Here’s your weekly #databreach news roundup:
Welhof, HeatGames, Community Health Center (CHC), ENGlobal, and PowerSchool.
Welhof
@XposedOrNot += Welhof Data Breach
— XposedOrNot (@XposedOrNot) February 2, 2025
The Welhof #databreach in December 2023 exposed more than 100K unique email addresses, along with names and physical addresses.
Exposed data: Email addresses, Names, Physical addresses
Potential risks: Privacy breaches, Identity theft pic.twitter.com/ysYW4wZ1en
HeatGames
@XposedOrNot += HeatGames Data Breach
— XposedOrNot (@XposedOrNot) February 2, 2025
The HeatGames #databreach in June 2021 resulted in the exposure of almost 650K unique email addresses along with IP addresses, geographical locations, and passwords stored as salted MD5 hashes. pic.twitter.com/Joho7wceKT
Community Health Center (CHC)
Community Health Center (CHC), a leading Connecticut healthcare provider, is notifying over 1 million patients of a #databreach that impacted their personal and health data.https://t.co/CRTW4cWtGM
— DevaOnBreaches (@DevaOnBreaches) February 1, 2025
On January 2, 2025, Community Health Center (CHC), a Connecticut-based healthcare provider, discovered a #databreach affecting over 1 million individuals, including current and former patients and those who received COVID tests or vaccines at CHC clinics. The breach, which occurred in mid-October 2024, exposed personal data (names, Social Security numbers, contact details) and health information (diagnoses, treatment details, test results). Although the attackers, identified as a skilled criminal hacker, accessed CHC’s network and stole files, they did not encrypt or disrupt operations. This incident adds to the recent surge in healthcare breaches, prompting proposed HIPAA updates by HHS.
ENGlobal
On November 2024, U.S. engineering firm ENGlobal experienced a #databreach where hackers accessed “sensitive personal information” and encrypted some data files, indicating a ransomware attack. The breach disrupted key business applications, including financial reporting systems, for about six weeks. ENGlobal, which serves the federal government and critical infrastructure sectors, has since restored operations and believes the threat actor no longer has system access. The company is in the process of notifying affected individuals, though the exact number and nature of compromised data remain undisclosed.
PowerSchool
In December 2024, U.S. edtech giant PowerSchool suffered a #databreach after attackers used stolen credentials, lacking multi-factor authentication, to access its customer support portal and exfiltrate sensitive data. The breach potentially impacts millions of students and teachers across North America, with reports suggesting over 62 million students and 9.5 million teachers affected. PowerSchool has confirmed data theft for at least 33,000 Maine residents and continues reviewing the breach’s full scope. Compromised data varies by district, including personal, medical, and academic records, with Toronto District School Board and Calgary Board of Education among the hardest hit.
