The Week in Cyber Security and Data Privacy: 8 – 14 April 2024

7,531,492 known records breached in 124 newly disclosed incidents

Welcome to this week’s global round-up of the biggest and most interesting news stories.

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks.


Update on last week’s story about the alleged US EPA (Environmental Protection Agency) breach: it appears the data was already publicly available. We’ve therefore removed this entry from our incident log.


Publicly disclosed data breaches and cyber attacks: in the spotlight

AT&T confirms more than 50 million customers affected by March data breach

On 17 March, a threat actor known as Major Nelson listed more than 70 million data records on a dark web forum, claiming it to be data originally exfiltrated from AT&T by a threat actor known as ShinyHunters in 2021. AT&T said the data did not come from its systems.

Now, the company has confirmed that more than 50 million people’s data was in fact included in the 17 March data leak. Compromised data included full names, email addresses, postal addresses, phone numbers, Social Security numbers, dates of birth, AT&T account numbers and AT&T passcodes. According to AT&T’s investigation, the data appears to be from June 2019 or earlier.

Data breached: 51,226,382 people’s data.

Giant Tiger confirms data breach via third party

The Canadian retail chain Giant Tiger has reported that one of its vendors has suffered a cyber attack, affecting nearly 3 million Giant Tiger customer data records. Compromised data included customers’ names, postal addresses, email addresses, phone numbers and purchase data, all of which was leaked online.

The data breach notification website Have I Been Pwned added the data to its database on 12 April, confirming that 46% of the records were already in its database.

Data breached: 2,842,669 records.

Cyber attack causes Traverse City Area Public Schools to cancel classes

TCAPS (Traverse City Area Public Schools) in Michigan cancelled classes on 1 and 2 April because of what it described as “network disruption that impacted the functionality and access of certain systems”.

On 14 April, a threat actor known as Medusa claimed to have stolen 1.2 TB of data from TCAPS, demanding a ransom of $500,000.

Data breached: 1.2 TB.


Publicly disclosed data breaches and cyber attacks: full list

This week, we found 7,531,492 records known to be compromised, and 124 organisations suffering a newly disclosed incident. 105 of them are known to have had data exfiltrated, exposed or otherwise breached. Only 3 definitely haven’t had data breached.

We also found 24 organisations providing a significant update on a previously disclosed incident.

