June 20, 2024

Data Breach Report: June 2024 Edition

PKWARE
Data Breach Report: June 2024 Edition

May 2024 wasn’t exactly a banner month for cybersecurity. From tech giants to government agencies, a wave of data breaches exposed sensitive information belonging to millions of people. This blog post will delve into some of the most significant incidents, exploring the data exposed, the potential consequences, and how to stay safe in the ever-evolving threat landscape.

Ticketmaster

A massive breach affecting potentially 560 million users. Hackers claim to have stolen names, addresses, phone numbers, and possibly some payment details. This stands out due to the sheer number of users potentially impacted.

Scale of the Breach: Over 560 million user records were potentially compromised, making it a very large-scale breach.

Type of Data Exposed: Hackers claimed to have stolen personal information including full names, addresses, email addresses, phone numbers, and ticketing details. There are also reports that partial payment card data, such as the last four digits of credit card numbers and expiration dates, might have been leaked.

Cause of the Breach: The breach reportedly stemmed from a compromised employee account at Snowflake, a cloud storage company used by Ticketmaster. Attackers likely exploited weaknesses in access controls to gain unauthorized entry.

Ticketmaster owner Live Nation confirmed “unauthorised activity” on its database after a group of hackers said they had stolen the personal details of 560 million customers. Here is filing to the US Securities and Exchange Commission by Live Nation: https://www.sec.gov/ix?doc=/Archives/edgar/data/0001335258/000133525824000081/lyv-20240520.htm

Indian Military and Police

A critical data breach in May 2024 exposed sensitive information about Indian military and police personnel. Leaked data reportedly included fingerprints, facial scans, and potentially even names and addresses. This breach originated from unsecured databases managed by private companies, raising concerns about data security protocols.

Scale of the Breach: Indian authorities are likely still investigating the details of the breach. They might not release specific numbers of affected personnel due to national security concerns.

Type of Data Exposed: The most concerning aspect of this breach is the leak of biometric data, such as fingerprints and facial scans. This information can be extremely difficult, if not impossible, to change and could be used for malicious purposes like compromising national security systems or identity theft. Reports also suggest other personal details like names, addresses, and possibly even some military/police records might have been leaked.

Cause of the Breach: The data vulnerability originated from unsecured databases managed by private companies. This raises serious questions about the security protocols used to store such sensitive information.

Indian authorities are likely still investigating the details of the breach. There might be limited official information available at this point.

Dell

In May 2024, Dell reported a data breach affecting around 49 million customers. While financial information remained secure, customer names, addresses, and details about Dell purchases, including service tags, item descriptions, and warranty information, were exposed.

Scale of the Breach: Dell reported around 49 million customers were affected by the data breach.

Type of Data Exposed: The compromised information included customer details related to purchases made from Dell. Specifically, reports mention:

  • Customer names
  • Physical addresses
  • Order details including:
    • Service tags (unique identifiers for Dell products)
    • Item descriptions of purchased products
    • Order dates
    • Warranty details

Cause of the Breach: The exact cause remains unclear. However, some reports suggest it might be related to an API abuse vulnerability (CVE-2024-3400) that allowed unauthorized users to access Dell’s systems.

Snowflake Customers

In May 2024, attackers targeted Snowflake customers by exploiting stolen login credentials, not a breach of Snowflake itself. Hackers likely used weak passwords, credential reuse, or malware to gain access. This exposed sensitive data stored by Snowflake customers, potentially including financial records, customer information, or business secrets.

Scale of the Breach: Investigations are still ongoing, but reports suggest hundreds of Snowflake customers might have been impacted.

Type of Data Exposed: The data exposed depends on the specific customer and the information they stored on Snowflake’s platform. Snowflake itself wasn’t compromised, so their core systems weren’t breached. However, attackers with stolen credentials could potentially access a variety of sensitive data stored by their customers.

Cause of the Breach: Unlike a traditional company data breach, Snowflake itself wasn’t compromised. Instead, attackers exploited weaknesses in customer credentials.

