Monthly Breach Report: July 2023 Edition
In June 2023, a total of 79 publicly disclosed security incidents resulted in the compromise of nearly 15 million records. However, the actual number of compromised records would be higher if undisclosed incidents were taken into consideration. Healthcare experienced the most significant impact, followed by education and public sectors.
MOVEit and Clop ransomware
According to IBM’s “Cost of a Data Breach Report”, 19% of data breaches were attributed to compromises from the company’s business partners. For example, the breach of the MOVEit app.
Clop, a hacker group from Russia exploited the Progress Software’s MOVEit file transfer app, which is used by thousands of supply chain organizations around the world. Those that use the MOVEit app suffered a data breach resulting in customer and/or employee data being stolen.
Those affected include Shell, 1st Source Corp (SRCE.O), BBC, British Airways, Aer Lingus, UK Pharmaceutical retailer Boots, and Ofcom.
Additional organizations affected by the MOVEit breach included Oregon and Louisiana departments of motor vehicles, Genworth Financial, Wilton Reassurance and other 300+ victims list can be found here – https://konbriefing.com/en-topics/cyber-attacks-moveit-victim-list.html
3rd Party Cyber Attack Exposes PII of 8K pilots
A cybersecurity incident at a third-party vendor has impacted the personal information of pilots of at least two US airlines, including 5,745 pilots of American Airlines and 3,009 pilots from Southwest Airlines
The breach hit pilot and cadet applicant personal information during the hiring process, each airline stated. Personal information, including name and social security number, driver’s license number, passport number, date of birth, Airman Certificate number, and other government-issued identification numbers were compromised.
Almost one year ago exactly, American Airlines suffered another breach, when the email accounts of American Airlines were stolen. PII included name, date of birth, mailing address, phone number, email address, driver’s license, number, passport number, and certain medical information.
Medical data breach Impacts 489,830 Patients
Intellihartx, a Tennessee-based company that handles patient payment balances and collections, said in their filing with the Maine attorney general’s office that 489,830 patients information was stolen in the cyberattack targeting its vendor, Fortra.
Hackers stole PII including patient names, addresses, dates of birth, and Social Security numbers. Additionally, the breach compromised patient medical billing and insurance information, in addition to patient diagnoses and medication.
Scrubs & Beyond Leaks 400GB of User PII and Card Data
Scrubs & Beyond, a popular online retailer specializing in healthcare uniforms and accessories, has suffered a severe data exposure incident, revealing its customers’ PII and sensitive financial information.
The database was exposed in May 2023 and since then, the information has remained exposed. Currently, the server holds over 100,000 customer records, totaling 400 GB in size and it continues to grow daily.
Hackread.com lists the following exposed data types:
- Full name
- Email address
- Phone number
- Physical full address
- Internal credentials
- Purchase logs and orders
- Full payment card details with CVV and expiration details
Onix Group, a commercial real estate company
A commercial real estate company that operates more than a dozen addiction recovery centers and other medical facilities in the US has published that 319,500 patients were affected in a recent ransomware incident that compromised their personal and health information.
The affected files also contained employee information maintained for human resources purposes, including Full Name, Social Security numbers, direct deposit information, and health plan enrollment information.
The Department of Health and Human Services HIPAA Breach Reporting Tool website shows that Onix’s incident was among 295 major health data breaches that affected more than 37 million individuals reported to federal regulators so far in 2023.
Help keep your data safe and your business out of the data breach and cybersecurity headlines with the help of PKWARE. Learn more.
Ben Meyers March 13, 2024