Organisation(s)SectorLocationData breached?Known data breached
AT&T Inc.
Source 1; source 2
(Update)
TelecomsUSAYes51,226,382
boAt Lifestyle
Source 1; source 2
(Update)
ManufacturingIndiaYes7,528,986
Giant Tiger
Source 1; source 2; source 3
(Update)
RetailCanadaYes2,842,669
Traverse City Area Public Schools
Source 1; source 2
(Update)
EducationUSAYes1.2 TB
Unknown (attributed to Accor)
Source 1; source 2
(New)
HospitalityFranceYes642,000
Inszone Insurance Services
Source
(New)
InsuranceUSAYes615,672
Roku
Source
(New)
SoftwareUSAYes576,000
Group Health Cooperative of South Central Wisconsin
Source
(New)
HealthcareUSAYes533,809
Houser LLP
Source 1; source 2
(Update)
LegalUSAYes370,001
iCabbi
Source; source 2
(New)
SoftwareUKYes287,000
DISB (District of Columbia Department of Insurance, Securities and Banking)
Source 1
(New)
PublicUSAYes“few hundred” GBs
CURVA
Source 1; source 2
(New)
RetailEgyptYes105,000
Pregnant women in El Salvador
Source
(New)
HealthcareEl SalvadorYes96,191
Paducah Dermatology
Source
(New)
HealthcareUSAYes80,161
Nexperia
Source
(New)
ManufacturingNetherlandsYes74 GB
Gaia Software
Source 1; source 2
(New)
SoftwareUSAYes56,676
forum.kasperskyclub.ru
Source 1; source 2
(Update)
IT servicesRussiaYes55,971
Bradford-Scott Data, Massachusetts Family Credit Union, Methuen Federal Credit Union, Priority Plus Federal Credit Union, StagePoint Federal Credit Union,  Wellness Federal Credit Union, Community Credit Union of New Milford and The Andovers Federal Credit Union
Source 1; source 2
(Update)
Software and financeUSAYes43,435
SMC and Carrier Global
Source
(New)
SoftwareNetherlandsYes>26,000
St. Lucie County Tax Collector’s Office
Source 1; source 2
(Update)
PublicUSAYes25,202
Canopy Children’s Solutions
Source
(New)
Non-profitUSAYes19,190
Cattaraugus-Allegany BOCES
Source 1; source 2
(New)
EducationUSAYes15,203
SinglePoint Outsourcing, Inc.
Source 1; source 2
(Update)
Professional servicesUSAYes11,096
Trustpoint Rehabilitation Hospital of Lubbock
Source 1; source 2; source 3
(Update)
HealthcareUSAYes9,014
Mountain Valley Regional Rehabilitation Hospital
Source 1; source 2; source 3
(Update)
HealthcareUSAYes5,963
Greenwood Regional Rehabilitation Hospital
Source 1; source 2; source 3
(Update)
HealthcareUSAYes5,823
Northern Idaho Advanced Care Hospital
Source 1; source 2
(New)
HealthcareUSAYes5,606
Rehabilitation Hospital of Southern New Mexico
Source 1; source 2; source 3
(Update)
HealthcareUSAYes5,466
New Braunfels Regional Rehabilitation Hospital
Source 1; source 2
(New)
HealthcareUSAYes5,384
Highmark Inc.
Source 1; source 2
(New)
InsuranceUSAYes5,356
Spartanburg Rehabilitation Institute
Source 1; source 2; source 3
(Update)
HealthcareUSAYes4,506
MolenTax
Source
(New)
FinanceUSAYes4,323
PRATT MRI LLC
Source 1; source 2
(New)
HealthcareUSAYes4,265
South Texas Rehabilitation Hospital
Source 1; source 2
(New)
HealthcareUSAYes4,130
Epilepsy Foundation of Metro New York
Source
(New)
HealthcareUSAYes3,852
Rehabilitation Hospital of the Northwest
Source 1; source 2; source 3
(Update)
HealthcareUSAYes3,821
Rehabilitation Hospital of Northwest Ohio
Source 1; source 2
(New)
HealthcareUSAYes3,671
Elkhorn Valley Rehabilitation Hospital
Source 1; source 2
(New)
HealthcareUSAYes3,636
Corpus Christi Rehabilitation Hospital
Source 1; source 2
(New)
HealthcareUSAYes3,581
Northern Utah Rehabilitation Hospital
Source 1; source 2; source 3
(Update)
HealthcareUSAYes3,477
Mesquite Rehabilitation Institute
Source 1; source 2
(New)
