Here’s your weekly #databreach news roundup:​

Phelps County Regional Medical Center, OpenSea, Aon PLC, AMD, and California’s gun database.

Phelps County Regional Medical Center


Phelps County Regional Medical Center (“Phelps Health”) announced a data breach related to a cybersecurity incident that occurred at MCG Health, LLC (“MCG”), a vendor used by Phelps Health. According to the notice provided by Phelps Health, the breach resulted in the names, Social Security numbers, medical codes, addresses, telephone numbers, email addresses, dates of birth and genders of affected patients being compromised. On June 17, 2022, Phelps Health filed an official notice of the breach and sent out data breach letters to 12,602 individuals who were affected by the breach.



OpenSea, the popular NFT marketplace that hit a colossal $13 billion valuation in January, is warning users of email phishing after a data breach.

A staff member at Customer.io, an email vendor contracted by OpenSea, misused their employee access to download and share email addresses of OpenSea’s users and newsletter subscribers with an unauthorized external party, the world’s largest NFT marketplace said Wednesday night.

The scale of the security breach appears massive. “If you have shared your email with OpenSea in the past, you should assume you were impacted,” the company said, adding that it’s working with Customer.io in an ongoing investigation and has reported the incident to law enforcement.More than 1.8 million users have made at least one purchase through the Ethereum network on OpenSea, according to data collected by Dune Analytics, an open source crypto analytics platform.



Aon PLC reported a data breach stemming from an incident in which an unauthorized party was able to access the company’s servers for more than a year. Based on the initial documents filed by the company, the breach resulted in the names, Social Security numbers, driver’s license numbers and benefits enrollment information of approximately 31,799 individuals being leaked. However, more recently, on June 24, 2022, Aon, PLC, released a subsequent filing indicating that 145,889 people were affected by the breach.



AMD said it is investigating a potential data breach after RansomHouse, a relatively new data cybercrime operation, claims to have extorted data from the U.S. chipmaker.

An AMD spokesperson told TechCrunch that the company “is aware of a bad actor claiming to be in possession of stolen data,” adding that “an investigation is currently underway.”

RansomHouse, which earlier this month claimed responsibility for a cyberattack on Shoprite, Africa’s largest retailer, claims to have breached AMD on January 5 to steal 450GB of data. The group claims to be targeting companies with weak security, and claimed it was able to compromise AMD due to the use of weak passwords throughout the organization.

California’s gun database

California’s gun database, dubbed the Firearms Dashboard Portal, was meant to improve transparency around the sale of weapons. Instead, when new data was added to it on June 27, the update proved to be a calamity. During the planned publication of new information, the California Department of Justice made a spreadsheet publicly accessible online and exposed more than 10 years of gun owner information. Included in the data breach were the names, dates of birth, genders, races, driver’s license numbers, addresses, and criminal histories of people who were granted or denied permits for concealed and carry weapons between 2011 and 2021. More than 40,000 CCW permits were issued in 2021; however, California’s justice department said financial information and Social Security numbers weren’t included in the data breach.