Week48-2022

Here’s your weekly #databreach news roundup:​​​​​

LastPass, Receivables Performance Management, Hive Social, and Connexin Software.

LastPass

LastPass

Password manager LastPass said it’s investigating a security incident after its systems were compromised for the second time this year.

LastPass chief executive Karim Toubba said in a blog post that an “unauthorized party” recently gained access to some customers’ information stored in a third-party cloud service shared by LastPass and its parent company, GoTo. Toubba said the unauthorized party used information stolen from LastPass’ systems in August, which the company disclosed at the time.

The third-party cloud service wasn’t named, but a 2020 blog post by Amazon Web Services cited the company’s transition of a billion customer records to Amazon’s cloud.

Toubbadid not say what specific customer information was taken, but said it was working to “understand the scope of the incident and identify what specific information has been accessed.”

Receivables Performance Management

Receivables Performance Management

A Lynnwood-based debt-collection company has been sued for compromising the names and Social Security information of more than 3.7 million individuals in a data breach in April 2021. 

Multiple lawsuits filed in federal court in Washington this week claim the firm, Receivables Performance Management, failed to notify impacted individuals of the breach for more than 18 months.

RPM’s attorney Brian Middlebrook, a partner at New York-based law firm Gordon Rees Scully Mansukhani, said the company apologizes for the inconvenience the incident has caused. RPM conducted an investigation before notifying the affected individuals last month, Middlebrook said. 

Hive Social

Hive Social

Hive Social, one of the microblogging platforms that gained popularity following Elon Musk’s acquisition of Twitter, has gone offline while it fixes a number of major security issues.

 

In the days following Elon Musk’s Twitter takeover, many users fled to alternative microblogging platforms, such as Mastodon and Hive, amassing millions of new users practically overnight. But with the increased popularity also came increased scrutiny.

Connexin Software

Connexin Software, a company that offers pediatric-specific health IT solutions and operates under the name Office Practicum, notified more than 2.2 million individuals of a healthcare data breach that occurred in August 2022. Nearly 120 pediatric physician practices and practice groups were impacted by the breach.

Connexin provides practice management and electronic medical records software to pediatric physician practice groups, as well as billing services and business analytic tools. In late August, Connexin said it detected a “data anomaly” on its internal network.

Further investigation revealed that an unauthorized party was able to access an offline set of patient data used for troubleshooting and data conversion and subsequently remove some of that data.