The Week in Breach News: 10/23/24 – 10/29/24

Kansas City Hospice & Palliative Care was added to BlackSuit’s victim list on October 19. While the organization’s website offers no further details, it confirmed launching an investigation with third-party forensic experts to assess the breach. Some systems were impacted, but operations continued without interruption, and the nonprofit is now fully recovered. Founded in 1980, Kansas City Hospice serves 5,700 individuals and families annually and is the largest hospice provider in the region, with over 300 employees and volunteers.

The Rhysida ransomware group has targeted Easterseals, seeking to extort $1.3 million from the organization that supports disabled children, seniors, and military veterans. Although Easterseals has not commented, it filed breach notification documents with Maine regulators, revealing a cyberattack at its Central Illinois location in April. The attack compromised the personal information of 14,855 individuals, including names, addresses, Social Security numbers and medical data. Affected individuals are being offered 12 months of identity protection services. The group has posted Easterseals on its leak site, demanding a 20 bitcoin ransom by October 30.

BronxWorks, a non-profit in New York that provides family, legal and health services, filed a data breach notice with the Massachusetts Attorney General after discovering that an unauthorized party accessed employee email accounts. The breach, which occurred between September 1 and October 11, 2023, also involved access to documents stored on SharePoint and OneDrive platforms. Compromised information includes names, Social Security numbers, passport numbers, digital signatures, medical and financial data and driver’s license numbers. BronxWorks has begun notifying affected individuals and is taking steps to address the security incident.

Arkansas Blue Cross and Blue Shield is assisting members after a vendor data breach on August 26. Its vendor, Healthmine, discovered unauthorized access to the Blue Wellness Rewards program portal, where a hacker redeemed digital gift cards and accessed members’ personal data, including names, addresses, emails, birth dates, and prescription histories. Social Security numbers and financial information were not compromised. The company reported the incident to law enforcement, hired a forensic firm and Healthmine disabled affected accounts and blocked suspicious domains.

Johnson & Johnson, an insurer unrelated to the pharmaceutical company, disclosed a security breach detected in mid-August 2024. A forensic investigation revealed that files related to its insurance operations may have been compromised, potentially exposing personal information. However, the exact data affected remains unclear. The breach impacted over 3,200 individuals. Johnson & Johnson claims that it has taken steps to strengthen its security following the incident.

World Vision Perú, a branch of the Christian relief, development, and advocacy organization World Vision, has fallen victim to a ransomware attack orchestrated by the Medusa group. This incident was discovered on October 14. Employee and client information likely exposed in this attack includes full names, passport scans and email addresses. Unspecified confidential business data was also snatched. No ransom demand was made public.

 The Vocational Training Center (BBZ) in Schaffhausen, Switzerland, suffered a ransomware attack earlier this month, the canton’s education department announced. Cybercriminals exploited a firewall vulnerability to block system access and demanded a ransom using encryption malware. The school has notified employees, parents, trainees and partner companies about the incident, and classes will resume as scheduled after the fall break.

Prosecutors in Bari, Italy, are investigating a data breach at Intesa Sanpaolo, the country’s largest bank, involving unauthorized access to around 3,500 customer accounts, including those of Prime Minister Giorgia Meloni and former Prime Minister Mario Draghi. An employee at a branch in Bitonto allegedly accessed the accounts between February 2022 and April 2024. The bank initiated disciplinary action and a full audit after its internal controls flagged irregular activity. Affected customers had already alerted authorities before the bank notified prosecutors. Intesa issued a public apology on October 13 and established a new security division, led by a recently retired senior police officer.