The Week in Breach News: 12/26/23 – 01/02/24

Risk to Business: 1.617 = Severe

Major insurer Fidelity National Financial has reported a data breach after a November 2023 cyberattack struck one of its subsidiaries. A successful cyberattack at LoanCare, one of the U.S.’s largest providers of loan sub-servicing, led to data exposure for 1,316,938 people. The company said that the attack took place around November 19, 2023. Clients may have had personal data exposed including their name, address, social security number and loan number. Victims are being offered two years of identity protection services from Kroll. 

Risk to Business: 1.691 = Severe

National Amusements, the corporate parent of major entertainment companies including Paramount and CBS has disclosed that it experienced a data breach in December 2022 in a filing with the Maine Attorney General. The conglomerate says that it discovered the incident in August 2023, which resulted in hackers snatching the personal information of 82,128 people including employees and former employees. The filing specified that the hackers also stole financial information, such as banking account numbers or credit card numbers in combination with associated security codes and passwords.

Risk to Business: 2.703 = Moderate

Xfinity has announced that it experienced a data breach in late October 2023 because of the Citrix Bleed vulnerability. The company said that hackers breached one of its servers and obtained customer information, resulting in data exposure for an estimated 35,879,455 people. The stolen data includes usernames and hashed passwords as well as customer names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers. The Citrix Bleed vulnerability first surfaced in August 2023.

Risk to Business: 1.840 = Severe

Mobile telephone provider Mint Mobile has sent customers a notice of a data breach. The December 22 notice stated that bad actors had obtained access to customer data. That resulted in the exposure of customers’ names, phone numbers, email addresses, SIM serial number and IMEI, and service plan information. That information can be used for SIM-swapping operations. The company was quick to assure customers that other sensitive data was not impacted, saying that it does not collect credit card numbers, social security numbers, dates of birth, driver’s license data or other government-provided identifiers.

Risk to Business: 1.423 = Extreme

Apparel giant VF Corporation, owner of big brands including North Face, Vans, Timberland and Jansport, is one of the first companies to report a data breach under the new rules set by the U.S. Securities and Exchange Commission (SEC). The company declared that it detected unauthorized activity on a portion of its information technology systems on December 13, 2023, forcing it to shut down some systems. Bad actors encrypted some of VF Corporation’s IT systems and helped themselves to the personal data of employees. The company said that it is working to bring the impacted portions of its IT systems back online and implement workarounds for certain offline operations. Its retail stores are open, but online sales and wholesale operations have been snarled.  

Risk to Business: 1.736 = Severe

The LockBit ransomware gang is claiming responsibility for a ransomware attack that hit London-based accountancy shop Xeinadin. The threat actors claim to have obtained 1.5 terabytes of Xeinadin’s sensitive internal and customer data including internal databases, customer financial reports, passport scans, client legal information and account balances. In addition, the cybercriminals claim to have gained access to “personal accounts of Companies House customers”. Several screenshots were posted on LockBit’s dark web leak site as proof of the hack.  

Risk to Business: 1.301 = Extreme

A Christmas Eve ransomware attack caused emergency care disruptions at three German hospitals owned by Katholische Hospitalvereinigung Ostwestfalen (KHO). The LockBit ransomware group has claimed responsibility for the cyberattack on Katholische Hospitalvereinigung Ostwestfalen (KHO). The ransomware attack knocked out emergency services and impacted operations at Franziskus Hospital Bielefeld, Sankt Vinzenz Hospital Rheda-Wiedenbrück and Mathilden Hospital Herford, all facilities with more than 600 beds. KHO officials said that it has already restored its patient data from backups and regular patient care and clinic operations are ongoing with minimal technical disruptions. No ransom demand was made public.

Risk to Business: 1.433 = Extreme

 A cyberattack on Court Services Victoria (CSV) has resulted in bad actors gaining access to the court system’s audio-visual archive. A spokesperson for CSV confirmed that threat actors may have accessed or stolen recordings of hearings held between November 1 and December 21, 2023, including witness testimony from highly sensitive cases. The attack came to light on December 21 when staff members were locked out of their computers with the onscreen message “YOU HAVE BEEN PWND”. CSV said County Court cases had been most severely affected. Recordings from the Supreme Court were also exposed including recordings from the Court of Appeal, the Criminal Division, the Practice Court and two regional hearings in November 2023. Some committal hearings from the Magistrates Court were affected, but the attackers were unable to access any recordings from the Children’s Court.