15 Mar
Here’s your weekly #databreach news roundup:
Acronis, AT&T, HDB Financial Services, DC Health Link, Acer, and Cerebral.
Acronis
The CISO of Acronis has downplayed what appeared to be an intrusion into its systems, insisting only one customer was affected, using stolen credentials, and that all other data remains safe. #databreach https://t.co/FAktKpBVzD
— DevaOnBreaches (@DevaOnBreaches) March 12, 2023
The CISO of Acronis has downplayed what appeared to be an intrusion into its systems, insisting only one customer was affected, using stolen credentials, and that all other data remains safe.
A Thursday thread [PDF] on the notorious Breached Forums leak-mart brought news of the theft. In that post an attacker named kernelware – who also cracked Acer – claimed they had broken into Acronis, and stolen then leaked certificate files, command logs, system configurations, system information logs, archives of their filesystem, python scrips for an Acronis database, and backup configuration, plus oodles of screenshots of backup operations.
Cerebral
Healthcare platform Cerebral is sending #databreach notices to 3.18 million people who have interacted with its websites, applications, and telehealth services. @billtoulas @BleepinComputer https://t.co/yGroc1PNtV
— DevaOnBreaches (@DevaOnBreaches) March 11, 2023
Healthcare platform Cerebral is sending data breach notices to 3.18 million people who have interacted with its websites, applications, and telehealth services.
Cerebral is a remote telehealth company that provides online therapy and medication management for various mental health conditions, including anxiety, depression, ADHD, Bipolar Disorder, and substance abuse.
In a ‘Notice of HIPAA Privacy Breach’ published on Cerebral’s site this week, the company disclosed that they had been using invisible pixel trackers from Google, Meta (Facebook), TikTok, and other third parties on its online services since October 12, 2019.
AT&T
AT&T is notifying roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked in January. #databreach @serghei @BleepinComputer https://t.co/TBywEwzteh
— DevaOnBreaches (@DevaOnBreaches) March 10, 2023
AT&T is notifying roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked in January.
“Customer Proprietary Network Information from some wireless accounts was exposed, such as the number of lines on an account or wireless rate plan,” AT&T told BleepingComputer.
“The information did not contain credit card information, Social Security Number, account passwords or other sensitive personal information. We are notifying affected customers.”
HDB Financial Services
Hacker Leaks 73M Records from Indian HDFC Bank Subsidiary. While HDFC Bank has denied any #databreach, its subsidiary, HDB Financial Services, has confirmed there was a cybersecurity-related incident that is being investigated. @WAK4S @HackRead https://t.co/id5xT0YMLW
— DevaOnBreaches (@DevaOnBreaches) March 10, 2023
While HDFC Bank has denied any data breach, its subsidiary, HDB Financial Services, has confirmed there was a cybersecurity-related incident which is being investigated.
A hacker using the alias Kernelware has leaked 7.5 GB of customer data belonging to HDB Financial Services, a subsidiary of India’s largest private bank, HDFC Bank.
It is worth noting that Kernelware is the same hacker who breached Acer Inc. and leaked 160 GB worth of data on a hacker forum just a few days ago. Acer has now confirmed the breach.
As for the HDFC’s breach, the data was posted on the hacker forum ‘Breached forum’ and contains over 72 million entries. For your information, Breachforums is an infamous forum that surfaced as an alternative to the popular and now-seized Raidforums.
Read more at : https://www.hackread.com/hackers-india-hdfc-bank-data-leak/
DC Health Link
Hackers leak DC Health Link data with Congress Members’ details. The data contains personal and medical details of several members of the U.S. Congress, which are now circulating on Russian hacker forums as well as on Telegram groups. @WAK4S https://t.co/vrDE9ABiQy
— DevaOnBreaches (@DevaOnBreaches) March 10, 2023
A recent data breach is likely to affect hundreds of members of the US Congress as well as Capitol Hill staff after hackers stole personally identifiable information (PII) from DC Health Link, the online health insurance marketplace of the District of Columbia.
Hackread.com can confirm that a hacker has claimed to have leaked the stolen database on Breach Forums, a hacker forum that surfaced as an alternative to the popular and now-seized Raidforums.
In their post, the hacker stated that the data breach occurred in March 2023 on DC Health Link known for serving members of the U.S. Congress and Washington D.C. residents.
Acer
Taiwanese computer giant Acer confirmed that it suffered a #databreach after threat actors hacked a server hosting private documents used by repair technicians. @billtoulas @BleepinComputer https://t.co/0HpTzi9TES
— DevaOnBreaches (@DevaOnBreaches) March 10, 2023
Taiwanese computer giant Acer confirmed that it suffered a data breach after threat actors hacked a server hosting private documents used by repair technicians.
However, the company says the results of its investigation so far do not indicate that this security incident has impacted customer data.
The confirmation of a data breach comes after a threat actor began selling on a popular hacking forum what they claim is 160GB of data stolen from Acer in mid-February 2023.
