Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Databreach. Show all posts
Third Party Data
Databreach Personal Data Privacy Safety Security Third Party Data

HealthEquity Data Breach Exposes Personal Information

 

HealthEquity, a leading provider of Health Savings Accounts (HSAs), has confirmed a significant data breach affecting potentially 4.3 million customers. The breach, discovered in March but only confirmed in June, involved unauthorized access to a data repository containing sensitive personal information.

The compromised data may include names, addresses, phone numbers, Social Security numbers, employment details, and partial payment card information. However, HealthEquity emphasizes that the specific data exposed varies for each individual.   

In response to the breach, HealthEquity has taken steps to secure the affected data repository and implemented a global password reset for the third-party vendor involved. The company will be notifying impacted individuals in early August about the incident and providing details on the actions they are taking.   

To help protect customers, HealthEquity is offering two years of free credit monitoring and identity theft protection through Equifax. Impacted individuals will receive a notification letter with instructions on how to enroll in this service.   

While no hacker group has claimed responsibility for the breach and no data has been leaked publicly thus far, experts advise affected individuals to remain vigilant. Monitor bank statements, credit reports, and watch for suspicious emails or text messages.

This ongoing situation highlights the importance of protecting personal information and underscores the need for robust security measures by companies handling sensitive data.
Read more »
UK
Cyber Security Data Theft Databreach NHS Ransomware UK

Cybersecurity Expert Warns NHS Still Vulnerable After Major Ransomware Attack

 

A leading cybersecurity expert has warned that the NHS remains at risk of further cyber-attacks unless it updates its computer systems. This stark warning follows a significant ransomware attack that severely disrupted healthcare services across London. 

Prof Ciaran Martin, the founding CEO of the UK's National Cyber Security Centre (NCSC), told the BBC: "I was horrified, but not completely surprised. Ransomware attacks on healthcare are a major global problem." NHS England announced it was increasing its cybersecurity resilience and had invested $338 million over the past seven years to address the issue. 

However, Prof Martin’s warnings suggest more urgent action is necessary. A recent British Medical Association report highlighted the NHS's ageing IT infrastructure, revealing that doctors waste 13.5 million hours annually due to outdated systems - equivalent to 8,000 full-time medics' time. 

 The cyber-attack on 3 June, described by Prof Martin as one of the most serious in British history, targeted Synnovis, a pathology testing organisation. This severely affected services at Guy's, St Thomas', King's College, and Evelina London Children's Hospitals. 

NHS England declared it a regional incident, resulting in 4,913 outpatient appointments and 1,391 operations being postponed, alongside major data security concerns. The Russian-based hacking group Qilin, believed to be part of a Kremlin-protected cyber army, demanded a $40 million ransom. When the NHS refused to pay, the group published stolen data on the dark web. 

This incident reflects a growing trend of Russian cyber criminals targeting global healthcare systems. Now a professor at the University of Oxford, Prof Martin highlighted three critical issues facing NHS cybersecurity: outdated IT systems, the need to identify vulnerable points, and the importance of basic security practices.

He further said, "In parts of the NHS estate, it's quite clear that some of the IT is out of date." He stressed the importance of identifying "single points of failure" in the system and implementing better backups. 

Additionally, he emphasized that improving basic security measures could significantly hinder attackers, noting: "Those little things make the point of entry quite a lot harder for the thugs to get in." Emphasizing the severity of the recent attack, he said, "It was obvious that this was going to be one of the most serious cyber incidents in British history because of the disruption to healthcare."
Read more »
Real Estate Scam
Breach Cyber Attacks CyberCrime Databreach Real Estate Scam

Suffolk Cyberattacks: Breach Hamper Suffolk County Real Estate Industry

The local real estate industry has been severely hampered by a breach, that caused the Suffolk County government servers to shut down for more than 20 days.

Since September 8, the cyberattack has prevented access to county websites, servers, and databases, making it impossible to check property titles or submit records. Consequently, obstructing most of the transactions from going through.

According to Sheri Winter Parker, a Corcoran broker, confusion over the situation and when it might end means “my phone is ringing with nonstop texts and emails.”

According to The Suffolk Times, hacking group BlackCat claims credit for the Suffolk cyberattacks and demands a ransom payment in order to restore access to government servers. The BlackCat threat actors state that they have access to around four terabytes of data including individual residents, while much of the data is from the clerk.county.suf domain.

Although County officials have resorted to restoring some records in person, online databases remain inaccessible. Furthermore, County email addresses are offline too, resulting in a massive disruption for brokers, lawyers, and title companies, along with buyers and sellers.

According to Michael Gulotta, founding partner of Gulotta & Gulotta, a Ronkokoma-based law firm, “Real estate transactions are on hold[...]About 45 percent of our business is real estate. This has impacted our staff, clients, and affiliates in a major way.”

Computer experts, on the other hand, are raising concerns that Palo Alto, the cybersecurity company providing the front-line firewall of Suffolk’s defense against cyberattacks, is serving as the main forensic auditor to investigate what happened when the county’s system was hacked.

Palo Alto and RedLand (another cybersecurity company) are both responsible to safeguard Suffolk’s computer system since 2019. Besides, both companies were awarded new contracts in order to manage the county’s response to the attacks, analyse the breach and help resolve the issue.

Suffolk is yet to announce how exactly the threat actors breached its systems. However, the company has not blamed RedLand or Palo Alto for the attacks.

Since the county is still repairing damages from the attack, the police department, the Department of Health Services, and the Traffic and Parking Violations Agency have all taken a hit. 

Read more »
Spain
Cyber Attacks Data Stolen Databreach Iberdrola Spain

1.3 million Iberdrola Customers Hit In Cyberattack

 

A few days ago, the Iberdrola group was hit by a cyberattack that successfully exposed the sensitive credentials of 1.3 million customers, the company confirmed. 

The company further added that the computer breach was stopped within a few hours and the matter was resolved the same day. However, unfortunately, the attack has affected 1.3 million users. The hackers, reportedly, could only access name, surname, and ID. They failed to get access to bank, tax, or electricity consumption data. The next day, once the breach was closed, the company detected massive attacks that did not achieve its objective. 

Following the attack, a statement was released by the company for its customers in which Iberdrola assured that all the necessary steps have been taken to mitigate the impact of the attack and no financial data such as bank details, account numbers, or credit cards details have been violated. Additionally, for future safety, the company has recommended its customers be more cautious of any emails or communications impersonating to be from Iberdrola. 

"If you have received the statement issued by the company, you must be vigilant and regularly monitor what information circulates on the Internet to detect if your private data is being used without your consent," the representatives added. 

The group was chaired by Ignacio Galán who brought forth the same attacks that took place in the Cercanías service in Madrid, in the Congress of Deputies, or in other European institutions. However, he said that the attackers have not had access to critical data. Further, Iberdrola revealed that “we were warned by the United States government about the possibility of a cyber-attack after the invasion of Ukraine.”

Iberdrola is a giant Spanish multinational electric utility company that has more than 34,000 employees serving around 31.67 million customers. The company has the largest shareholders in the global market. According to the 2013 report, the largest shareholder of the company was Qatar Investment Holding, Norges Bank, Kutxabank, and CaixaBank.

Read more »
Subscribe to: Posts (Atom)