HealthcareUSAYes3,317
Rehabilitation Hospital of Northern Arizona
Source 1; source 2
(New)
HealthcareUSAYes3,287
Summa Rehabilitation Hospital
Source 1; source 2
(New)
HealthcareUSAYes2,986
Lafayette Regional Rehabilitation Hospital
Source 1; source 2; source 3
(Update)
HealthcareUSAYes2,861
Weslaco Regional Rehabilitation Hospital
Source 1; source 2
(New)
HealthcareUSAYes2,781
Lakewood Medical Center
Source 1; source 2
(New)
HealthcareUSAYes2,500
Builders Equipment & Tool Company
Source 1; source 2
(New)
ConstructionUSAYes2,463
Advanced Care Hospital of Montana
Source 1; source 2
(New)
HealthcareUSAYes2,331
Delphinus Engineering, Inc.
Source 1; source 2
(Update)
EngineeringUSAYes2,232
The Goddard School
Source
(New)
EducationUSAYes2,041
Midlands Regional Rehabilitation Hospital
Source 1; source 2; source 3
(Update)
HealthcareUSAYes2,018
EBlock
Source
(New)
SoftwareUSAYes1,997
UT Southwestern Medical Center
Source 1; source 2
(New)
HealthcareUSAYes1,956
Butler University and Athletic Trainer System
Source
(New)
Education and softwareUSAYes1,871
Laredo Rehabilitation Hospital
Source 1; source 2
(New)
HealthcareUSAYes1,785
Oceaneering
Source
(New)
EngineeringUSAYes1,776
Rehabilitation Hospital of Northern Indiana
Source 1; source 2
(New)
HealthcareUSAYes1,643
Utah Valley Rehabilitation Hospital
Source 1; source 2
(New)
HealthcareUSAYes1,642
Baytown Medical Center, Inc.
Source 1; source 2
(New)
HealthcareUSAYes1,500
Continuum Health Alliance, LLC
Source 1; source 2
(New)
HealthcareUSAYes1,328
Autoritatea Electorală Permanentă
Source
(New)
PublicRomaniaYes1,300
Mesquite Specialty Hospital
Source 1; source 2
(New)
HealthcareUSAYes1,244
Laredo Specialty Hospital
Source 1; source 2
(New)
HealthcareUSAYes1,242
Bloomington Regional Rehabilitation Hospital
Source 1; source 2
(New)
HealthcareUSAYes1,191
Advanced Care Hospital of Southern New Mexico
Source 1; source 2; source 3
(Update)
HealthcareUSAYes1,162
Florida Pediatric Associates
Source 1; source 2
(New)
HealthcareUSAYes1,104
Frank Olean Center
Source
(New)
Non-profitUSAYes1,050
Rehabilitation Hospital of Southern California
Source 1; source 2; source 3
(Update)
HealthcareUSAYes925
Randolph Health
Source
(New)
HealthcareUSAYes899
Northern Colorado Rehabilitation Hospital
Source 1; source 2; source 3
(Update)
HealthcareUSAYes885
Bakersfield Rehabilitation Hospital
Source 1; source 2
(New)
HealthcareUSAYes852
Denver Regional Rehabilitation Hospital
Source 1; source 2; source 3
(Update)
HealthcareUSAYes848
Zuckerberg San Francisco General Hospital and Trauma Center
Source 1; source 2
(New)
HealthcareUSAYes755
Rutgers Robert Wood Johnson Medical School
Source 1; source 2
(New)
EducationUSAYes543
Strive Holdco, LLC
Source 1; source 2
(New)
HealthcareUSAYes501
Sleep Management Institute
Source 1; source 2
(New)
HealthcareUSAYes500
TransAxle LLC
Source
(New)
TransportUSAYes401
Brown, Paindiris & Scott, LLP
Source
(New)
LegalUSAYes235
Bristol Bay Construction Holdings LLC
Source
(New)
ConstructionUSAYes27
CVS
Source
(New)
Non-profitUSAYes10
Wells Fargo
Source 1; source 2
(New)
FinanceUSAYes2
Telecom Argentina
Source
(New)
TelecomsArgentinaYesUnknown
Suncorp Bank
Source
(New)
FinanceAustraliaYesUnknown
MotorCycle Holdings Limited
Source
(New)
ManufacturingAustraliaYesUnknown
Ecotech Print Solutions
Source
(New)
Professional servicesAustraliaYesUnknown
Herron Todd White
Source
(New)
Real estateAustraliaYesUnknown
BHF Couriers Express
Source
(New)
TransportAustraliaYesUnknown
Yoga4Yogi
Source
(New)
