Landmark Admin, a company that provides administrative services to several major U.S. insurance carriers, has recently announced that a cyberattack in May 2024 exposed the personal information of over 800,000 individuals.
Landmark Admin partners with some of the largest insurance companies in the U.S., including American Monumental Life Insurance Company, Pellerin Life Insurance Company, and American Benefit Life Insurance Company. Through these partnerships, millions of policyholders entrust their personal information to Landmark’s systems.
NOV 1
UNITED HEALTH CARE
U.S. Department of Health and Human Services Office for Civil Rights data breach portal updated the total number of people impacted by the UnitedHealth data breach to 100 million, marking the first time the company has officially quantified the breach's scope. This confirmation cements the breach as the largest healthcare data exposure in U.S. history, underscoring the significant risks that cybersecurity incidents pose to sensitive patient information.
As reported by TechCrunch, the breach began in February 2024 when the ALPHV/BlackCat ransomware group targeted UnitedHealth’s Change Healthcare platform, a widely used payment processing system within the healthcare industry. The attackers deployed ransomware to disrupt operations and exfiltrated vast amounts of sensitive data. The compromised data included patients’ personal information, financial details, and medical records.
NOV 1
INTERBANK
Interbank, one of Peru's leading financial institutions, has confirmed a data breach after a threat actor who hacked into its systems leaked stolen data online.
Previously known as the International Bank of Peru (Banco Internacional del Perú), the company provides financial services to over 2 million customers.
"We have identified that some data of a group of clients has been exposed by a third party without our authorization. In light of this situation, we immediately deployed additional security measures to protect the operations and information of our clients,"
October 2024
OCT 27
PARKLAND HEALTH
Whether it's where you shop, bank or browse, cybersecurity breaches have become an unfortunate fact of our online lives. But there's an extra sensitivity to the theft of medical information.
Parkland Health in Dallas is the latest to report a data breach.
"It's a huge problem," said Ben Singleton with NetGenius. "And the reason that we haven't really seen any progress in it is because there's no enforcement of cybersecurity requirements on medical providers." Singleton, a cybersecurity expert, said that this is not a nosy neighbor concern: the end game is likely fraud, and Medicaid is a prized target.
"And so these claims start getting paid," said Singleton, "and they continue using information that they've gathered from these breaches to file more and more claims. And that's essentially how they're using it."
OCT 24
UNITED HEALTH
UnitedHealth has confirmed for the first time that over 100 million people had their personal information and healthcare data stolen in the Change Healthcare ransomware attack, marking this as the largest healthcare data breach in recent years.
In May, UnitedHealth CEO Andrew Witty warned during a congressional hearing that "maybe a third" of all American's health data was exposed in the attack.
A month later, Change Healthcare published a data breach notification warning that the February ransomware attack on Change Healthcare exposed a "substantial quantity of data" for a "substantial proportion of people in America."
OCT 14
CISCO
Cisco has confirmed to BleepingComputer that it is investigating recent claims that it suffered a breach after a threat actor began selling allegedly stolen data on a hacking forum.
OCT 12
FIDELITY INVESTMENTS
Fidelity Investments reported in a filing with Maine’s attorney general that an unnamed third party accessed information from its systems using two recently established customer accounts. It did not say how the creation of two Fidelity customer accounts allowed access to the data of thousands of other customers.
"We detected this activity on August 19 and immediately took steps to terminate the access," Fidelity stated in a letter sent to those affected. The company confirmed that the data breach compromised the personal information of over 77,000 customers but did not involve any access to their Fidelity accounts. This incident still represents only a small portion of its overall customer base of 51.5 million.
The breach occurred between Aug. 17 and 19 when an attacker accessed customer names and other personal identifiers, including Social Security numbers and driver’s licenses. Fidelity was able to stop the unauthorized access on Aug. 19 after detecting the breach.
OCT 1
RACKSPACE
Cloud hosting provider Rackspace suffered a data breach exposing "limited" customer monitoring data after threat actors exploited a zero-day vulnerability in a third-party tool used by the ScienceLogic SL1 platform.
ScienceLogic confirmed to BleepingComputer that they quickly developed a patch to address the risk and distributed it to all impacted customers while still providing assistance where needed.
"We identified a zero-day remote code execution vulnerability within a non-ScienceLogic third-party utility that is delivered with the SL1 package," explained a statement from Jessica Lindberg, Vice President at ScienceLogic.