7,531,492 known records breached in 124 newly disclosed incidents
Welcome to this week’s global round-up of the biggest and most interesting news stories.
At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks.
Update on last week’s story about the alleged US EPA (Environmental Protection Agency) breach: it appears the data was already publicly available. We’ve therefore removed this entry from our incident log.
Publicly disclosed data breaches and cyber attacks: in the spotlight
AT&T confirms more than 50 million customers affected by March data breach
On 17 March, a threat actor known as Major Nelson listed more than 70 million data records on a dark web forum, claiming it to be data originally exfiltrated from AT&T by a threat actor known as ShinyHunters in 2021. AT&T said the data did not come from its systems.
Now, the company has confirmed that more than 50 million people’s data was in fact included in the 17 March data leak. Compromised data included full names, email addresses, postal addresses, phone numbers, Social Security numbers, dates of birth, AT&T account numbers and AT&T passcodes. According to AT&T’s investigation, the data appears to be from June 2019 or earlier.
Data breached: 51,226,382 people’s data.
Giant Tiger confirms data breach via third party
The Canadian retail chain Giant Tiger has reported that one of its vendors has suffered a cyber attack, affecting nearly 3 million Giant Tiger customer data records. Compromised data included customers’ names, postal addresses, email addresses, phone numbers and purchase data, all of which was leaked online.
The data breach notification website Have I Been Pwned added the data to its database on 12 April, confirming that 46% of the records were already in its database.
Data breached: 2,842,669 records.
Cyber attack causes Traverse City Area Public Schools to cancel classes
TCAPS (Traverse City Area Public Schools) in Michigan cancelled classes on 1 and 2 April because of what it described as “network disruption that impacted the functionality and access of certain systems”.
On 14 April, a threat actor known as Medusa claimed to have stolen 1.2 TB of data from TCAPS, demanding a ransom of $500,000.
Data breached: 1.2 TB.
Publicly disclosed data breaches and cyber attacks: full list
This week, we found 7,531,492 records known to be compromised, and 124 organisations suffering a newly disclosed incident. 105 of them are known to have had data exfiltrated, exposed or otherwise breached. Only 3 definitely haven’t had data breached.
We also found 24 organisations providing a significant update on a previously disclosed incident.
| Organisation(s) | Sector | Location | Data breached? | Known data breached |
| AT&T Inc. Source 1; source 2 (Update) | Telecoms | USA | Yes | 51,226,382 |
| boAt Lifestyle Source 1; source 2 (Update) | Manufacturing | India | Yes | 7,528,986 |
| Giant Tiger Source 1; source 2; source 3 (Update) | Retail | Canada | Yes | 2,842,669 |
| Traverse City Area Public Schools Source 1; source 2 (Update) | Education | USA | Yes | 1.2 TB |
| Unknown (attributed to Accor) Source 1; source 2 (New) | Hospitality | France | Yes | 642,000 |
| Inszone Insurance Services Source (New) | Insurance | USA | Yes | 615,672 |
| Roku Source (New) | Software | USA | Yes | 576,000 |
| Group Health Cooperative of South Central Wisconsin Source (New) | Healthcare | USA | Yes | 533,809 |
| Houser LLP Source 1; source 2 (Update) | Legal | USA | Yes | 370,001 |
| iCabbi Source; source 2 (New) | Software | UK | Yes | 287,000 |
| DISB (District of Columbia Department of Insurance, Securities and Banking) Source 1 (New) | Public | USA | Yes | “few hundred” GBs |
| CURVA Source 1; source 2 (New) | Retail | Egypt | Yes | 105,000 |
| Pregnant women in El Salvador Source (New) | Healthcare | El Salvador | Yes | 96,191 |
| Paducah Dermatology Source (New) | Healthcare | USA | Yes | 80,161 |
| Nexperia Source (New) | Manufacturing | Netherlands | Yes | 74 GB |
