Here’s your weekly #databreach news roundup:

Toyota, Samsung, Perry Johnson & Associates(PJ&A), Truepill, Courts, Coin Cloud, and Plume.


Incident Overview:
  • Toyota Financial Services (TFS), a subsidiary of Toyota Motor Corporation, confirmed unauthorized access to some of its systems in Europe and Africa. The Medusa ransomware group claimed responsibility for the attack.
Corporate Profile:
  • TFS is a global entity, involved in auto financing, with a presence in 90% of markets where Toyota vehicles are sold.
Ransom Demand:
  • Medusa ransomware listed TFS on its data leak site, demanding a ransom of $8,000,000. The group provided Toyota a 10-day response deadline, with an option to extend for $10,000 per day.
Data Theft Claims:
  • While TFS did not confirm data theft, Medusa claims to have exfiltrated files and threatens a data leak if the ransom is not paid.
Published Proof:
  • To substantiate their claim, the hackers released sample data including financial documents, spreadsheets, purchase invoices, hashed account passwords, cleartext user IDs and passwords, passport scans, internal organization charts, financial reports, staff email addresses, etc.
Extent of the Breach:
  • The majority of the documents are in German, suggesting that the breach primarily affected Toyota’s Central European operations.
Investigation Status:
  • The current status of the investigation into the full extent of the breach or Toyota’s response to the ransom demand remains unclear.


Incident Overview:
  • Samsung acknowledged a breach in its systems, leading to unauthorized access to the personal data of its U.K. e-store customers.
Duration of Breach:
  • The breach occurred over a year-long period, specifically affecting transactions made between July 1, 2019, and June 30, 2020.
Discovery of Breach:
  • Samsung did not discover the compromise until November 13, 2023, more than three years after the initial breach.
Method of Attack:
  • Attackers exploited a vulnerability in an unnamed third-party business application to gain access to customer information.
Data Compromised:
  • The exposed data includes customers’ names, phone numbers, postal addresses, and email addresses. Samsung confirmed that no financial data or passwords were impacted.
Company Response:
  • Samsung reported the issue to the U.K.’s Information Commissioner’s Office (ICO) and informed affected customers about the breach.
Regulatory Involvement:
  • The ICO, represented by spokesperson Adele Burns, confirmed awareness of the incident and plans to make enquiries.
Previous Breaches:
  • This incident marks the third data breach disclosed by Samsung in the past two years. Previous incidents include an attack on its U.S. systems in September 2022 and a breach in March 2022, where Lapsus$ hackers leaked confidential data, including source code and biometric unlock algorithms.

Perry Johnson & Associates(PJ&A)

Incident Overview:
  • Perry Johnson & Associates (PJ&A), a U.S.-based medical transcription service, experienced a cyberattack resulting in the theft of sensitive information from nearly nine million patients.
Company Profile:
  • PJ&A, located in Henderson, Nevada, provides transcription services for healthcare organizations and physicians, converting dictated patient notes into written records.
Extent of Breach:
  • The data breach, affecting more than 8.95 million individuals, began as early as March 2023. PJ&A started notifying affected patients on October 31, six months later.
Data Compromised:
  • The stolen data includes patient names, dates of birth, addresses, medical and hospital account numbers, admission diagnoses, service dates and times, and some Social Security numbers. It also encompasses insurance details, clinical information, laboratory and diagnostic test results, medications, treatment facility names, and healthcare provider identities.
Response and Investigation:
  • The exact nature of the cyberattack is not yet clear, and PJ&A’s chief executive Jeffrey Hubbard has not responded to requests for comment.
Affected Healthcare Systems:
  • At least two PJ&A customers have confirmed their patients’ data was involved:
    • Northwell Health (New York State): 3.89 million patients affected. This is Northwell Health’s second patient data breach in 2023.
    • Cook County Health (Illinois): 1.2 million patients affected, including records of 2,600 patients with Social Security numbers.
Unaccounted Patient Data:
  • As of now, data pertaining to approximately four million patients remains unaccounted for.


