Weekly Databreaches Roundup Week 09-2023

09 Mar

Here’s your weekly #databreach news roundup:

Credit Suisse, DiData, Hatch Bank, BidenCash, GunAuction, WH Smith, The University of Saskatchewan (USask), Reventics, and U.S. Marshals Service.

Credit Suisse

Credit Suisse, the Swiss bank is telling some top clients — customers who keep $50 million or more in the bank, that sensitive personal information including social security identification, employment information, and contact details has been compromised.https://t.co/5DEvZ903ZW
— DevaOnBreaches (@DevaOnBreaches) March 4, 2023

Credit Suisse — which in the last month alone has reported customers withdrew $120 billion — is now informing ultra-high-net-worth individuals of yet another disaster, On the Money has learned. The Swiss bank is telling some top clients — customers who keep $50 million or more in the bank — that sensitive personal information including social security identification, employment information, and contact details has been compromised.

Read more at : https://nypost.com/2023/03/02/credit-suisse-breach-spills-info-of-high-net-worth-clients/

DiData

Systems integrator Dimension Data and its subsidiary Merchants have acknowledged a “limited” breach experienced on their call management system (CMS) platform that exposed client data. #databreach https://t.co/2FyPckkrBC
— DevaOnBreaches (@DevaOnBreaches) March 4, 2023

Systems integrator Dimension Data and its subsidiary Merchants have acknowledged a “limited” breach experienced on their call management system (CMS) platform that exposed client data. ITWeb understands the CMS platform is used by blue chip companies, such as MultiChoice, Massmart, South African Airways, Tymebank, Virgin Active, Massbuild, Makro, AbinBev and Britehouse, among others. ITWeb also understands the CMS platform in question is provided by US-based multinational Avaya, which recently filed for bankruptcy for the second time in six years.

Read more at : https://www.itweb.co.za/content/JN1gP7OAdmmqjL6m

Hatch Bank

Hatch Bank filed a notice of a #databreach with the Maine Attorney General after being notified by Fortra, a cybersecurity firm, that files stored on Fortra’s system and containing confidential consumer information were subject to unauthorized access.https://t.co/2bzoEpAjaE
— DevaOnBreaches (@DevaOnBreaches) March 4, 2023

Hatch Bank filed notice of a data breach with the Maine Attorney General after being notified by Fortra, a cybersecurity firm, that files stored on Fortra’s system and containing confidential consumer information were subject to unauthorized access. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names and Social Security numbers. After confirming that consumer data was leaked, Hatch Bank began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.

Read more at : https://www.jdsupra.com/legalnews/hatch-bank-announces-third-party-data-4733497/

BidenCash

A carding marketplace known as BidenCash has leaked online a free database of 2,165,700 debit and credit cards in celebration of its first anniversary. @serghei @BleepinComputer https://t.co/zD4jDDvuPV
— DevaOnBreaches (@DevaOnBreaches) March 4, 2023

A carding marketplace known as BidenCash has leaked online a free database of 2,165,700 debit and credit cards in celebration of its first anniversary.Rather than keeping it under wraps, the threat actors advertised this massive leak on an underground cybercrime forum for more extensive reach and to attract as much attention as possible. According to Cyble researchers who first spotted it, the leaked information is extensive, with details on “at least 740,858 credit cards, 811,676 debit cards, and 293 charge cards.”

Read more at : https://www.bleepingcomputer.com/news/security/bidencash-market-leaks-over-2-million-stolen-credit-cards-for-free/

GunAuction

Hackers breached a website that allows people to buy and sell guns, exposing the identities of its users, TechCrunch has learned. The breach exposed reams of sensitive personal data for more than 550,000 users, including customers’ full names, home addresses, email addresses, plaintext passwords and telephone numbers. Also, the stolen data allegedly makes it possible to link a particular person with the sale or purchase of a specific weapon.

Read more at : https://techcrunch.com/2023/03/02/hackers-steal-gun-owners-data-from-firearm-auction-website/

WH Smith

British retailer WH Smith has suffered a #databreach that exposed information belonging to current and former employees. @billtoulas @BleepinComputer https://t.co/9fHPqGaKUy
— DevaOnBreaches (@DevaOnBreaches) March 3, 2023

British retailer WH Smith has suffered a data breach that exposed information belonging to current and former employees. The company operates 1,700 locations across the United Kingdom and employs over 12,500 people, reporting a revenue of $1.67 billion in 2022.“WH Smith PLC has been the target of a cyber security incident which has resulted in illegal access to some company data, including current and former employee data,” reads the company’s cybersecurity notice filed with London’s Stock Exchange.

Read more at : https://www.bleepingcomputer.com/news/security/british-retail-chain-wh-smith-says-data-stolen-in-cyberattack/

The University of Saskatchewan (USask)

AudienceView Campus, which manages online ticket sales for Huskie Athletics, informed USask that the #databreach potentially included credit card purchases through huskietickets[.]comhttps://t.co/9bya6dKtPr
— DevaOnBreaches (@DevaOnBreaches) March 1, 2023

AudienceView Campus, which manages online ticket sales for Huskie Athletics, informed USask that the data breach potentially included credit card purchases through huskietickets.com between February 17-21, 2023. If you purchased tickets during that time, please carefully review all credit card charges for unusual or unfamiliar activity. It is recommended that you contact your financial service provider about this data breach and follow its instructions.

Read more at : https://news.usask.ca/articles/general/2023/usask-alerted-about-third-party-data-breach.php

Reventics

Revenue cycle management company Reventics recently notified 250,918 individuals of a healthcare #databreach that impacted some patient information.https://t.co/vE6H4OqbSq
— DevaOnBreaches (@DevaOnBreaches) March 1, 2023

Revenue cycle management company Reventics recently notified 250,918 individuals of a healthcare data breach that impacted some patient information. Reventics detected a cyber intruder within its systems on December 15, 2022 and immediately began investigating the incident.Memphis, Tennessee-based Regional One Health posted a notice on its website informing patients of the breach – Reventics is a third-party business associate of the Tennessee health system.

Read more at : https://healthitsecurity.com/news/revenue-cycle-management-company-reports-healthcare-data-breach-impacting-250k

U.S. Marshals Service

The U.S. Marshals Service (USMS) is investigating the theft of sensitive law enforcement information following a ransomware attack that has impacted what it describes as "a stand-alone USMS system." #databreach @serghei @BleepinComputer https://t.co/NFe3Ilm5EL
— DevaOnBreaches (@DevaOnBreaches) March 1, 2023

The U.S. Marshals Service (USMS) is investigating the theft of sensitive law enforcement information following a ransomware attack that has impacted what it describes as “a stand-alone USMS system.” USMS is a bureau within the Justice Department that provides support to all elements of the federal justice system by executing federal court orders, seizing illegally obtained assets, assuring the safety of government witnesses and their families, and more.

Read more at : https://www.bleepingcomputer.com/news/security/us-marshals-service-investigating-ransomware-attack-data-theft/

#WeeklyRoundup