Facebook
week48_2021-min-min

Here’s your weekly #databreach news roundup:

Broward County School District, Gale Healthcare Solutions, EVANGELION Store, Planned Parenthood LA , DNA Diagnostics Center (DDC), and Panasonic.

Broward County School District

week48_bowardcounty

A US school district has warned 50,000 students and employees that their data may have been exposed following a ransomware attack.

Broward County School District, in the state of Florida, admitted that personal information could have been accessed by malicious hackers during a cyber-attack between November 2020 and March 2021.

The district had previously kept details of the incident under wraps, and also insisted that no data had been affected.

Earlier this week (November 29), however, the institution confirmed that the unauthorized access “may have potentially included the sensitive information of some faculty, staff, and students”.

Gale Healthcare Solutions

More than 30,000 US healthcare workers’ personal information was recently exposed due to a non-password protected database, according to security researcher Jeremiah Fowler and a team of ethical hackers with Website Planet. 

Fowler discovered a database run by Gale Healthcare Solutions with 170,239 exposed records that included names, emails, home addresses, photos and in some cases Social Security Numbers as well as tax documents. 

Gale Healthcare Solutions is a Tampa, Florida tech company that connects healthcare workers with healthcare organizations looking to hire people for certain shifts.

Fowler said the information also included forms about certain incidents, disciplines and terminations.

“We only reviewed a limited sampling of documents and did not review each and every file. The files were hosted on an AWS cloud server and many of the registration documents were open and publicly accessible,” Fowler told ZDNet.

EVANGELION STORE

The online version of the EVANGELION STORE announced on its website yesterday the website has had a data breach, with 17,828 credit card numbers leaked, passwords stolen, and more identifiable information revealed from the period of June 8, 2020, to June 30, 2021.

The online store was first alerted to the breach by the credit card companies themselves on July 12, 2021, and subsequently removed the ability to pay by card that same day. The EVANGELION STORE online is currently offline due to the issues, with no announcement for when it’ll come back online.

After Groundworks, who operates this Evangelion store, was told of the issue, they hired a third-party company to investigate how it happened, as well as who was affected. The store apologized for how long it took to announce the breach but wanted to wait for the investigations to be over from the third-party company as well as the credit card companies.

Planned Parenthood LA

week48_2021_plannedparenthood

​Planned Parenthood Los Angeles has disclosed a data breach after suffering a ransomware attack in October that exposed the personal information of approximately 400,000 patients.

According to a data breach notification sent to Planned Parenthood Los Angeles (‘PPLA’) patients, the cyberattack occurred between October 9th and 17th, allowing threat actors to steal files from the compromised network.

“On October 17, 2021, we identified suspicious activity on our computer network. We immediately took our systems offline, notified law enforcement, and a third-party cybersecurity firm was engaged to assist in our investigation,” explained the notification sent to affected patients.

“The investigation determined that an unauthorized person gained access to our network between October 9, 2021 and October 17, 2021, and exfiltrated some files from our systems during that time.”

However, it wasn’t until November 4th that PPLA determined that the stolen files contained patients’ personal information, including their “address, insurance information, date of birth, and clinical information, such as diagnosis, procedure, and/or prescription information.”

DNA Diagnostics Center (DDC)

DNA Diagnostics Center (DDC), an Ohio-based DNA testing company, has disclosed a hacking incident that affects 2,102,436 persons.

The incident resulted in a confirmed data breach that occurred between May 24, 2021, and July 28, 2021, and the firm concluded its internal investigation on October 29, 2021.

The information that the hackers accessed includes the following:

  • Full names
  • Credit card number + CVV
  • Debit card number + CVV
  • Financial account number
  • Platform account password

The compromised database contained older backups dating between 2004 and 2012, and it’s not linked to the active systems and databases used by DDC today.

Panasonic

week48_2021_panasonic

Japanese tech giant Panasonic has confirmed a data breach after hackers gained access to its internal network.

Panasonic said in a press release dated November 26 that its network was “illegally accessed by a third party” on November 11 and that “some data on a file server had been accessed during the intrusion.” However, when reached, Panasonic spokesperson Dannea DeLisser confirmed that the breach began on June 22 and ended on November 3 — and that the unauthorized access was first detected on November 11.

The Osaka, Japan-based company provided few other details of the breach. In its press release, the company said that in addition to conducting its own investigation, it’s “currently working with a specialist third-party organization to investigate the leak and determine if the breach involved customers’ personal information and/or sensitive information related to social infrastructure.”