| Gaia Software Source 1; source 2 (New) | Software | USA | Yes | 56,676 |
| forum.kasperskyclub.ru Source 1; source 2 (Update) | IT services | Russia | Yes | 55,971 |
| Bradford-Scott Data, Massachusetts Family Credit Union, Methuen Federal Credit Union, Priority Plus Federal Credit Union, StagePoint Federal Credit Union, Wellness Federal Credit Union, Community Credit Union of New Milford and The Andovers Federal Credit Union Source 1; source 2 (Update) | Software and finance | USA | Yes | 43,435 |
| SMC and Carrier Global Source (New) | Software | Netherlands | Yes | >26,000 |
| St. Lucie County Tax Collector’s Office Source 1; source 2 (Update) | Public | USA | Yes | 25,202 |
| Canopy Children’s Solutions Source (New) | Non-profit | USA | Yes | 19,190 |
| Cattaraugus-Allegany BOCES Source 1; source 2 (New) | Education | USA | Yes | 15,203 |
| SinglePoint Outsourcing, Inc. Source 1; source 2 (Update) | Professional services | USA | Yes | 11,096 |
| Trustpoint Rehabilitation Hospital of Lubbock Source 1; source 2; source 3 (Update) | Healthcare | USA | Yes | 9,014 |
| Mountain Valley Regional Rehabilitation Hospital Source 1; source 2; source 3 (Update) | Healthcare | USA | Yes | 5,963 |
| Greenwood Regional Rehabilitation Hospital Source 1; source 2; source 3 (Update) | Healthcare | USA | Yes | 5,823 |
| Northern Idaho Advanced Care Hospital Source 1; source 2 (New) | Healthcare | USA | Yes | 5,606 |
| Rehabilitation Hospital of Southern New Mexico Source 1; source 2; source 3 (Update) | Healthcare | USA | Yes | 5,466 |
| New Braunfels Regional Rehabilitation Hospital Source 1; source 2 (New) | Healthcare | USA | Yes | 5,384 |
| Highmark Inc. Source 1; source 2 (New) | Insurance | USA | Yes | 5,356 |
| Spartanburg Rehabilitation Institute Source 1; source 2; source 3 (Update) | Healthcare | USA | Yes | 4,506 |
| MolenTax Source (New) | Finance | USA | Yes | 4,323 |
| PRATT MRI LLC Source 1; source 2 (New) | Healthcare | USA | Yes | 4,265 |
| South Texas Rehabilitation Hospital Source 1; source 2 (New) | Healthcare | USA | Yes | 4,130 |
| Epilepsy Foundation of Metro New York Source (New) | Healthcare | USA | Yes | 3,852 |
| Rehabilitation Hospital of the Northwest Source 1; source 2; source 3 (Update) | Healthcare | USA | Yes | 3,821 |
| Rehabilitation Hospital of Northwest Ohio Source 1; source 2 (New) | Healthcare | USA | Yes | 3,671 |
| Elkhorn Valley Rehabilitation Hospital Source 1; source 2 (New) | Healthcare | USA | Yes | 3,636 |
| Corpus Christi Rehabilitation Hospital Source 1; source 2 (New) | Healthcare | USA | Yes | 3,581 |
| Northern Utah Rehabilitation Hospital Source 1; source 2; source 3 (Update) | Healthcare | USA | Yes | 3,477 |
| Mesquite Rehabilitation Institute Source 1; source 2 (New) | Healthcare | USA | Yes | 3,317 |
| Rehabilitation Hospital of Northern Arizona Source 1; source 2 (New) | Healthcare | USA | Yes | 3,287 |
| Summa Rehabilitation Hospital Source 1; source 2 (New) | Healthcare | USA | Yes | 2,986 |
| Lafayette Regional Rehabilitation Hospital Source 1; source 2; source 3 (Update) | Healthcare | USA | Yes | 2,861 |
| Weslaco Regional Rehabilitation Hospital Source 1; source 2 (New) | Healthcare | USA | Yes | 2,781 |
| Lakewood Medical Center Source 1; source 2 (New) | Healthcare | USA | Yes | 2,500 |
| Builders Equipment & Tool Company Source 1; source 2 (New) | Construction | USA | Yes | 2,463 |
| Advanced Care Hospital of Montana Source 1; source 2 (New) | Healthcare | USA | Yes | 2,331 |
| Delphinus Engineering, Inc. Source 1; source 2 (Update) | Engineering | USA | Yes | 2,232 |
| The Goddard School Source (New) | Education | USA | Yes | 2,041 |
| Midlands Regional Rehabilitation Hospital Source 1; source 2; source 3 (Update) | Healthcare | USA | Yes | 2,018 |
| EBlock Source (New) | Software | USA | Yes | 1,997 |
| UT Southwestern Medical Center Source 1; source 2 (New) | Healthcare | USA | Yes | 1,956 |
| Butler University and Athletic Trainer System Source (New) | Education and software | USA | Yes | 1,871 |
