Here’s your weekly #databreach news roundup:
South Denver Cardiology Associates (SDCA), TransUnion, and DENSO.
South Denver Cardiology Associates (SDCA)
A data breach at US health clinic South Denver Cardiology Associates (SDCA) has exposed the medical information of more than 287,000 people.
In a data breach notice (PDF), SDCA admitted that an unnamed attacker broke into its systems and had access to confidential databases for three days between January 2, 2022, and January 5, 2022, before the breach was detected and thwarted.
SDCA notified law enforcement and called in the help of an external computer forensics firm to determine the scope of the compromise.
This investigation revealed that attackers accessed files containing a variety of sensitive information.
The exposed data included “patients’ names, dates of birth, Social Security numbers and/or drivers’ license numbers, patient account numbers, health insurance information, and clinical information, such as physician names, dates and types of service, and diagnoses”.
TransUnion South Africa has disclosed that hackers breached one of their servers using stolen credentials and demanded a ransom payment not to release stolen data.
The African division of TransUnion operates in eight African countries offering commercial and consumer insurance and risk information solutions across various industries.
According to the company’s statement, an unauthorized person obtained access to a server based in South Africa using stolen credentials.
The system infiltrator appears to have exfiltrated data stored in that server and then extorted TransUnion by demanding a ransom payment for not publishing the stolen files. The company has noted it will not pay the hacker.
TransUnion South Africa says they have engaged with cybersecurity experts and digital forensic experts to investigate the incident. They are also working with law enforcement and the country’s regulators.
Automotive parts manufacturer DENSO has confirmed that it suffered a cyberattack on March 10th after a new Pandora ransomware operation began leaking data allegedly stolen during the attack.
DENSO is one of the world’s largest automotive components manufacturers, supplying brands such as Toyota, Mercedes-Benz, Ford, Honda, Volvo, Fiat, and General Motors with a wide range of electrical, electronic, powertrain control, and various other specialized parts.
The company operates out of Japan but has over 200 subsidiaries and 168,391 employees worldwide and reports $44.6 billion in revenue for 2021.