Professional servicesCzech RepublicYesUnknown
Académie de Lyon and Ministère de l’Éducation nationale et de la Jeunesse
Source
(New)
Education and publicFranceYesUnknown
Le Slip Français
Source
(New)
RetailFranceYesUnknown
Karnataka Skill Development Corporation
Source
(New)
PublicIndiaYesUnknown
LeadSquared and WeRize
Source
(New)
SoftwareIndiaYesUnknown
Alsaree3 Group Ltd.
Source
(New)
HospitalityIraqYesUnknown
Israeli Ministry of Defense
Source
(New)
PublicIsraelYesUnknown
Multiplayer.it
Source
(New)
IT servicesItalyYesUnknown
Maccarinelli Autonegozi
Source
(New)
RetailItalyYesUnknown
INVEX
Source
(New)
FinanceMexicoYesUnknown
Orderchamp
Source
(New)
IT servicesNetherlandsYesUnknown
Universidad Inca Garcilaso de la Vega
Source
(New)
EducationPeruYesUnknown
Tkachev Agricultural Complex
Source
(New)
AgriculturalRussiaYesUnknown
OwenCloud.ru
Source
(New)
SoftwareRussiaYesUnknown
Moskollektor
Source
(New)
UtilitiesRussiaYesUnknown
University of Colombo
Source
(New)
EducationSri LankaYesUnknown
NRS Healthcare
Source
(New)
HealthcareUKYesUnknown
THSP
Source
(New)
PublicUKYesUnknown
CVS Group Plc
Source
(New)
VeterinaryUKYesUnknown
East Central University
Source
(New)
EducationUSAYesUnknown
The University of Alabama
Source
(New)
EducationUSAYesUnknown
Community Alliance
Source
(New)
HealthcareUSAYesUnknown
Hapy Bear Surgery Center
Source 1; source 2
(New)
HealthcareUSAYesUnknown
Kenneth Young Center
Source
(New)
HealthcareUSAYesUnknown
WebTPA
Source
(New)
InsuranceUSAYesUnknown
Henningson & Snoxell, Ltd.
Source
(New)
LegalUSAYesUnknown
Thunderbird Country Club
Source
(New)
LeisureUSAYesUnknown
Winterfest Boat Parade
Source
(New)
LeisureUSAYesUnknown
OraSure Technologies
Source
(New)
ManufacturingUSAYesUnknown
Rawlings Sporting Goods
Source
(New)
ManufacturingUSAYesUnknown
Targus
Source
(New)
ManufacturingUSAYesUnknown
Tandym Group
Source 1; source 2
(New)
Professional servicesUSAYesUnknown
Hernando County Government
Source 1; source 2
(Update)
PublicUSAYesUnknown
The Bernstein Companies
Source 1; source 2
(New)
Real estateUSAYesUnknown
PME Babbitt Bearings
Source
(New)
RetailUSAYesUnknown
Microsoft
Source
(New)
SoftwareUSAYesUnknown
Sisense
Source
(New)
SoftwareUSAYesUnknown
Alan Ritchey, Inc.
Source 1; source 2
(New)
TransportUSAYesUnknown
LG Electronics
Source
(New)
ManufacturingSouth KoreaUnknownUnknown
Paris Saint-Germain
Source
(New)
LeisureFranceUnknownUnknown
Saint-Nazaire et agglomeration
Source
(New)
PublicFranceUnknownUnknown
GBI-Genios Deutsche Wirtschaftsdatenbank GmbH
Source
(New)
MediaGermanyUnknownUnknown
Tel Aviv power outage
Source
(New)
PublicIsraelUnknownUnknown
German Jordanian University
Source
(New)
EducationJordanUnknownUnknown
King Abdullah II
Source
(New)
PublicJordanUnknownUnknown
Queen Alia International Airport
Source
(New)
TransportJordanUnknownUnknown
Emeequis
Source
(New)
MediaMexicoUnknownUnknown
Eblal Healthcare
Source
(New)
HealthcareSaudi ArabiaUnknownUnknown
Casa Árabe
Source
(New)
PublicSpainUnknownUnknown
Robertson Cheatham Co-Op
Source
(New)
AgriculturalUSAUnknownUnknown
New Mexico Highlands University and other New Mexico institutions
Source 1; source 2
(New)
EducationUSAUnknownUnknown
Swinomish Casino & Lodge
Source
(New)
LeisureUSAUnknownUnknown
The Heritage Foundation
Source
(New)
Non-profitUSAUnknownUnknown
Dirección General de Contrataciones Públicas
Source
(New)
PublicDominican RepublicNo0
Belvedere Vodka UK
Source
(New)
ManufacturingUKNo0
TUC (Trades Union Congress)
Source
(New)
Non-profitUKNo0

