week28-2022

Here’s your weekly #databreach news roundup:​​

Professional Finance Company(PFC), Afni Inc, CHRISTUS Health, Bandai Namco, Deakin University, Marino Boutique Hotel, and Mattax Neu Prater Eye Center.

Professional Finance Company(PFC)

week28-2022-pfc

PFC said in its data breach notice that more than 650 healthcare providers are affected by its ransomware attack, adding that the attackers took patient names, addresses, their outstanding balance and information relating to their account. PFC said that in “some cases” dates of birth, Social Security numbers and health insurance and medical treatment information were also taken by the attackers.

A ransomware attack on a little-known debt collection firm that serves hundreds of hospitals and medical facilities across the U.S. could be one of the biggest data breaches of personal and health information this year.

The Colorado-based Professional Finance Company, known as PFC, which contracts with “thousands” of organizations to process customer and patient unpaid bills and outstanding balances, disclosed on July 1 that it had been hit by ransomware months earlier in February.

Afni, Inc

week28-2022-afni

Afni, Inc breach comes primarily from the data breach letter the company released to affected parties. Evidently, on June 7, 2021, Afni detected what it referred to as “anomalous activity” on its computer systems. In response, Afni contacted third-party cybersecurity professionals and began an investigation into the incident.

This investigation revealed that on or before June 7, 2021, an unauthorized party was able to gain access to the company’s computer system and may have viewed or removed certain data.

Upon discovering that sensitive consumer data was accessible to an unauthorized party, Afni then commenced a review of all affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, address, Social Security number, and date of birth.

On June 14, 2022, Afni sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

CHRISTUS Health

week28-2022-christushealth

Bandai Namco

Game publishing giant Bandai Namco has confirmed that they suffered a cyberattack that may have resulted in the theft of customers’ personal data.

Bandai Namco is a Japanese publisher of numerous popular video games, including Elden Ring, Dark Souls, Pac-Man, Tekken, Gundam, Soulcalibur, and many more.

Deakin University

week28-2022-deakin-university

Deakin University has revealed a data breach impacting almost 47,000 current and past students, along with a ‘smishing’ attempt that compromised a legitimate communications channel to target 10,000 current students

The Victorian university said it had been “targeted in a cyber attack” where a single staff member’s login credentials were compromised.

The credentials allowed the attacker “to access information held by a third-party provider” that Deakin pays “to forward messages prepared by the university to students via SMS.”

“The information accessed by the unauthorised person was then used to send an SMS, as if from Deakin, to 9997 Deakin students,” the university said in a statement.

Marino Boutique Hotel

A Russian hacker infiltrated the booking account of a hotel in Lisbon, the Marino Boutique Hotel, and was able to generate almost half a million euros in fake bookings, reports CNN Portugal. The hacker contacted hundreds of clients, that fell for the scam, between June 12 and 16.

When he hacked the Booking account, he changed the room prices to 40 euros, rather than the usual 200 to 300 euros. Quickly, over 1000 bookings were made in four days. 

The hacker then sent a payment link to clients, diverting funds to his account. The bookings were obviously fake and the tourists were scammed out of their money.

The hotel did not have access to their Booking account for over four days but believed the website was merely down.

Mattax Neu Prater Eye Center

week28-2022-mattaxneupratereye

A healthcare clinic based in Missouri US named ‘Mattax Neu Prater Eye Center’ has suffered a cyber attack, in the wake of which, the center announced the breach at the end of June. However, the attack took place in December 2021. The center has informed the US regulators of a data breach in which more than 92,000 individuals have been affected.

“This incident has affected eye care practices across the country, and is not specific to Mattax Neu Prater. This data security incident occurred entirely within Eye Care Leaders’ network environment, and there were no other remedial actions available to Mattax Neu Prater,” center added. 

 

Mattax Neu Prater Eye Center is a premier provider of advanced laser vision correction, such as LASIK, as well as cataract correction and advanced technology replacement lenses in Springfield, Missouri US. It provides surgical and non-surgical care and has reported that the “third-party data security incident” may have compromised the sensitive data of patients. 

 

“However, a lack of available forensic evidence prevented Eye Care Leaders from ruling out the possibility that some protected health information and personally identifiable information may have been exposed to the bad actor,” the clinic added.