Week09-2023

Here’s your weekly #databreach news roundup:​​​​​

Credit Suisse, DiData, Hatch Bank, BidenCash, GunAuction, WH Smith, The University of Saskatchewan (USask), Reventics, and U.S. Marshals Service.

Credit Suisse

Credit Suisse
Credit Suisse — which in the last month alone has reported customers withdrew $120 billion — is now informing ultra-high-net-worth individuals of yet another disaster, On the Money has learned. The Swiss bank is telling some top clients — customers who keep $50 million or more in the bank — that sensitive personal information including social security identification, employment information, and contact details has been compromised.

DiData

Systems integrator Dimension Data and its subsidiary Merchants have acknowledged a “limited” breach experienced on their call management system (CMS) platform that exposed client data. ITWeb understands the CMS platform is used by blue chip companies, such as MultiChoice, Massmart, South African Airways, Tymebank, Virgin Active, Massbuild, Makro, AbinBev and Britehouse, among others. ITWeb also understands the CMS platform in question is provided by US-based multinational Avaya, which recently filed for bankruptcy for the second time in six years.

Hatch Bank

Hatch Bank
Hatch Bank filed notice of a data breach with the Maine Attorney General after being notified by Fortra, a cybersecurity firm, that files stored on Fortra’s system and containing confidential consumer information were subject to unauthorized access. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names and Social Security numbers. After confirming that consumer data was leaked, Hatch Bank began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.

BidenCash

A carding marketplace known as BidenCash has leaked online a free database of 2,165,700 debit and credit cards in celebration of its first anniversary.Rather than keeping it under wraps, the threat actors advertised this massive leak on an underground cybercrime forum for more extensive reach and to attract as much attention as possible. According to Cyble researchers who first spotted it, the leaked information is extensive, with details on “at least 740,858 credit cards, 811,676 debit cards, and 293 charge cards.”

GunAuction

GunAuction
Hackers breached a website that allows people to buy and sell guns, exposing the identities of its users, TechCrunch has learned. The breach exposed reams of sensitive personal data for more than 550,000 users, including customers’ full names, home addresses, email addresses, plaintext passwords and telephone numbers. Also, the stolen data allegedly makes it possible to link a particular person with the sale or purchase of a specific weapon.

WH Smith

British retailer WH Smith has suffered a data breach that exposed information belonging to current and former employees. The company operates 1,700 locations across the United Kingdom and employs over 12,500 people, reporting a revenue of $1.67 billion in 2022.“WH Smith PLC has been the target of a cyber security incident which has resulted in illegal access to some company data, including current and former employee data,” reads the company’s cybersecurity notice filed with London’s Stock Exchange.

The University of Saskatchewan (USask)

The University of Saskatchewan (USask)
AudienceView Campus, which manages online ticket sales for Huskie Athletics, informed USask that the data breach potentially included credit card purchases through huskietickets.com between February 17-21, 2023. If you purchased tickets during that time, please carefully review all credit card charges for unusual or unfamiliar activity. It is recommended that you contact your financial service provider about this data breach and follow its instructions.

Reventics

Revenue cycle management company Reventics recently notified 250,918 individuals of a healthcare data breach that impacted some patient information. Reventics detected a cyber intruder within its systems on December 15, 2022 and immediately began investigating the incident.Memphis, Tennessee-based Regional One Health posted a notice on its website informing patients of the breach – Reventics is a third-party business associate of the Tennessee health system.

U.S. Marshals Service

The U.S. Marshals Service (USMS) is investigating the theft of sensitive law enforcement information following a ransomware attack that has impacted what it describes as “a stand-alone USMS system.” USMS is a bureau within the Justice Department that provides support to all elements of the federal justice system by executing federal court orders, seizing illegally obtained assets, assuring the safety of government witnesses and their families, and more.