| Laredo Rehabilitation Hospital Source 1; source 2 (New) | Healthcare | USA | Yes | 1,785 |
| Oceaneering Source (New) | Engineering | USA | Yes | 1,776 |
| Rehabilitation Hospital of Northern Indiana Source 1; source 2 (New) | Healthcare | USA | Yes | 1,643 |
| Utah Valley Rehabilitation Hospital Source 1; source 2 (New) | Healthcare | USA | Yes | 1,642 |
| Baytown Medical Center, Inc. Source 1; source 2 (New) | Healthcare | USA | Yes | 1,500 |
| Continuum Health Alliance, LLC Source 1; source 2 (New) | Healthcare | USA | Yes | 1,328 |
| Autoritatea Electorală Permanentă Source (New) | Public | Romania | Yes | 1,300 |
| Mesquite Specialty Hospital Source 1; source 2 (New) | Healthcare | USA | Yes | 1,244 |
| Laredo Specialty Hospital Source 1; source 2 (New) | Healthcare | USA | Yes | 1,242 |
| Bloomington Regional Rehabilitation Hospital Source 1; source 2 (New) | Healthcare | USA | Yes | 1,191 |
| Advanced Care Hospital of Southern New Mexico Source 1; source 2; source 3 (Update) | Healthcare | USA | Yes | 1,162 |
| Florida Pediatric Associates Source 1; source 2 (New) | Healthcare | USA | Yes | 1,104 |
| Frank Olean Center Source (New) | Non-profit | USA | Yes | 1,050 |
| Rehabilitation Hospital of Southern California Source 1; source 2; source 3 (Update) | Healthcare | USA | Yes | 925 |
| Randolph Health Source (New) | Healthcare | USA | Yes | 899 |
| Northern Colorado Rehabilitation Hospital Source 1; source 2; source 3 (Update) | Healthcare | USA | Yes | 885 |
| Bakersfield Rehabilitation Hospital Source 1; source 2 (New) | Healthcare | USA | Yes | 852 |
| Denver Regional Rehabilitation Hospital Source 1; source 2; source 3 (Update) | Healthcare | USA | Yes | 848 |
| Zuckerberg San Francisco General Hospital and Trauma Center Source 1; source 2 (New) | Healthcare | USA | Yes | 755 |
| Rutgers Robert Wood Johnson Medical School Source 1; source 2 (New) | Education | USA | Yes | 543 |
| Strive Holdco, LLC Source 1; source 2 (New) | Healthcare | USA | Yes | 501 |
| Sleep Management Institute Source 1; source 2 (New) | Healthcare | USA | Yes | 500 |
| TransAxle LLC Source (New) | Transport | USA | Yes | 401 |
| Brown, Paindiris & Scott, LLP Source (New) | Legal | USA | Yes | 235 |
| Bristol Bay Construction Holdings LLC Source (New) | Construction | USA | Yes | 27 |
| CVS Source (New) | Non-profit | USA | Yes | 10 |
| Wells Fargo Source 1; source 2 (New) | Finance | USA | Yes | 2 |
| Telecom Argentina Source (New) | Telecoms | Argentina | Yes | Unknown |
| Suncorp Bank Source (New) | Finance | Australia | Yes | Unknown |
| MotorCycle Holdings Limited Source (New) | Manufacturing | Australia | Yes | Unknown |
| Ecotech Print Solutions Source (New) | Professional services | Australia | Yes | Unknown |
| Herron Todd White Source (New) | Real estate | Australia | Yes | Unknown |
| BHF Couriers Express Source (New) | Transport | Australia | Yes | Unknown |
| Yoga4Yogi Source (New) | Professional services | Czech Republic | Yes | Unknown |
| Académie de Lyon and Ministère de l’Éducation nationale et de la Jeunesse Source (New) | Education and public | France | Yes | Unknown |
| Le Slip Français Source (New) | Retail | France | Yes | Unknown |
| Karnataka Skill Development Corporation Source (New) | Public | India | Yes | Unknown |
| LeadSquared and WeRize Source (New) | Software | India | Yes | Unknown |
| Alsaree3 Group Ltd. Source (New) | Hospitality | Iraq | Yes | Unknown |
| Israeli Ministry of Defense Source (New) | Public | Israel | Yes | Unknown |
| Multiplayer.it Source (New) | IT services | Italy | Yes | Unknown |
| Maccarinelli Autonegozi Source (New) | Retail | Italy | Yes | Unknown |
| INVEX Source (New) | Finance | Mexico | Yes | Unknown |
| Orderchamp Source (New) | IT services | Netherlands | Yes | Unknown |
| Universidad Inca Garcilaso de la Vega Source (New) | Education | Peru | Yes | Unknown |
| Tkachev Agricultural Complex Source (New) | Agricultural | Russia | Yes | Unknown |
| OwenCloud.ru Source (New) | Software | Russia | Yes | Unknown |
