Public Data Breaches

School software vendor Raptor Technologies recently distributed a “Notice of Externally Accessible Data” to their customers, stating that a vulnerability in specific cloud-hosted data repositories exposed customer data. In the notification, Raptor Technologies details that the following information was externally accessible: students’ names, school identification numbers, documents uploaded by ...

CONTINUE READING >

Mint Mobile is notifying impacted customers that their personal information was exposed in a breach following a cyberattack. Compromised data includes names, mobile numbers, email addresses, and IMEI and SIM serial numbers that can be used to perform SIM swapping attacks .

CONTINUE READING >

Comcast revealed that nearly 36 million Xfinity customers’ information was exposed due to a cyberattack against their systems. The company was targeted via Citrix vulnerability – referred to as Citrix Bleed and tracked as CVE-2023-4966 – that allowed unauthorized threat actors to access and exfiltrate data from their systems. ...

CONTINUE READING >

ZeroedIn Technologies, a data analytics company providing services to clients including Family Dollar and Dollar Tree, disclosed a data breach on November 27. Personally identifiable information (PII) for nearly 2 million people was exposed after hackers gained unauthorized access to systems, and reports indicate that New Jersey residents are ...

CONTINUE READING >

Last week, Okta identity and access management (IAM) service identified adversarial activity that leveraged a stolen credential to access the support case management system. The threat actor was able to view sensitive HTTP Archive (HAR) files uploaded by a limited number of Okta customers as part of recent support ...

CONTINUE READING >

Some Jefferson Cherry Hill Hospital patients are being cautioned that their data may have been exposed after a portable backup device was discovered missing on June 15. While it is yet to be determined if the device was lost or stolen, stored data included protected health information (PHI) and, ...

CONTINUE READING >

An employee accidentally exposed data associated with 5,600 VirusTotal customers. VirusTotal , a subsidiary of Google Cloud's Chronicle unit, allows customers to publicly upload and inspect files to determine if malicious content is detected, and provides subscription and premium services that enable organizations to upload files privately. Researchers who ...

CONTINUE READING >

Brightly Software distributed notifications to current and former users regarding a security incident impacting accounts associated with the SchoolDude software suite application. This online platform is used by educational institutions to manage maintenance work orders. Through unauthorized access, a threat actor was able to obtain information regarding current and former ...

CONTINUE READING >

iD Tech, an online children’s academy that offers a variety of STEM courses, suffered a data breach in February, and nearly one million records were subsequently posted to a popular dark web hacking forum. Compromised data includes 415,000 unique email addresses, names, dates of birth, and plaintext passwords. While ...

CONTINUE READING >

Summary Yum! Brands fast food corporation revealed that an undisclosed number of employees’ personal information was exposed in a breach caused by a ransomware incident the company experienced in January 2023. Yum! Brands operates the fast-food chain brands KFC, Pizza Hut, and Taco Bell. Exposed information may include names, Driver’s ...

CONTINUE READING >

Genova Burns LLC , which provides legal representation for Uber Technologies, Inc., is notifying an undisclosed number of Uber drivers that their personal information may have been impacted after suffering a security incident. Impacted data included information, such as Social Security numbers and/or tax identification numbers, of certain drivers who ...

CONTINUE READING >

NCB Management Services , a debt collection company located in Trevose, PA, discovered that an unauthorized party gained access to NCB’s systems on February 1. In documents filed with Maine’s Attorney General, the company identified that nearly 500,000 individuals' names, addresses, phone numbers, email addresses, dates of birth, employment ...

CONTINUE READING >

Summary AT&T is notifying approximately nine million wireless customers that an unauthorized user accessed their information after a third-party marketing services vendor was breached. Compromised data includes customer proprietary network information (CPNI), which contains telephone-related details typically found on a monthly billing statement, such as technical information, type of service, ...

CONTINUE READING >

The NJCCIC recently reported on the LastPass breach in August and provided an update revealing that threat actors accessed source code and proprietary technical information from its development environment through a compromised employee account, resulting in the acquisition of credentials and keys to steal information from a backup stored ...

CONTINUE READING >

Pepsi Bottling Ventures LLC released a consumer notification letter regarding a data breach that occurred approximately December 23, when an unknown party gained access to the company’s internal IT systems and installed information-stealing malware. The unusual activity was detected on January 10, when the company took action to secure its ...

CONTINUE READING >

TruthFinder and Instant Checkmate, two subscription-based background check services owned by PeopleConnect, suffered a data breach affecting over 20 million customers. These services are especially popular with employers in the United States to learn more about job applicants’ experience, education, criminal records, and online conduct by reviewing publicly available information ...

CONTINUE READING >

On January 19, mobile telecommunications company T-Mobile posted a press release notifying users of a data breach that exposed the information of 37 million customer accounts. The breach, detected on January 5, resulted from a threat actor accessing a T-Mobile Application Programming Interface (API) since at least November 25. The ...

CONTINUE READING >

PayPal, a popular online payment platform, notified users of breached accounts as a result of credential stuffing attacks between December 6 and 8. Unauthorized parties compromised almost 35,000 accounts with access to full names, dates of birth, postal addresses, Social Security numbers, individual tax identification numbers, transaction histories, connected credit ...

CONTINUE READING >

On January 4, CircleCI notified customers of a security incident and subsequent breach. CircleCI , similar to GitHub, is a continuous integration and delivery platform (CI/CD) that aids development teams in building fully automated pipelines from initial build to deployment. An unauthorized third party breached CircleCI around December 16 after ...

CONTINUE READING >

On January 13, email marketing company Mailchimp released a security report detailing a breach caused by a compromised customer service employee account. On January 11, the Mailchimp security team discovered an unauthorized actor accessing a Mailchimp customer service and administration tool. Mailchimp determined the initial attack vector was through a ...

CONTINUE READING >

Reusing passwords for multiple accounts can lead to password compromise, unauthorized account access, cyberattacks, and data breaches. Gen Digital, formerly Symantec Corporation and NortonLifeLock, notified customers of breached Norton Password Manager accounts in credential stuffing attacks as a result of compromised accounts on other platforms. NortonLifeLock believed an unauthorized third ...

CONTINUE READING >

Chick-fil-A has launched an investigation after multiple customers reported suspicious activity on their accounts. The customers posted on various social media platforms stating that their accounts were accessed, accrued reward points were used, and orders were placed using the saved payment method. A researcher also noted that hackers were observed ...

CONTINUE READING >

US burger chain Five Guys disclosed a data breach impacting job applicants. The cybersecurity incident discovered on September 17 resulted in unauthorized access to files and was blocked the same day. On December 8, Five Guys discovered that an unauthorized actor accessed the sensitive information of an unknown number of ...

CONTINUE READING >