The Week in Breach News: 05/01/24 – 05/07/24

Risk to Business: 1.741 = Extreme

Kaiser Foundation Health Plan, which operates as Kaiser Permanente, is informing 13.4 million members that their personal data may have been exposed. The healthcare provider said that the incident took place in mid-April. In a statement, Kaiser Permanente said that it determined that online technologies previously installed on its website and mobile applications may have transmitted patients’ personal information to third-party vendors Google, Microsoft Bing and X (Twitter) when members and patients accessed its websites or mobile applications. The company said that patients’ usernames, passwords, Social Security numbers and payment information were not impacted. The incident has been noted on the Department of Health and Human Services’ breach notification portal.

Risk to Business: 1.356 = Extreme

City officials in Wichita, Kansas admitted that the city fell victim to a ransomware attack over the weekend that led to the shutdown of some of the city’s technology systems. Attackers hit the city government last Sunday, resulting in data encryption. To limit the spread of the attack, city workers shut down some systems including the water bill payment website and other online city services. The city said that systems will be restored gradually but did not offer a timeline for recovery.

Risk to Business: 1.221 = Extreme

JP Morgan is informing 451,000 retirement plan participants that their personal data has been exposed. The exposed information includes names, addresses, Social Security numbers, and details regarding payment and deductions. Some clients had their bank routing and account numbers compromised. The breach was discovered on Feb. 26, 2024. JP Morgan said that the data was exposed due to a flaw in software provided by an unnamed vendor. The financial services giant said that three unauthorized system users linked to J.P. Morgan customers or their agents had gained access to plan participant data ranging from August 26, 2021, and February 23, 2024. The flaw has since been corrected.

Risk to Business: 1.803 = Severe

Dropbox has admitted that hackers gained access to its company systems on April 24, 2024. The company said it discovered that hackers initially gained access to the production environment of Dropbox Sign. The bad actors were able to access information related to users of Dropbox Sign, including account settings, names and emails. For some users, phone numbers, hashed passwords and authentication information like API keys, OAuth tokens and multi-factor authentication methods were also exposed. Dropbox said that there is no evidence that the threat actor accessed the contents of users’ accounts, such as their agreements or templates, or their payment information. Dropbox was quick to reassure users that this incident was limited to Dropbox Sign users.

Risk to Business: 1.712 = Severe

The website for The State Security Committee of the Republic of Belarus, sometimes called Belarus’ KGB, has been knocked out. The hacktivist group the Belarusian Cyber-Partisans has claimed responsibility for the attack. The agency has not confirmed or denied the attack, instead claiming that the website outage is due to “the process of development”. The Cyber-Partisans group is a hacktivist collective that is part of the broader opposition movement in Belarus working to topple the regime of President Aleksandr Lukashenko, who has held that office since 1994.

Risk to Business: 2.376 = Severe

The Belarusian Cyber-Partisans hacktivist collective has claimed responsibility for a cyberattack on fertilizer maker Grodno Azot. The group says that they successfully hacked into the company and gained access to myriad systems. They say they gained control over security systems and surveillance cameras at a manufacturing plant, encrypted hundreds of computers and internal emails and wiped out the company’s backups of databases and servers. The hackers are demanding that the government release political prisoners in exchange for the return of the data.  

Risk to Business: 1.866 = Severe

Monash Health has disclosed that it has experienced a data breach following a data security incident at secure document management firm ZircoDATA. That company fell victim to a ransomware attack by the Black BASTA ransomware group in February 2024. Monash Health said in a statement that its investigation had revealed that the information involved relates to a selection of archived data from the family violence and sexual assault support units at Monash Medical Centre, the Queen Victoria Hospital and Southern Health, limited to the period from 1970 to 1993. Monash Health was quick to reassure the public that its own systems are secure.

Risk to Business: 1.602 = Severe

Lender Firstmac has confirmed that it has fallen victim to a ransomware attack. The fledgling EMBARGO cybercrime group has claimed responsibility. The hackers claim to have snatched more than 500 gigabytes of data, including databases, source code and sensitive customer data. Customers were informed that they may have had data exposed including name, tax file number, date of birth and contact information.