| Moskollektor Source (New) | Utilities | Russia | Yes | Unknown |
| University of Colombo Source (New) | Education | Sri Lanka | Yes | Unknown |
| NRS Healthcare Source (New) | Healthcare | UK | Yes | Unknown |
| THSP Source (New) | Public | UK | Yes | Unknown |
| CVS Group Plc Source (New) | Veterinary | UK | Yes | Unknown |
| East Central University Source (New) | Education | USA | Yes | Unknown |
| The University of Alabama Source (New) | Education | USA | Yes | Unknown |
| Community Alliance Source (New) | Healthcare | USA | Yes | Unknown |
| Hapy Bear Surgery Center Source 1; source 2 (New) | Healthcare | USA | Yes | Unknown |
| Kenneth Young Center Source (New) | Healthcare | USA | Yes | Unknown |
| WebTPA Source (New) | Insurance | USA | Yes | Unknown |
| Henningson & Snoxell, Ltd. Source (New) | Legal | USA | Yes | Unknown |
| Thunderbird Country Club Source (New) | Leisure | USA | Yes | Unknown |
| Winterfest Boat Parade Source (New) | Leisure | USA | Yes | Unknown |
| OraSure Technologies Source (New) | Manufacturing | USA | Yes | Unknown |
| Rawlings Sporting Goods Source (New) | Manufacturing | USA | Yes | Unknown |
| Targus Source (New) | Manufacturing | USA | Yes | Unknown |
| Tandym Group Source 1; source 2 (New) | Professional services | USA | Yes | Unknown |
| Hernando County Government Source 1; source 2 (Update) | Public | USA | Yes | Unknown |
| The Bernstein Companies Source 1; source 2 (New) | Real estate | USA | Yes | Unknown |
| PME Babbitt Bearings Source (New) | Retail | USA | Yes | Unknown |
| Microsoft Source (New) | Software | USA | Yes | Unknown |
| Sisense Source (New) | Software | USA | Yes | Unknown |
| Alan Ritchey, Inc. Source 1; source 2 (New) | Transport | USA | Yes | Unknown |
| LG Electronics Source (New) | Manufacturing | South Korea | Unknown | Unknown |
| Paris Saint-Germain Source (New) | Leisure | France | Unknown | Unknown |
| Saint-Nazaire et agglomeration Source (New) | Public | France | Unknown | Unknown |
| GBI-Genios Deutsche Wirtschaftsdatenbank GmbH Source (New) | Media | Germany | Unknown | Unknown |
| Tel Aviv power outage Source (New) | Public | Israel | Unknown | Unknown |
| German Jordanian University Source (New) | Education | Jordan | Unknown | Unknown |
| King Abdullah II Source (New) | Public | Jordan | Unknown | Unknown |
| Queen Alia International Airport Source (New) | Transport | Jordan | Unknown | Unknown |
| Emeequis Source (New) | Media | Mexico | Unknown | Unknown |
| Eblal Healthcare Source (New) | Healthcare | Saudi Arabia | Unknown | Unknown |
| Casa Árabe Source (New) | Public | Spain | Unknown | Unknown |
| Robertson Cheatham Co-Op Source (New) | Agricultural | USA | Unknown | Unknown |
| New Mexico Highlands University and other New Mexico institutions Source 1; source 2 (New) | Education | USA | Unknown | Unknown |
| Swinomish Casino & Lodge Source (New) | Leisure | USA | Unknown | Unknown |
| The Heritage Foundation Source (New) | Non-profit | USA | Unknown | Unknown |
| Dirección General de Contrataciones Públicas Source (New) | Public | Dominican Republic | No | 0 |
| Belvedere Vodka UK Source (New) | Manufacturing | UK | No | 0 |
| TUC (Trades Union Congress) Source (New) | Non-profit | UK | No | 0 |
Note 1: ‘New’/‘Update’ in the first column refers to whether this breach was first publicly disclosed this week, or whether a significant update was released this week. The updated data point is italicised in the table.
Note 2: For incidents where we only know the file size of the data breached, we use the formula 1 MB = 1 record. Given that we can’t know the exact numbers, as it depends on the types of records included (e.g. pictures and medical histories are considerably larger files than just names and addresses), we err on the side of caution by using this formula. We believe that this underestimates the records breached in most cases, but it is more accurate than not providing a number at all. To learn more about our research methodology, click here.
