Data Breaches

On November 9, a significant data breach rattled Fordham University, impacting thousands of students and faculty members. The breach compromised sensitive information, including email passwords, names, phone numbers, and gender identities of both current and former members associated with the institution. An investigation by the IT Office of Information Security and Assurance revealed that the...

General Electric (GE), a prominent American multinational operating in power, renewable energy, and aerospace sectors, is investigating a reported cyberattack where a threat actor claimed to have breached the company's development environment and leaked purportedly stolen data. Earlier this month, an individual known as IntelBroker attempted to sell access to GE's "development and software pipelines"...

Robeson Health Care Corporation, a US-based healthcare provider, has revealed a data breach exposing sensitive data that might have impacted tens of thousands of individuals. In their latest disclosure on November 27th, the corporation disclosed the detection of malware in their systems back in February. After concluding an investigation around October 9th, Robeson estimated that...

Tech conglomerate LY Corp disclosed a significant data breach, revealing that approximately 440,000 personal data items, including over 300,000 linked to Line messaging app users, were exposed due to unauthorized access to an affiliate's computer system in October. The leaked information, devoid of banking details, credit cards, or Line app chat content, posed no reported...

Somerset NHS Foundation Trust initiated contact with individuals affected by a recent data breach at Musgrove Park Hospital. The trust disclosed that nearly 200 patients had their hospital records inappropriately accessed by a staff member. The breach, spanning six years, involved the staff member accessing records of individuals they were acquainted with. During their role,...

On September 29, 2023, MG Stover took the necessary step of notifying the Attorney General of Massachusetts about a data breach stemming from an incident involving Retool, one of its vendors. This breach resulted in unauthorized access to sensitive consumer information, including names, Social Security numbers, addresses, email addresses, phone numbers, and dates of...

On November 19, 2023, Precisely Software Inc. took the step of reporting a concerning data breach to the Attorney General of Montana, acknowledging unauthorized access within its computer network. This breach has potentially compromised a wealth of sensitive consumer information, encompassing names, addresses, dates of birth, Social Security numbers, driver’s license numbers, passport numbers,...

On November 21, 2023, NSC Technologies disclosed a significant data breach, prompting a notice to the Attorney General of Maine. The breach, discovered after a recent cyberattack, allowed unauthorized access to the company’s IT network, compromising consumers' sensitive information, notably including names and Social Security numbers. Following the breach, NSC Technologies initiated an extensive investigation...

Indian Hotels, the entity behind Taj Hotels Group, is actively investigating reports surrounding a potential data breach impacting approximately 1.5 million users from their database. Allegedly, this data, spanning from 2014 to 2020, has surfaced on the dark web with a price tag of $5,000. The matter has been escalated to the Computer Emergency Response...

The Canadian government recently acknowledged a cyber attack that compromised data through third-party contractors, Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services. Although not a direct hit on government systems, the breach impacted data associated with government employees, Canadian Armed Forces members, and RCMP personnel dating back to 1999. The...

Blue Shield of California (Blue California), an established insurance entity and member of the Blue Shield Association, faced a concerning data breach involving one of its vendors, Medical Eye Services, Inc. (MESVision). The breach, disclosed through Blue California's filing with the Attorney General of Montana on November 17, 2023, resulted in unauthorized access to...

Enstar Inc., a reputable insurance and business management firm headquartered in Bermuda, disclosed a significant data breach following the discovery of a critical vulnerability in MOVEit, a file-transfer program employed by Enstar. The breach led to unauthorized access to sensitive consumer information, including names, Social Security numbers, and driver's license numbers. The incident, revealed through...

Prestige Care Inc., a prominent senior-care provider operating across the western United States, has reported a significant data breach incident to the U.S. Department of Health and Human Services Office for Civil Rights. The breach, discovered by Prestige Care, involved unauthorized access to their computer network, potentially compromising sensitive information of individuals, including names,...

Welltok, a Denver-based patient engagement company under Virgin Pulse, has acknowledged being targeted by the Clop hacking group, exploiting a zero-day vulnerability (CVE-2023-34362) within Progress Software’s MOVEit Transfer tool in May 2023. Around 3.5 million individuals have been notified about their involvement in the data breach, impacting various health plan members. The company, entrusted with...

AutoZone, a prominent automotive parts and accessories retailer with a widespread presence across the U.S. and several countries, has disclosed a significant data breach affecting approximately 184,995 individuals. The breach, part of the Clop MOVEit file transfer attacks, stemmed from an exploitation of a vulnerability associated with the MOVEit application. The intrusion, identified on May...