The Week in Breach News: 11/15/23 – 11/21/23

Risk to Business: 1.627 = Severe

Carpet cleaning company Stanley Steemer has filed a notice of data breach with the Maine Attorney General’s office. The company said that the attackers gained access to its systems in early February 2023, and it first noticed the intrusion in March 2023. Hackers may have obtained customer names, Social Security numbers, driver’s license numbers and financial account information, including credit and debit card information along with security codes and PIN codes. A total of 66,978 customers were impacted.

Risk to Business: 1.632 = Severe

Financial software provider MeridianLink is the star of one of this week’s weirdest cybercrime stories. The ALPHV/Black Cat ransomware group added MeridianLink to its leak site last week, and the company subsequently confirmed the attack. However, ALPHV/Black Cat took an extraordinary step in its quest to pressure the company into paying a ransom. The group announced on its dark web leak site that it had reported MeridianLink to the U.S. Securities and Exchange Commission (SEC) as being in violation of the SEC’s new reporting rules. To prove it, ALPHV/Black Cat posted a screenshot of the form it claimed to have sent to the SEC. However, those rules are not yet in effect. No ransom amount has been publicized.

Risk to Business: 1.403 = Extreme

 Mail order pharmacy Truepill has disclosed that it experienced a data breach that impacted an estimated 2.4 million people. The California-based company reported the data breach to federal regulators on October 30. In a breach notice, Truepill said that it had discovered that bad actors had gained access to a subset of files used for pharmacy management and fulfillment services for three days, from August 30 to September 1, 2023. Compromised files contained patient names, medication type, demographic information and/or prescribing physician names. Social Security numbers were not affected. Six Federal class-action lawsuits have been filed against the company in the last week.

Risk to Business: 1.440 = Extreme

Major medical transcription service Perry Johnson & Associates (PJ&A) has experienced a data breach that has impacted an array of healthcare providers around the U.S. including massive health systems Cook County Health in Illinois and Northwell Health in New York. The unauthorized party may have obtained protected health information, including names, dates of birth, medical record numbers, hospital account numbers, admission diagnoses, addresses, and dates of service. The breach also included Social Security numbers, insurance information, and clinical information from medical transcription files, such as medication information and test results. 

Risk to Business: 1.673 = Severe

The city government of Long Beach, California has declared a state of emergency after a ransomware attack knocked government services offline. The November 14 attack has impacted many city systems including payment processing, public services, city call centers and the central website of the city administration. These systems are expected to remain offline for several days as the investigation is being carried out. Public safety and emergency systems have remained unaffected.

Risk to Business: 1.891 = Severe

The British Library is struggling to recover from an October 28 ransomware attack. The attack knocked out phone lines and on-site services at its main building in London and a separate facility in Yorkshire, as well as access to digital collections, its website and digital catalog. The library informed the public that most of its services remain down, and it is only able to issue temporary reader passes and support “very limited, manual collection item ordering” via paper forms and a printed catalog. There’s no timeline available for the restoration of the impacted services. The Rhysida ransomware group has claimed responsibility.

Risk to Business: 2.802 = Moderate

Samsung has announced a data breach that mainly impacts customers in the UK. The company admitted this week that attackers exploited a vulnerability in an unnamed third-party business application to access the personal information of customers who made purchases at Samsung UK’s store between July 1, 2019, and June 30, 2020. hackers may have accessed their names, phone numbers, postal addresses and email addresses. No financial data, such as bank or credit card details or customer passwords, were impacted.

Risk to Business: 2.716 = Moderate

The Medusa ransomware group is claiming responsibility for a ransomware attack on Toyota. The world’s largest automaker confirmed that its Toyota Financial Services (TFS) arm in Europe and Africa was hit, saying that it had discovered unauthorized activity on its network last week. Medusa claims to have snatched a variety of data including leasing contracts, email addresses, usernames and passwords, passport details and other sensitive data. The group is demanding an $8 million ransom.