31 May
Here’s your weekly #databreach news roundup:
General Motors, Illuminate Education, Scarborough Health Network (SHN), Nederlander Theatrical Corp, Zola, and National Registration Department (NRD) – Malaysia.
Illuminate Education
The data breach notifications posted on the California Attorney General’s website, representing 23 districts and 431,000 students, mean that Illuminate Education’s data breach leaked the private information of well over 3 million studentshttps://t.co/AaQo8uWExT
— DevaOnBreaches (@DevaOnBreaches) May 28, 2022
The breach of student data that occurred during a January 2022 cyberattack targeting Illuminate Education’s systems is now known to have impacted the nation’s second-largest school district, Los Angeles Unified with 430,000 students, which has notified state officials along with 24 other districts in California and one in Washington state.
The data breach notifications posted on the California Attorney General’s website in the past week by LAUSD, Ceres Unified School District with 14,000 students, and Riverside County Office of Education representing 23 districts and 431,000 students, mean that Illuminate Education’s data breach leaked the private information of well over 3 million students — and potentially several times that total.
The vast reach of the data breach will likely never be fully known because most state laws do not require public disclosure of data breaches; Illuminate has said in a statement that the data of current and former students was compromised at the impacted schools but declined to specify the total number of students impacted in multiple email communications with THE Journal.
Scarborough Health Network (SHN)
Canadian healthcare service provider Scarborough Health Network (SHN) has warned that a #databreach may have exposed patient healthcare records. @jleyden https://t.co/oPl0A2bFhm
— DevaOnBreaches (@DevaOnBreaches) May 27, 2022
Canadian healthcare service provider Scarborough Health Network (SHN) has warned that a data breach may have exposed patient healthcare records.
In a breach notice, SHN explained that its IT staff noticed unusual activity on its systems on January 25.
After containing the problem and calling in help from external IT forensics experts, a subsequent investigation discovered that a “subset of data” on a number of SHN’s servers had been accessed by unauthorized parties.
Unnamed hackers were kicked off its systems by February 1, according to SHN. IT security controls and monitoring practices have been upgraded to guard against potential follow-up attacks.
Nederlander Theatrical Corp
Nederlander Theatrical Corp. reported that the company was the target of a cyberattack exposing the names and Social Security numbers of affected parties being leaked. #databreach https://t.co/Ar0yrLex5h
— DevaOnBreaches (@DevaOnBreaches) May 26, 2022
According to the recent notice provided to those who were impacted by the breach, Nederlander first detected a problem on November 21, 2021, when the company became aware of suspicious activity on its computer network. In response, Nederlander secured its systems and, with the assistance of third-party experts, launched an investigation into the incident.
The investigation confirmed that the company was indeed the victim of a cyberattack and that certain files on its network were subject to unauthorized access. Upon discovering that sensitive consumer data was contained in the files that were accessible to the unauthorized party, Nederlander Theatrical Corp. reviewed the affected files in hopes of determining exactly what information was compromised and to whom it belonged.
While the breached information varies depending on the individual, it may include your name and Social Security number. According to an official filing by Nederlander, the company believes that the breach affected the information of 14,318 individuals.
General Motors
General Motors suffered a hack that exposed a significant amount of sensitive personal information on car owners—names, addresses, phone numbers, locations, car mileage, and maintenance history. #databreach @LucasRopek1 https://t.co/ybuNeYaNrP
— DevaOnBreaches (@DevaOnBreaches) May 26, 2022
General Motors suffered a hack that exposed a significant amount of sensitive personal information on car owners—names, addresses, phone numbers, locations, car mileage, and maintenance history.
The Detroit-based automaker revealed details of the incident in a breach disclosure filed with the California Attorney General’s Office on May 16. The disclosure explains that malicious login activity was detected on an unspecified number of GM online user accounts between April 11 and 29. Further investigation revealed that the company had been hit with a credential stuffing attack, which saw hackers infiltrate user accounts to steal customer reward points, which they then redeemed for gift cards. Credential stuffing is a rudimentary type of cyberattack that involves using lists of previously compromised login credentials to hack into online accounts. Such lists can be purchased with relative ease on the dark web.
Zola
Zola, a wedding planning startup that allows couples to create websites, budgets, and gift registries, has confirmed that hackers gained access to user accounts but has denied a breach of its systems. #databreach @CarlyPage_ https://t.co/09fyUNMxUU
— DevaOnBreaches (@DevaOnBreaches) May 24, 2022
Zola, a wedding planning startup that allows couples to create websites, budgets and gift registries, has confirmed that hackers gained access to user accounts but has denied a breach of its systems.
The incident first came to light over the weekend after Zola customers took to social media to report that their accounts had been hijacked. Some reported that hackers had depleted funds held in their Zola accounts, while others said they had thousands of dollars charged to their credit cards.
In a statement given to TechCrunch, Zola spokesperson Emily Forrest said that accounts had been breached as a result of a credential stuffing attack, where existing sets of exposed or breached usernames and passwords are used to access accounts on different websites that share the same set of credentials.“The vast majority of Zola couples were not impacted, but we are deeply apologetic to those who detected any irregular account activity,” Forrest said. “Our team acted as quickly as possible to protect our community of couples and guests, and we were able to block all attempted fraudulent transfers.”
Read more at : https://techcrunch.com/2022/05/23/zola-accounts-hacked/
National Registration Department (NRD) - Malaysia
Initially reported that a database allegedly from the NRD about 160GB in size, was being sold for US$10,000 on the dark web. The data contained information on 22.5 million Malaysians. #databreachhttps://t.co/7GHJ45wM8a
— DevaOnBreaches (@DevaOnBreaches) May 24, 2022
As millions of Malaysians are worried that their personal data could go into the wrong hands following an alleged data leak at the National Registration Department (NRD), the government has assured the public that the situation may not be as serious as it seems.
In fact, the Home Minister of Malaysia stated that the alleged data leak containing information of 22.5 million Malaysians is not from the NRD as there was a mechanism in place which could prove that the leaked information did not come from the department.
Local tech portal Amanz had initially reported that a database allegedly from the NRD about 160GB in size, was being sold for US$10,000 on the dark web. The data contained information on 22.5 million Malaysians born between 1940 and 2004.
This is not the first time the NRD has been breached. Last year, a database of about 4 million Malaysians from the NRD also made its way to forums on the dark web and was sold on it.