Week 15 - 2023

Here’s your weekly #databreach news roundup:

American Bar Association, NationsBenefits, Philippine National Police (PNP), National Bureau of Investigation (NBI), Bureau of Internal Revenue (BIR), and Special Action Force (SAF), Monument, and CommScope.


Hackers published a trove of data stolen from U.S. network infrastructure giant CommScope, including thousands of employees’ Social Security numbers and bank account details. The North Carolina–based company, which designs and manufactures network infrastructure products for a range of customers, including hospitals, schools and U.S. federal agencies, was listed on the dark web leak site of the Vice Society ransomware gang. The listing includes a link to data stolen from the company. Ransomware gangs typically publish stolen data when efforts to secure a financial ransom demand fall through.


Another corporate giant has confirmed thousands of healthcare members had information stolen in the cyberattack targeting Fortra customers. Florida-based technology company NationsBenefits said in a data breach notice filed with New Hampshire’s attorney general that more than 7,100 state residents had their personal information stolen in the late-January ransomware attack on Fortra’s systems. NationsBenefits provides supplemental benefits for health insurance members, such as vision, hearing and over-the-counter drugs.

Philippine National Police (PNP), National Bureau of Investigation (NBI), Bureau of Internal Revenue (BIR), and Special Action Force (SAF)

A staggering 1,279,437 records belonging to law enforcement agencies, including sensitive police employee information, have been compromised in an unprecedented data breach, as revealed by a report from the leading cybersecurity research company VPNMentor on Tuesday.

The massive data hack, which exposed 817.54 gigabytes of both applicant and employee records under multiple state agencies, including the Philippine National Police (PNP), National Bureau of Investigation (NBI), Bureau of Internal Revenue (BIR), and Special Action Force (SAF), has put the personal information of millions of Filipinos at risk.


Alcohol recovery startup Monument disclosed a healthcare data breach to HHS that impacted 108,584 individuals. According to a report from The Verge, Monument, which acquired fellow online alcohol recovery service Tempest in 2022, inadvertently exposed patient data due to the use of tracking tools.

The tools used on both Tempest and Monument potentially shared names, email addresses, phone numbers, birthdates, home addresses, insurance information, IP addresses, photographs, assessment and survey responses, and health information with third parties.

Read more at : https://healthitsecurity.com/news/alcohol-recovery-startup-suffers-healthcare-data-breach-108k-impacted

American Bar Association

American Bar Association

The American Bar Association (ABA) has revealed that an unauthorized third party gained access to its computer network starting from March 6, 2023. The incident led to the unauthorized acquisition of usernames and passwords of ABA members. In a letter to affected members, ABA’s Senior Associate Executive Director and General Counsel, Annaliese Fleming, confirmed the incident and informed members of the steps taken by the association to address the situation.

An investigation into the incident, which took place on March 23, 2023, revealed that the unauthorized third party had obtained usernames and “hashed” and “salted” passwords used to access online accounts on an older version of the ABA website prior to 2018 and/or on the ABA Career Center since 2018.