Here’s your weekly #databreach news roundup:

The Oregon Anesthesiology Group (OAG), Brazil Health Ministry Website, Vestas, SA government employees, Giant Umbrella,Hellmann Worldwide Logistics, Atalanta, Volvo, and Cox.

The Oregon Anesthesiology Group (OAG)


The Oregon Anesthesiology Group (OAG) said it suffered a ransomware attack in July that led to the breach of sensitive employee and patient information.

The breach involves the information of 750,000 patients and 522 current and former OAG employees. 

In a statement, the company said it was contacted by the FBI on October 21. The FBI explained that it seized an account that contained OAG patient and employee files from HelloKitty, a Ukrainian ransomware group. 

The FBI said it believes the group exploited a vulnerability in OAG’s third-party firewall, enabling the hackers to gain entry to the network. 

“Patient information potentially involved in this incident included names, addresses, date(s) of service, diagnosis and procedure codes with descriptions, medical record numbers, insurance provider names, and insurance ID numbers,” OAG explained. 

Brazil Health Ministry Website

Brazil’s health ministry said its website was hit on Friday by a hacker attack that took several systems down, including one with information about the national immunisation program and another used to issue digital vaccination certificates.

The government put off for a week implementing new health requirements for travellers arriving in Brazil due to the attack.

“The health ministry reports that in the early hours of Friday it suffered an incident that temporarily compromised some of its systems … which are currently unavailable,” it said in a statement.



A cyber security incident last month forced Vestas to shut down IT systems across multiple business units and locations to contain the issue.

The Danish company said it was able to continue operations but that data had been compromised.

“The hackers managed to retrieve data from the compromised internal file share systems and have made some of the compromised data public,” Vestas said in a statement.

It added that the majority of compromised data includes personal information such as names, contact details and CVs but also some cases of more sensitive information such as social security numbers and bank account information.

“Due to the potential risk caused by the leak of personal data, Vestas encourages all employees and business partners to continue to stay vigilant of any indications of misuse of their personal data,” it said.

SA government employees

The South Australian government has disclosed that the sensitive personal information belonging to tens of thousands of its employees was compromised following a ransomware attack that hit the system of an external payroll software provider last month.

The number of records accessed by hackers corresponds to at least 38,000 SA government employees, but it could be as high as 80,000 according to South Australia’s Treasurer Rob Lucas.

The breached company behind this data breach is Frontier Software, which suffered from a ransomware attack on November 13, 2021.

According to the company’s statement on the incident, the threat didn’t pivot to client systems through their products and the data exfiltration only affected a specific segmented environment.

“The ongoing forensic investigation and other response activities conducted by Frontier Software and CyberCX has now confirmed evidence of some data exfiltration from Frontier Software’s internal Australian corporate environment,” the company said

Giant Umbrella


Payroll service provider Giant Umbrella has moved to assure its contractors they will be paid in due course, after a suspected data breach prompted the firm to “proactively” suspend its entire operations last week.

The company published a statement on Friday 24 September that confirmed it had temporarily- suspended all services and taken all of its systems offline after “suspicious activity” was detected on its network two days before.

This course of action was taken as a “measure of caution”, according to the statement, but has resulted in potentially thousands of contractors who provide services through the firm not being paid as expected on Friday.

Hellmann Worldwide Logistics

Billion-dollar logistics firm Hellmann Worldwide Logistics reported a cyberattack this week that forced them to temporarily remove all connections to their central data center. The company said the shut down was having a “material impact” on their business operations. 

The German company operates in 173 countries, running logistics for a range of air and sea freights as well as rail and road transportation services. Air Cargo News, which first reported the attack, said the company had a revenue of nearly $3 billion last year.

In a statement, Hellmann said its Global Crisis Taskforce discovered the attack but outside cybersecurity experts were brought in to help with the response. 



Swedish carmaker Volvo Cars has disclosed that unknown attackers have stolen research and development information after hacking some of its servers.

“​Volvo Cars has become aware that one of its file repositories has been illegally accessed by a third party,” the company revealed today.

“Investigations so far confirm that a limited amount of the company’s R&D property has been stolen during the intrusion. Volvo Cars has earlier today concluded, based on information available, that there may be an impact on the company’s operation.”​​​​​​

Volvo said it notified relevant authorities after discovering the incident and is now investigating the data theft together with third-party experts.

“The company does not see, with currently available information, that this has an impact on the safety or security of its customers’ cars or their personal data,” Volvo added.


North American food importer Atalanta has admitted that it suffered a data breach involving employees’ personal information as the result of a ransomware attack.

Atalanta (not to be confused with the Italian football club of the same name) went on to say that it “moved quickly to investigate and identify the individuals whose information was potentially involved, and to implement additional security measures to further safeguard its systems and practices”.

The company, North America’s largest privately held specialty food importer, also offered general advice on resources that can help individuals guard against identity theft in cases where their private information has been exposed.



Cox Communications has disclosed a data breach after a hacker impersonated a support agent to gain access to customers’ personal information.

Cox Communications, aka Cox Cable, is a digital cable provider and telecommunication company that provides internet, television, and phone services in the USA.

This week, customers began receiving letters in the mail disclosing that Cox Communications learned on October 11th, 2021, that “unknown person(s)” impersonated a Cox support agent to access customer information.

There are not a lot of details about the security incident, but the hacker likely used a social engineering attack to gain access to Cox internal systems that provided information about customers.

“On October 11, 2021, Cox learned that an unknown person(s) had impersonated a Cox agent and gained access to a small number of customer accounts. We immediately launched an internal investigation, took steps to secure the affected customer accounts, and notified law enforcement of the incident,” reads the data breach notification signed from Amber Hall, Chief Compliance and Privacy Officer of Cox Communications.