Facebook
w44-2022

Here’s your weekly #databreach news roundup:​​​​​

Dropbox, AstraZeneca, Vodafone Italy, Convergent Outsourcing, OakBend Medical Center, Louisiana DPS, Multi-Color Corporation & Shas party.

AstraZeneca

AstraZeneca

Pharmaceutical giant AstraZeneca has blamed “user error” for leaving a list of credentials online for more than a year that exposed access to sensitive patient data.

Mossab Hussein, chief security officer at cybersecurity startup SpiderSilk, told TechCrunch that a developer left the credentials for an AstraZeneca internal server on code sharing site GitHub in 2021. The credentials allowed access to a test Salesforce cloud environment, often used by businesses to manage their customers, but the test environment contained some patient data, Hussein said.

Some of the data related to AZ&ME applications, which offers discounts to patients who need medications.

Convergent Outsourcing

Convergent

On October 26, 2022, Convergent Outsourcing, Inc. reported a data breach with the Montana Attorney General after the company experienced a ransomware attack. According to Convergent Outsourcing, the breach resulted in the names, contact information, financial account numbers, and Social Security numbers being compromised. Recently, Convergent Outsourcing sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.

OakBend Medical Center

OakBend Medical Center suffered a ransomware attack resulting in a healthcare data breach on September 1. OakBend spent the following weeks rebuilding its communication systems.

In a new website notice, OakBend provided additional details about the breach and noted that certain servers and computers were encrypted as a result of the attack. Some data was also removed from OakBend’s systems.

“While we know that the cybercriminals had sufficient access to OakBend’s systems to encrypt our data, our investigation indicates that a limited amount of data was actually transferred out of the OakBend computing environment,” the notice explained.

“For example, we do not believe that the cybercriminals were able to remove the entire medical record of OakBend’s patients. It does appear, however, that the cybercriminals were able to access and/or remove certain employee data sets and certain reports that included the personal and medical information related to our current and former patients, employees, and related individuals.”

Names, contact information, dates of birth, and Social Security numbers were potentially impacted by the breach.

OakBend said it was cooperating with the FBI to investigate the cybercriminals and have since implemented additional security measures.

Louisiana DPS

Louisiana DPS

The Louisiana Department of Public Safety and Corrections has learned about a cybersecurity breach at a third-party health administrator that led to the exposure of health information of about 80,000 inmates over a nine-year period, according to a press release.

The press release states that state and pre-trial inmates who received off-site medical care from the time frame of Jan. 1, 2013 to July 7, 2022 may have had their personal health information exposed.

This resulted from two file directories from third-party administrator CorrectCare being breached, which was initially discovered on July 6, 2022. The Department’s electronic health record was not affected.

As CorectCare only processes claims from inmates who received off-site medical care, onsite inmates did not have any of their health information exposed.

“The Department of Public Safety & Corrections takes the privacy and security of those under its care very seriously and understands that protecting their information is essential,” the press release said. “The Department will continue to work with CorrectCare and other partners to safeguard against future exposure of Public Health Information.”

Dropbox

Dropbox disclosed a security breach after threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in a phishing attack.

The company discovered the attackers breached the account on October 14 when GitHub notified it of suspicious activity that started one day before the alert was sent.

“To date, our investigation has found that the code accessed by this threat actor contained some credentials—primarily, API keys—used by Dropbox developers,” Dropbox revealed on Tuesday.

“The code and the data around it also included a few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads, and vendors (for context, Dropbox has more than 700 million registered users).”

Vodafone Italy

Vodafone Italy

Vodafone Italia is sending customers notices of a data breach, informing that one of its commercial partners, FourB S.p.A., who operates as a reseller of the telecommunications services in the country, has suffered a cyberattack.

According to the notice, the cyberattack took place in the first week of September and resulted in the compromise of sensitive subscriber details.

The exposed information includes subscription details, identity documents with sensitive data, and contact details.

The notice clarifies that no account passwords or network traffic data have been compromised as a result of this incident.

Shas party

Shas party

A security breach in a Shas party database left all details of the 6.5 million citizens on Israel’s voter registry exposed to hackers, with personal information such as phone numbers and family connections available online, in yet another in a string of massive leaks that have plagued recent Israeli elections.

The security breach, easily exploitable by anyone with a web browser and relatively simple technical skills, enabled access to even more information than has been exposed in the past, The Marker business daily reported Sunday.

The state-run Privacy Protection Authority admitted that it had known about the breach for a while before it was reported in the media, and said the hole had been plugged.

Multi-Color Corporation

Multi-Color Corporation

The MCC files and records that were compromised by this cybersecurity incident included sensitive “HR data,” such as personnel files and information on enrollment in our benefits programs. However, based on the measures that we have implemented and the actions we have taken, there is no indication that any personal information subject to this cybersecurity incident has been misused or will be misused in the future.