Case Study
Corporation: 20/20 Eye Care Network
Number of Individuals Impacted: 3:25 Million
20/20 Eye Care Network discovered that data was removed from the S3 buckets hosted in its Amazon Web Services (AWS) environment and all the data in the S3 buckets was then deleted. Hackers might have gained access to the names, addresses, Social Security numbers, member identification numbers, dates of birth, and health insurance information for some or all of 20/20’s health plan members.
A cybersecurity firm investigated the breach for 20/20 and could not tell which files were seen or deleted by the unknown adversary. 20/20 doesn’t think there was any actual misuse of the personal or vision/hearing insurance information of its health plan members, but acknowledged it doesn’t know for sure.
Upon discovering the breach, 20/20 said it moved quickly to investigate and respond, assess the security of its systems, notify potentially affected individuals, and implement additional safeguards and training for its employees. 20/20 said it is also providing access to credit monitoring services at no cost for twelve months to individuals whose personal information was potentially compromised in the breach.
Corporation: DriveSure
Number of Individuals Impacted: 3:8 Million
A threat actor posted multiple databases claiming to originate from drivesure.com on a popular English-speaking dark web hacking forum, according to Risk Based Security. In a lengthy post to prove the databases’ high quality, the threat actor detailed the leaked files and the user information, with numerous backend files and folders leaked, Risk Based Security found.
One leaked folder exposed 91 sensitive databases containing detailed dealership and inventory information, revenue data, reports, claims, and client data. User data exposed in the compromised files includes: names; addresses; phone numbers; email addresses; IP addresses; automobile details; VIN numbers; car service records; damage claims; hashed passwords; text and email messages with clients.
The information leaked in these databases is prime for insurance scams, with criminals using personally identifiable information, damage claims, extended car details, and dealer and warranty information to target insurance companies and policyholders. User credentials can be leveraged by threat actors to break into other platforms such as bank accounts, personal email accounts, and corporate systems.
Corporation: Florida Healthy Kids Corporation
Number of Individuals Impacted: 3.5 Million
The web platform used to host the Florida Healthy Kids website - Jelly Bean Communications Design – was hacked, meaning that personal information supplied by Florida families who completed the organization’s online Florida KidCare Application between November 2013 and December 2020 could have been exposed to hackers.
Personal information that could have been exposed, used, or accessed by the hackers includes: full names; dates of birth; email addresses; telephone numbers; physical addresses and mailing addresses; Social Security numbers; financial Information such as wages, alimony, child support, royalties, and tax deductions; secondary insurance information; and family relationships among applicants.
The organization discovered that several thousand Florida KidCare applicant addresses had been inappropriately accessed, tampered with, and altered by the hackers. Cybersecurity experts discovered that Jelly Bean Communications Design had failed to apply security patches to its software, thereby exposing the website to vulnerabilities that were ultimately exploited by the hackers.
Corporation: Infinity Insurance Company
Number of Individuals Impacted: 5.72 Million
Infinity Insurance Company revealed in March that there had been brief, unauthorized access to files on servers in the Infinity network on two days in December 2020. Infinity conducted a comprehensive review of the files saved to the servers that were accessed, and found that some Social Security numbers or driver‘s license numbers were contained in the files.
This breach also affected current or former Infinity employees, where the exposed information included employees‘ names, Social Security numbers, and/or in limited cases medical information in connection with medical leave or workers compensation claims. Impacted employees and customers will receive a complimentary one-year credit monitoring service membership.
To reduce the risk of a similar breach in the future, Infinity said it’s continuing to review its cybersecurity program and will use information from the investigation to identify additional measures to further enhance the security of its network. “We understand the importance of protecting personal information and we sincerely apologize for the inconvenience,” the company wrote in a letter to employees.
Texoma Community Center notifies 24,030 patients of email hack in September, 2020
https://www.databreaches.net/texoma-community-center-notifies-24030-patients-of-email-hack-in-september-2020/
In August, Texoma Community Center in Texas (TCC) notified HHS that 24,030 patients had been impacted by breach involving a hack of email. TCC provides mental health, behavioral health, and intellectual and developmental disability services to adults and minors in the Sherman, Texas area.
Today, they issued a press release concerning what they describe as a “recent event.” “Recent?” It occurred almost one year ago.
United Nations’ Computers Breached by Hackers Earlier This Year
https://finance.yahoo.com/news/united-nations-computers-breached-hackers-110000816.html
(Bloomberg) -- Hackers breached the United Nations’ computer networks earlier this year and made off with a trove of data that could be used to target agencies within the intergovernmental organization.
The hackers’ method for gaining access to the UN network appears to be unsophisticated: They likely got in using the stolen username and password of a UN employee purchased off the dark web.
“We can confirm that unknown attackers were able to breach parts of the United Nations infrastructure in April of 2021,” Stéphane Dujarric, spokesman for the UN Secretary-General, said in a statement on Thursday. “The United Nations is frequently targeted by cyberattacks, including sustained campaigns. We can also confirm that further attacks have been detected and are being responded to, that are linked to the earlier breach.”
The credentials belonged to an account on the UN’s proprietary project management software, called Umoja. From there, the hackers were able to gain deeper access to the UN’s network, according to cybersecurity firm Resecurity, which discovered the breach. The earliest known date the hackers obtained access to the UN’s systems was April 5, and they were still active on the network as of Aug. 7.
“Organizations like the UN are a high-value target for cyber-espionage activity,” Resecurity Chief Executive Officer Gene Yoo said. “The actor conducted the intrusion with the goal of compromising large numbers of users within the UN network for further long-term intelligence gathering.”
In any event, TCC notes that on October 20, 2020, they became aware of suspicious activity related to employee email accounts. Investigation revealed that their had been unauthorized access between September 24, 2020 and December 1, 2020 to several email accounts. Because they could not figure out which emails had been accessed, they reviewed all of them.
FocaLeaks claims to have hacked El Salvador Police, gained access to records on civilians, agents, and criminal investigations
https://www.databreaches.net/focaleaks-claims-to-have-hacked-el-salvador-police-gained-access-to-records-on-civilians-agents-and-criminal-investigations/