February 15, 2024

Data Breach Report: February 2024 Edition

PKWARE

Data breaches are like unwanted guests at a party – uninvited, disruptive, and leaving a mess in their wake. January 2024 was no different, with several high-profile incidents likely reaching hundreds of millions or even billions of records of people’s personal information.

In this breach report, we will discuss some of the most significant breaches of the past month, consequences, and equipping you with the knowledge and tools to safeguard your information in the face of evolving cyber threats.

Victoria Court System

The data breach in Victoria’s Court System, reported in January 2024, involved the potential exposure of sensitive court data for individuals involved in specific legal proceedings.

  • Hackers gained access to an audio-visual archive containing recordings of some court hearings between November 1 and December 21, 2023.
  • This potentially exposes sensitive information like witness testimony, judge’s rulings, and personal details mentioned in court.
  • The breach was discovered on December 21, 2023, and the affected network was immediately isolated and disabled.
  • Investigations are ongoing to determine the full extent of the breach and which specific recordings were accessed.

Court Services Victoria (CSV) Cyber Incident Information webpage: https://courts.vic.gov.au/news/court-services-victoria-cyber-incident

Inspiring Vacations

The Inspiring Vacations data breach occurred in late November 2023, but details were recently released in January 2024.

  • A database containing the personal information of 112,000 customers was left unprotected and accessible online.
  • The exposed data included highly sensitive PII:
    • High-resolution passport images
    • Travel visa certificates
    • Travel itineraries and ticket files
    • Partial credit card numbers
  • Most affected individuals were Australian citizens, but customers from New Zealand, the UK, and Ireland were also impacted.
  • Inspiring Vacations acknowledged the breach and initiated an investigation. The investigation is ongoing, and the full extent of the damage is still being determined.

Australian Passport Office: https://www.passports.gov.au/news/inspiring-vacations-data-breach

MailChimp

The MailChimp data breach in January 2024 marked the second security incident for the company within six months.

  • On January 11th, 2024, unauthorized actors gained access to an internal tool used by MailChimp customer support and account administration.
  • The access was obtained through a social engineering attack on Mailchimp employees and contractors.
  • The attackers compromised employee credentials and used them to access 133 Mailchimp accounts.
  • The exposed data potentially included names, email addresses, and campaign information.
  • It is unclear if any sensitive data like payment information was compromised.

While 133 accounts were impacted, the potential risk varied depending on the specific information stored in each account. MailChimp is still investigating the incident and assessing the full impact.

Yum! Brands

In January 2024, the parent company of popular restaurants like KFC, Pizza Hut, and Taco Bell, occurred as part of a broader ransomware attack.

  • A ransomware attack targeted Yum! Brands, forcing them to temporarily close some restaurants in the UK.
  • During the attack, unauthorized individuals gained access to some personal information belonging to employees, primarily in the US.
  • The exposed data could include names, driver’s license numbers, identification numbers, and other types of personal identifiers.

HealthEC LLC

The HealthEC data breach was a significant cyberattack that exposed the personal and medical information of nearly 4.5 million patients. These patients received care through healthcare providers using HealthEC’s population health management platform.

  • Between July 14 and 23, 2023, hackers gained unauthorized access to HealthEC’s systems.
  • The exposed data included names, addresses, dates of birth, Social Security numbers, medical records, diagnoses, prescriptions, and insurance information.

There are 17 healthcare service providers and state-level health systems that were impacted by the cyberattack on the HealthEC tech solutions provider. Some major organizations listed in the notice include Corewell Health, HonorHealth, Beaumont ACO, State of Tennessee Division of TennCare, the University Medical Center of Princeton Physicians’ Organization, and the Alliance for Integrated Care of New York.

VF Corp.

The VF Corp., the parent company of the popular apparel brands Vans, Supreme, and The North Face, has confirmed a data breach that occurred in December 2023 and impacted approximately 35.5 million customers.

  • On December 13th, 2023, VF Corp. detected unauthorized activity on their IT systems, indicating a potential cyberattack.
  • The company suspected a ransomware attack as some systems were encrypted, disrupting operations and impacting order fulfillment.
  • The ransomware gang ALPHV (or BlackCat) later claimed responsibility for the attack.

The company emphasized that they don’t store social security numbers, bank account information, or payment card details. However, the stolen data could potentially include:

  • Names
  • Addresses
  • Email addresses
  • Phone numbers
  • Order history
  • Loyalty program information

Lush

On January 11th, 2024, Lush publicly acknowledged a “cyber security incident” affecting their UK IT systems.

The full extent of the breach is still unknown, but the claims suggest it might involve personal information from customers or employees. This could include names, addresses, email addresses, phone numbers, and potentially even passport scans.

Foxsemicon

LockBit ransomware gang, known for their aggressive tactics and targeting large corporations have claimed targeting one of the largest Taiwanese semiconductor equipment manufacturer, a subsidiary of Hon Hai Precision Industry Co. Ltd. (Foxconn).

  • Hackers claimed to have stolen 5 terabytes of data, potentially including personal information of customers and employees.
  • Foxsemicon’s website was defaced with a ransom note threatening to leak the stolen data and disrupt operations.

Clearview Resources Ltd

Initially announced as a “cybersecurity incident,” later confirmed to be a Business Email Compromise (BEC) attack.

In an updated press statement released in January 2024, Clearview explained, “An internal email address was compromised and used by fraudulent actors to redirect the transfer of certain Company funds to a third-party account, resulting in the loss of $1.5 million.”

Keep your organization out of breach headlines by ensuring your organization not only knows where all its sensitive data is stored but can also protect it wherever it lives and moves.

Take a look at our unique, data-centric approach!

Share on social media
  • Data Retention: Aligning Data Protection Strategies with Compliance Requirements
    Ben Meyers March 13, 2024
  • Data Breach Report: March 2024
    PKWARE March 8, 2024
  • PCI DSS 4.0 Compliance: Safeguarding the Future of Payment Security
    PKWARE February 22, 2024
  • Data Breach Report: February 2024
    PKWARE February 15, 2024