Cyber Security

Corporation: DriveSure

Number of Individuals Impacted: 3:8 Million

A threat actor posted multiple databases claiming to originate from  drivesure.com  on a popular English-speaking dark web hacking forum,  according to Risk Based Security . In a lengthy post to prove the databases’ high quality, the threat actor detailed the leaked files and the user information, with numerous backend files and folders leaked, Risk Based Security found.

One leaked folder exposed 91 sensitive databases containing detailed dealership and inventory information, revenue data, reports, claims, and client data. User data exposed in the compromised files includes: names; addresses; phone numbers; email addresses; IP addresses; automobile details; VIN numbers; car service records; damage claims; hashed passwords; text and email messages with clients.

The information leaked in these databases is prime for insurance scams, with criminals using personally identifiable information, damage claims, extended car details, and dealer and warranty information to target insurance companies and policyholders. User credentials can be leveraged by threat actors to break into other platforms such as bank accounts, personal email accounts, and corporate systems.

Corporation: Florida Healthy Kids Corporation

Number of Individuals Impacted: 3.5 Million

The web platform used to host the Florida Healthy Kids website - Jelly Bean Communications Design – was hacked, meaning that personal information supplied by Florida families who completed the organization’s online Florida KidCare Application between November 2013 and December 2020  could have been exposed to hackers .

Personal information that could have been exposed, used, or accessed by the hackers includes: full names; dates of birth; email addresses; telephone numbers; physical addresses and mailing addresses; Social Security numbers; financial Information such as wages, alimony, child support, royalties, and tax deductions; secondary insurance information; and family relationships among applicants.

The organization discovered that several thousand Florida KidCare applicant addresses had been inappropriately accessed, tampered with, and altered by the hackers. Cybersecurity experts discovered that Jelly Bean Communications Design had failed to apply security patches to its software, thereby exposing the website to vulnerabilities that were ultimately exploited by the hackers.

Corporation: Infinity Insurance Company

Number of Individuals Impacted: 5.72 Million

Infinity Insurance Company revealed in March that there had been  brief, unauthorized access to files  on servers in the Infinity network on two days in December 2020. Infinity conducted a comprehensive review of the files saved to the servers that were accessed, and found that some Social Security numbers or driver‘s license numbers were contained in the files.

This breach also affected current or former Infinity employees, where the exposed information included employees‘ names, Social Security numbers, and/or in limited cases medical information in connection with medical leave or workers compensation claims. Impacted employees and customers will receive a complimentary one-year credit monitoring service membership.

To reduce the risk of a similar breach in the future, Infinity said it’s continuing to review its cybersecurity program and will use information from the investigation to identify additional measures to further enhance the security of its network. “We understand the importance of protecting personal information and we sincerely apologize for the inconvenience,” the company wrote in a letter to employees.