It’s time for our weekly recap of cybersecurity news that made headlines this week. Let’s dive in!
2.2 million Rite Aid customers have had their data compromised during a recent cyberattack in July of this year. This incident is now under investigation by Schubert Jonckheer & Kolbe LLP.
The cybercrime group RandomHub is taking credit for stealing over 19 gigabytes of customer data from Rite Aid systems including names, addresses, birthdates, and government-issued ID numbers, and are holding this data for ransom, which Rite Aid reportedly refused to pay.
(–Source: PR Newswire
Read More: PRIVACY ALERT: Rite Aid Under Investigation for Data Breach of Over 2.2 Million Customer Records (prnewswire.com) )
The popular NHS IT company Advanced in the UK is facing a fine of £6m after being blamed for “serious failings” after 83,000 records of patient data was stolen and service was disrupted on August 4th. This attack affected the ability to dispatch ambulances, book appointments, and issue emergency subscriptions.
This incident occurred due to hackers being able to gain access to computer systems using one of Advanced’s accounts that did not implement multi-factor authentication (MFA), leaving Advanced liable for failing to properly protect the personal information of patients.
(–Source: Sky News
McLaren Health Care was recently the target of a cyber attack that disrupted their technology, however, their hospitals are continuing to carry out surgeries and procedures as normal.
Some non-emergency appointments are being rescheduled while the hospitals recover from the attack, and patients who are still attending appointments are asked to bring a list of their medical history including medications, lab results, and allergies since this information cannot currently be accessed in the system due to the outage.
(–Source: FOX 2 Detroit on MSN
Read More: McLaren Hospital confirms cyber attack behind recent IT and phone system outage (msn.com) )
Background check and fraud prevention service provider National Public Data recently experienced what is being called one of the largest data breaches in history with the information of 3 billion individuals having been stolen including full names, addresses for the past 30 years, SSNs, and family information. The information that was stolen by the hacker group that carried out the attack is confirmed to have been attempted to be sold on the dark web for $3.5 million.
Many of the US citizens whose information was stolen in this leak may not even be aware that National Public Data had their information on record, as reports say the company was scraping personal data from non-public sources without consent. In fact, the lead plaintiff in the class action lawsuit against National Public Data, accusing the company of having inadequate security measures to protect personal information, discovered the incident thanks to a notification from his identity theft protection service.
Individuals affected by this incident are encouraged to sign up for identity theft protection services (which are great to have regardless) and closely monitor financial accounts to report any unauthorized activity.
(–Source: Cyber Security News
Read More: National Public Data Hacked: 2.9 Billion Users Personal Data Stolen (cybersecuritynews.com) )