Incident Overview:
  • Truepill, operating as Postmeds, is notifying individuals of a data breach in which threat actors accessed sensitive personal information.
Company Profile:
  • Truepill is a B2B pharmacy platform offering order fulfillment and delivery services, serving D2C brands, digital health companies, and healthcare organizations across the U.S.
Breach Scale:
  • The breach impacts 2,364,359 people, as reported by the U.S. Department of Health and Human Services Office for Civil Rights breach portal.
Breach Discovery and Timeline:
  • The unauthorized network access was discovered on August 31, 2023, with the intrusion occurring a day earlier.
Compromised Data:
  • Data potentially accessed includes full names, medication types, demographic information, and names of prescribing physicians. Social Security numbers were not part of the exposed data.
Consumer Confusion:
  • Some recipients of the breach notifications reported never having heard of Truepill, causing confusion about how their data was obtained by the company.
Legal Implications:
  • The breach may lead to multiple class action lawsuits. The lawsuits are likely to argue that the breach could have been prevented with better security practices, including encryption of sensitive healthcare data on servers.
Delayed Notification and Consequences:
  • Postmeds took over two months to notify affected individuals, a delay that may be highlighted in lawsuits. During this period, some impacted individuals noticed suspicious activity on their Venmo accounts and later found their personal data on the dark web.
Criticism of Breach Notice:
  • The breach notices have been criticized for being vague, lacking details on how the breach occurred, and not offering guidance or identity theft protection services.
Additional Leaked Data:
  • A law firm involved in litigation against Postmeds reports that leaked data also includes addresses, dates of birth, medical treatment and diagnosis information, and health insurance details, which were not mentioned in the company’s notice.


Courts E-commerce Platform Update Summary
  • In September, Courts replaced its e-commerce platform with a new, more secure website: www.courts.com.
  • Courts assured its e-commerce customers that their payment methods and password information were not exposed in any recent incident.
  • The data leakage incident did not affect customers who made purchases in Courts’ physical stores.
  • Courts emphasized the importance of data security and apologized for any inconvenience caused by the incident. They are aligning their practices with the incoming Data Protection Act, effective December 1, 2023.

Coin Cloud

Incident Overview:
  • Coin Cloud, a now-defunct Bitcoin ATM provider, experienced a significant data breach where hackers infiltrated its security infrastructure.
User Data Compromised:
  • The breach compromised personal information of over 300,000 users, including 70,000 customer selfies taken by ATM cameras. Additionally, sensitive data like social security numbers, dates of birth, names, email addresses, phone numbers, occupations, and physical addresses were stolen.
Geographical Impact:
  • The breach has severe implications for users in both the United States and Brazil, raising concerns of identity theft and other cybercrimes.
Stolen Intellectual Property:
  • The hackers also claimed to have stolen the entire source code of Coin Cloud’s backend, encompassing proprietary technology essential for cryptocurrency ATM operations.
Risk to Users:
  • With access to Coin Cloud’s systems, users face risks of misuse and exploitation due to the hackers’ detailed understanding of the company’s infrastructure.
Company’s Financial State:
  • Coin Cloud had filed for bankruptcy in February, indicating financial troubles with liabilities between $100 million and $500 million and assets ranging from $50 million to $100 million. This financial instability may have contributed to the security vulnerabilities exploited in the breach.


Incident Report:
  • Plume, a smart WiFi services provider, is currently under scrutiny after claims of a data breach were posted on a popular data leak forum.
Alleged Data Theft:
  • Attackers allege they have stolen over 20GB of Plume’s WiFi database, containing more than 15 million lines of user data.
Company’s Response:
  • Plume is investigating these claims. A representative from the company acknowledged awareness of the breach claim and stated that their teams are examining the situation.
Contents of the Alleged Leak:
  • The dataset reportedly includes information of mobile app users, customers, and staff members of Plume. It is claimed to contain email addresses, device details, carriers, names, iOS and Android versions, among other data.
Verification of Data Sample:
  • The Cybernews research team confirmed that the data sample provided by the attackers seems to match their statements. However, without the full dataset, it remains uncertain if the data truly belongs to Plume or is sourced from elsewhere.
Attackers’ Unusual Approach:
  • Notably, the attackers publicly announced the leak on social media through an X account, deviating from the typical covert methods of disseminating such information.