Risk to Business: 1.762 = Severe

Health insurance giant United HealthCare has informed members that it has experienced a data breach. The problem was uncovered on February 22, 2023, when United identified suspicious activity on its local app that may have led to the disclosure of members’ personal information. The company estimates that the breach happened between February 19 and February 25, 2023. Members may have had personal information exposed in the breach including first and last names, health insurance member ID numbers, dates of birth, addresses, dates of service, provider names, claim information and group names and numbers. UnitedHealthcare said that Social Security and driver’s license numbers were not exposed. Affected members have been informed via letter.  

Risk to Business: 1.681 = Severe

U.S. Navy contractor Fincantieri Marine Group (FMG) experienced a ransomware attack last week that is causing a temporary disruption to certain computer systems on its network. A company spokesperson said that the ransomware attack on the Fincantieri Marinette Marine shipyard disrupted operations across the shipyard by rendering data on network servers unusable as well as impacting critical CNC (Computer Numerical Control) manufacturing machines. The company said that it doesn’t have any indication that employee data was compromised. The incident is under investigation.  

Risk to Business: 1.919 = Severe

Late last week The Diocese of Las Vegas admitted that it had experienced a data breach that may have exposed sensitive data. The breach was discovered on March 12, 2023, and concerned data held by the Diocese about its volunteers, parishioners, donors and others. The Diocese did not specify exactly what types of information were stolen, but it was quick to reassure the public that employee payroll and benefits information and Catholic Stewardship Appeal information were not impacted. The incident has been reported to the relevant authorities.

Risk to Business: 1.781 = Severe

CIC Group, Inc. a commercial and industrial business holding company based in St. Louis, Missouri, has disclosed that it was recently the victim of a cyberattack. In a filing with the Texas Attorney General’s Office, CIC Group said that an unauthorized party had gained access to confidential customer information that the company was holding including consumers’ names, addresses and Social Security numbers. The company has begun sending out data breach notification letters to everyone who was impacted by the incident.  

Risk to Business: 1.336 = Extreme

A mid-March ransomware attack has resulted in highly sensitive data about and belonging to thousands of public school students in Minneapolis being exposed on the dark web. The ransomware group Medusa claimed responsibility for the attack and began releasing information on its dark web leak site last week. Many students’ identifying data including birthdays and Social Security numbers was exposed, but that’s not the most sensitive data by far. The torrent of an estimated 200,000 files stolen from includes data about incidents of students exhibiting behavioral issues, documentation of problems at home like divorcing or incarcerated parents, data about conditions like Attention Deficit Disorder, documented indications of injuries, results of intelligence tests and what medications they take. Documents detailing allegations of abuse by district staff are also in this tranche, including the accusing student’s name, date of birth and address.

Risk to Business: 2.772 = Moderate

Hardenhuish School in Chippenham, Wiltshire, has been hit by a ransomware attack that has disrupted its systems. The school confirmed that the incident was a ransomware attack but did not specify a ransom demand. Hardenhuish School said that its IT staff are working to restore full functionality, but in the meantime, they’ve resorted to low-tech solutions like old-fashioned paper registers. The school is working with authorities to investigate the incident.

Risk to Business: 1.786 = Severe

Bitmarck, the largest IT provider serving Germany’s health system, announced that it had experienced a cyberattack last Sunday. The attack caused Bitmarck to take both its customer-facing and internal networks offline. The company said that it does not believe that any data was stolen, although it cautioned that an investigation by external experts was ongoing. The systems outage may have a widespread effect in Germany, as electronic certificates are used to obtain sick leave. Pharmacies may also be impacted.   

Risk to Business: 2.873 = Moderate

Questions are flying as Amnesty International Australia has just disclosed a data breach that occurred in December 2022.  Amnesty International Australia sent an email to supporters informing them their data may be at risk late last week as well as posting a statement on its website after numerous media inquiries. A spokesperson said that “some low-risk information relating to individuals who made donations in 2019 was accessed.”, asserting that the stolen data did not meet Australia’s reporting threshold. Reports identify the likely stolen data as a donor’s name, email address and phone number.