Note 1: ‘New’/‘Update’ in the first column refers to whether this breach was first publicly disclosed this week, or whether a significant update was released this week. The updated data point is italicised in the table.

Note 2: For incidents where we only know the file size of the data breached, we use the formula 1 MB = 1 record. Given that we can’t know the exact numbers, as it depends on the types of records included (e.g. pictures and medical histories are considerably larger files than just names and addresses), we err on the side of caution by using this formula. We believe that this underestimates the records breached in most cases, but it is more accurate than not providing a number at all. To learn more about our research methodology, click here.


AI

AI-written PowerShell script used in malicious email campaigns

Bleeping Computer reports that a threat actor is using a PowerShell script “likely” created with ChatGPT or a similar AI model to spread the Rhadamanthys information stealer via email. The security company Proofpoint attributed the attack to a threat actor tracked as TA547, also known as Scully Spider.

ICO seeks views on generative AI models’ accuracy         

The ICO (Information Commissioner’s Office) has launched a consultation on how data protection law applies to generative AI, particularly in relation to its accuracy. The Information Commissioner, John Edwards, commented: “In a world where misinformation is growing, we cannot allow misuse of generative AI to erode trust in the truth. Organisations developing and deploying generative AI must comply with data protection law – including our expectations on accuracy of personal information.” The consultation is open until 5 pm on 10 May 2024.


Enforcement

European Parliament votes to enhance EU GDPR enforcement

MEPs have voted in favour of amendments to the EU GDPR (General Data Protection Regulation) that strengthen the Regulation’s enforcement. The amendments change the role of the supervisory authorities and remove some of their obligations to share the findings of their investigations.

Police investigating LockBit ransomware gang seek 200 suspected criminals

Police have matched some 200 LockBit affiliates’ pseudonyms to their real identities. A police spokesperson, who asked to remain anonymous, told Bloomberg that they “now have a clear idea of LockBit’s hierarchy and its most influential members, who they plan to pursue”.


Other news

Hunters International demands $10 million ransom from Hoya Corporation

Last week, we listed a security incident affecting several of Hoya Corporation’s divisions. It now transpires that the cyber attack was carried out by the Hunters International ransomware group, which has demanded a $10 million ransom from the Japanese optical instrument manufacturer. Hunters claims to have stolen 2 TB of data from the company, which it is threatening to release if its demands are not met.

NIST releases online courses for SP 800-53, SP 800-53A and SP 800-53B

NIST (National Institute of Standards and Technology) has released self-guided online courses on three of its standards: SP (Special Publication) 800-53, SP 800-53A and SP 800-53B.

All three courses are introductory, offering a “high-level overview of foundational security and privacy risk management concepts” based on these standards.

91,000 LG smart TVs vulnerable to attack

Bitdefender has discovered four security vulnerabilities affecting multiple versions of LG Electronics WebOS – the operating system used in its smart TVs. According to Bleeping Computer, the vulnerabilities “enable varying degrees of unauthorized access and control over affected models, including authorization bypasses, privilege escalation, and command injection”.

USDoD attempting to sell 2.9 billion data records from UK, US and Canada

A threat actor known as USDoD has listed a 4 TB database apparently containing 2.9 billion rows of data on a dark web forum. Given the scale of the database, we await verification before adding it to our listings.


Recently published reports


Key date

30 April 2024 – ISO/IEC 27001:2013 certification unavailable

Certification bodies must stop offering (re)certification to ISO 27001:2013 by 30 April. The new iteration of the Standard, ISO 27001:2022, isn’t significantly different from ISO 27001:2013, but there are some notable changes. Learn more about complying with ISO 27001:2022.


That’s it for this week’s round-up. We hope you found it useful.

We’ll be back next week with the biggest and most interesting news stories, all rounded up in one place.

In the meantime, if you missed it, check out last week’s round-up. Alternatively, you can view our full archive.


Security Spotlight

To get news of the latest data breaches and cyber attacks straight to your inbox, subscribe to our weekly newsletter: the Security Spotlight.

Every Wednesday, you’ll get a 4-minute email with:

  • Industry news, including this weekly round-up;
  • Our latest research and statistics;
  • Interviews with our experts, sharing their insights and expertise;
  • Free useful resources; and
  • Upcoming webinars.