AI
AI-written PowerShell script used in malicious email campaigns
Bleeping Computer reports that a threat actor is using a PowerShell script “likely” created with ChatGPT or a similar AI model to spread the Rhadamanthys information stealer via email. The security company Proofpoint attributed the attack to a threat actor tracked as TA547, also known as Scully Spider.
ICO seeks views on generative AI models’ accuracy
The ICO (Information Commissioner’s Office) has launched a consultation on how data protection law applies to generative AI, particularly in relation to its accuracy. The Information Commissioner, John Edwards, commented: “In a world where misinformation is growing, we cannot allow misuse of generative AI to erode trust in the truth. Organisations developing and deploying generative AI must comply with data protection law – including our expectations on accuracy of personal information.” The consultation is open until 5 pm on 10 May 2024.
Enforcement
European Parliament votes to enhance EU GDPR enforcement
MEPs have voted in favour of amendments to the EU GDPR (General Data Protection Regulation) that strengthen the Regulation’s enforcement. The amendments change the role of the supervisory authorities and remove some of their obligations to share the findings of their investigations.
Police investigating LockBit ransomware gang seek 200 suspected criminals
Police have matched some 200 LockBit affiliates’ pseudonyms to their real identities. A police spokesperson, who asked to remain anonymous, told Bloomberg that they “now have a clear idea of LockBit’s hierarchy and its most influential members, who they plan to pursue”.
Other news
Hunters International demands $10 million ransom from Hoya Corporation
Last week, we listed a security incident affecting several of Hoya Corporation’s divisions. It now transpires that the cyber attack was carried out by the Hunters International ransomware group, which has demanded a $10 million ransom from the Japanese optical instrument manufacturer. Hunters claims to have stolen 2 TB of data from the company, which it is threatening to release if its demands are not met.
NIST releases online courses for SP 800-53, SP 800-53A and SP 800-53B
NIST (National Institute of Standards and Technology) has released self-guided online courses on three of its standards: SP (Special Publication) 800-53, SP 800-53A and SP 800-53B.
All three courses are introductory, offering a “high-level overview of foundational security and privacy risk management concepts” based on these standards.
91,000 LG smart TVs vulnerable to attack
Bitdefender has discovered four security vulnerabilities affecting multiple versions of LG Electronics WebOS – the operating system used in its smart TVs. According to Bleeping Computer, the vulnerabilities “enable varying degrees of unauthorized access and control over affected models, including authorization bypasses, privilege escalation, and command injection”.
USDoD attempting to sell 2.9 billion data records from UK, US and Canada
A threat actor known as USDoD has listed a 4 TB database apparently containing 2.9 billion rows of data on a dark web forum. Given the scale of the database, we await verification before adding it to our listings.
Recently published reports
- Adyen: Index global fraud
- Bruce et al: World Cybercrime Index
- Check Point: Shifting Attack Landscapes and Sectors in Q1 2024 with a 28% increase in cyber attacks globally
- Cyberint: Q1 2024 Ransomware Report
- D3 Security: In The Wild 2024
- DTEX Systems: 2024 Insider Risk Investigations Report
- EDPS (European Data Protection Supervisor): Annual Report 2023: adaptability in a changing world
- IDTC (Identity Theft Resource Center): Q1 Data Breach Analysis
- IMF (International Monetary Fund): April 2024 Global Financial Stability Report
- NORMA Cyber: Annual Threat Assessment 2024
- Pinpoint Search Group: Cyber Security Vendor Funding Report – Q4, 2023
- Recorded Future: 2023 Annual Report
Key date
30 April 2024 – ISO/IEC 27001:2013 certification unavailable
Certification bodies must stop offering (re)certification to ISO 27001:2013 by 30 April. The new iteration of the Standard, ISO 27001:2022, isn’t significantly different from ISO 27001:2013, but there are some notable changes. Learn more about complying with ISO 27001:2022.
That’s it for this week’s round-up. We hope you found it useful.
We’ll be back next week with the biggest and most interesting news stories, all rounded up in one place.
In the meantime, if you missed it, check out last week’s round-up. Alternatively, you can view our full archive.
Security Spotlight
To get news of the latest data breaches and cyber attacks straight to your inbox, subscribe to our weekly newsletter: the Security Spotlight.
Every Wednesday, you’ll get a 4-minute email with:
- Industry news, including this weekly round-up;
- Our latest research and statistics;
- Interviews with our experts, sharing their insights and expertise;
- Free useful resources; and
- Upcoming webinars.
