w46-2022

Here’s your weekly #databreach news roundup:​​​​​

Community Health Network, New York-Presbyterian Hospital, Booz Allen Hamilton, Sierra College, Thales, and Whoosh.

Community Health Network

Community Health Network is notifying patients of a possible data breach. 

The hospital system discovered third-party tracking technologies on some of its websites, including the MyChart patient portal, and on some of its appointment scheduling sites. 

Community claims it immediately began working with its service providers to disable and remove the tracking technologies.

New York-Presbyterian Hospital

New York-Presbyterian Hospital has disclosed that it suffered a cybersecurity incident on September 8, affecting the personal information of 12,000 patients, including their first and last names, addresses, medical records numbers, insurance authorization

Booz Allen Hamilton

U.S. government contractor Booz Allen Hamilton has disclosed that a former staffer downloaded potentially tens of thousands of employees’ personal information from the company’s internal network.

The government and defense contractor said that one of its staffers, while still employed by the company, downloaded a report containing the personal information of “active employees as of March 29, 2021.”

A copy of Booz Allen’s website archived in March 2021 said the company had 27,600 employees, many of whom are contracted to U.S. government, military and intelligence agencies and hold high-level security clearances.

Sierra College

sierra-college

 Sierra College reported a data breach with the Montana Attorney General after the school was the recent target of a ransomware attack. According to Sierra College, the breach resulted in the names, addresses, passport numbers, driver’s license numbers, Social Security numbers, financial account information, and medical information of certain students and employees being compromised. Recently, Sierra College sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.

Thales

Thales

Thales is a global high-tech leader with more than 81,000 employees worldwide. The Group invests in digital and deep tech innovations – big data, artificial intelligence, connectivity, cybersecurity and quantum – to build a future of trust, essential to the development of our societies, by placing people at the heart of decision-making.

Whoosh

The Russian scooter-sharing service Whoosh has confirmed a data breach after hackers started to sell a database containing the details of 7.2 million customers on a hacking forum.

Whoosh is Russia’s leading urban mobility service platform, operating in 40 cities with over 75,000 scooters.

On Friday, a threat actor began selling the stolen data on a hacking forum, which allegedly contains promotion codes that can be used to access the service for free, as well as partial user identification and payment card data.

The company confirmed the cyberattack via statements on Russian media earlier this month but claimed that its IT experts had managed to thwart it successfully.