MoD contractor (UK military data leak)

The May 2024 data breach involving a contractor for the UK Ministry of Defence (MoD) raises concerns about the security of sensitive government data.

Scale of the Breach: The exact number of personnel affected hasn’t been officially disclosed.

Type of Data Exposed: Reports indicate that names, addresses, and potentially bank account details of current and former military personnel were accessed.

Cause of the Breach: unconfirmed, The MoD launched an investigation into the incident and the breach specifically targeted the IT systems of a contractor responsible for the MoD’s payroll.

Defence Secretary Grant Shapps provided a statement to the House of Commons on 07 May 2024, to update the House on a data incident involving activity by a malign actor: https://www.gov.uk/government/speeches/defence-secretary-oral-statement-to-provide-a-defence-personnel-update-07-may-2024

Dropbox Sign

A security incident hit Dropbox Sign (formerly HelloSign), exposing user information. Hackers compromised a Dropbox Sign service account, potentially accessing email addresses, usernames, phone numbers, hashed passwords, and some authentication details.

Scale of the Breach: Unfortunately, there’s no exact figure publicly available regarding the scale of the Dropbox Sign breach in May 2024.

Type of Data Exposed: The type of data exposed varied depending on the user:

  • Customer information like email addresses, usernames, phone numbers, and hashed passwords were potentially accessed.
  • General account settings and authentication details such as API keys, OAuth tokens, and multi-factor authentication keys might have been compromised.
  • For those who received or signed a document but never created an account, only email addresses and names were exposed.

Cause of the Breach: Hackers gained access through a compromised service account used for managing Dropbox Sign.

Dropbox Sign blog post on the incident: https://sign.dropbox.com/blog/a-recent-security-incident-involving-dropbox-sign

Cooler Master

In May 2024, Cooler Master experienced a significant data breach affecting its Fanzone website, which is used for product registration, warranty services, and customer support. The breach occurred on May 19 and was perpetrated by a hacker known as “Ghostr,” who managed to download 103 GB of data.

Scale of the Breach: Reports suggest over 500,000 Fanzone member accounts were affected.
Type of Data Exposed: The stolen data reportedly included information from over 500,000 Fanzone members, potentially including:

  • Names
  • Email addresses
  • Phone numbers
  • Physical addresses
  • Product information (products registered for warranty)

Cause of the Breach: A threat actor known as “Ghostr” claimed responsibility. They gained access through the Cooler Master Fanzone website, a platform for registering product warranties and submitting support tickets.

Cencora

Cencora, formerly known as AmerisourceBergen, is a large pharmaceutical distributor with operations in over 50 countries.

Scale of the Breach: Millions of patients could be impacted. While the exact figure remains unconfirmed, reports suggest data breaches affecting at least a dozen pharmaceutical companies partnered with Cencora.

Type of Data Exposed: Leaked information included personal data about patients, potentially including:

  • Names
  • Dates of birth
  • Addresses
  • Health diagnoses
  • Medication details and prescriptions

Cause of the Breach: The exact cause of the Cencora data breach in February 2024 hasn’t been officially confirmed by Cencora itself.

Cencora initially filed a report with the Securities and Exchange Commission (SEC) on February 21st, 2024, indicating they discovered a data breach: https://www.sec.gov/Archives/edgar/data/1140859/000110465924028288/tm247267d1_8k.htm

Keep your organization out of breach headlines by ensuring your organization not only knows where all its sensitive data is stored but can also protect it wherever it lives and moves.

Take a look at our unique, data-centric approach!

Share on social media
  • Data Breach Report: July 2024 Edition

    PKWARE July 19, 2024
  • Data Detection and Response (DDR): Revolutionizing Data Security

    EJ Pappas July 9, 2024
  • Understanding the Digital Operational Resilience Act

    PKWARE July 6, 2024
  • Data Breach Report: June 2024 Edition

    PKWARE June 20, 2024