There’s no rest for cybercrime again this week, and we’ll likely see an uptick in incidents as we near the holiday season and end of the year. Let’s dive into this week’s headlines…
After The Internet Archive was faced with 3 cyber attacks in recent weeks, forcing a temporary shutdown of services, 31 million user accounts have had their information stolen by hackers.
The compromised information includes email addresses and encrypted passwords of users. The Internet Archive’s site was defaced with a message that briefly appeared and read: “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on [Have I Been Pwnd].”
The Internet Archive is actively working to strengthen its security measures following recent repeated attacks.
(–Source: NPR
Read More: Internet Archive hack affects 31 million users : NPR )
Insurance firm, Johnson & Johnson, announced that it had detected a breach of its network in August of this year, potentially compromising the personal information of more than 3,200 people.
While the exact type of information compromised in this breach was not disclosed, individuals impacted by this incident are being offered free identity theft protection services such as credit monitoring.
(– Source: Security Week
Read More: Insurance Firm Johnson & Johnson Discloses Data Breach – SecurityWeek )
A $1.45 million class action settlement following a lawsuit against Lansing Community College will soon begin payouts, and if your personal information has ever been shared with the school, you may be entitled to a cash payment.
For a 3 month period spanning from the end of 2022 to the beginning of 2023, a cybersecurity incident affected the school’s internal network, potentially causing the social security numbers and other sensitive information of 750,000+ people to be leaked. This incident shut down operations for several days once discovered.
Anyone affected by this data breach has been notified via mail.
(–Source: WKAR
Read More: Lansing Community College settles for $1.45 million over data breach; claims due by December | WKAR Public Media )
Patients in Wisconsin, Indiana, and New York may be victims of 3 separate email breaches at 3 different companies that compromised patient data.
One company, Tower Clock Eye Center, in Wisconsin, detected unauthorized activity in its email system in July of this year that compromised employee accounts and had access to patient data such as addresses, birthdates, account and ID numbers, card numbers, medical record numbers, diagnoses, insurance information, social security numbers, and other medical records or test results. Those affected were told to monitor their accounts for suspicious activity.
General Physician, P.C., based in western New York, experienced a similar breach in June of this year when suspicious activity was found in its email tenant. This incident was later confirmed in August. With this attack, it’s unknown what information was directly accessed or stolen, but the hacker had the ability to access full names, social security numbers, diagnoses, health insurance, and other medical records.
The third company, DMEscripts, based in Indianapolis, detected suspcious activity in an employee’s email account earlier this year, which was quickly secured, but it’s possible that patient information was accessed by the attacker. This information may include names, birth dates, health insurance information, and other medical records.
(–Source: The HIPAA Journal
Read More: Patient Data Compromised in Email Breaches in Indiana, New York & Wisconsin )
An unauthorized actor recently accessed Arkansas Blue Cross Blue Shield’s rewards program to illegally redeem digital gift cards, which exposed some customers’ personal information. While no social security numbers or financial account info was involved, email addresses, names, addresses, birth dates, and prescriptions may have been exposed.
Once the incident was detected, actions were taken to mitigate the attack and additional security measures were implemented. Affected individuals are being offered a one year membership to Experian’s IdentityWorks for free. This program helps with identity theft protection.
(–Source: Jonesboro KAIT
Read More: Arkansas Blue Cross and Blue Shield warns of data breach involving member information )