Week 52-2022

Here’s your weekly #databreach news roundup:​​​​​

Indian Railway Catering and Tourism Corporation, Lake Charles Memorial Health System, FoundCare, 3Commas, Nio, and Comcast Xfinity.

Indian Railway Catering and Tourism Corporation

Indian Railway Catering and Tourism Corporation

The Ministry of Railways has denied reports about a potential data breach of Indian Railway Catering and Tourism Corporation (IRCTCT) and said that the data breach was not from the IRCTC servers.

The Railway Ministry said in a statement on Wednesday stated,”On analysis of sample data, it was found that the sample data key pattern does not match with IRCTC history application programming interface (API). Suspected data breach is not from the IRCTC servers.”

Lake Charles Memorial Health System

Lake Charles Memorial Health System

Hackers accessed the personal data of nearly 270,000 patients in an attempted ransomware attack on a Louisiana health care system in October, a spokesperson for the system told CNN Wednesday.

Lake Charles Memorial Health System, which includes a 314-bed hospital, thwarted the hackers’ attempt to encrypt its computers and prevented any disruption to patient care, according to spokesperson Allison Livingston. The health care provider’s own security team detected the hack, Livingston said in an email.

The hack was disclosed in recent days as the network of hospitals notifies patients whose data was compromised. That includes patients’ health insurance information, medical records numbers and, in “limited instances,” Social Security numbers, according to the health system.

FoundCare

FoundCare

FoundCare, Inc. reported a data breach with the U.S. Department of Health and Human Services Office for Civil Rights after the company learned that an unauthorized party was able to access confidential patient information by gaining access to several employee email accounts. According to FoundCare, the breach resulted in the following patient information being compromised: first and last names, addresses, email addresses, credit card numbers, Social Security numbers, protected health information, dates of birth, and passport numbers. Recently, FoundCare sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.

3Commas

An anonymous Twitter user has obtained around 100,000 API keys belonging to users of the crypto trading service 3Commas. The leaker published more than 10,000 of the keys on Wednesday and says the rest “will be published full [sic] randomly in the upcoming days.”

3Commas CEO Yuriy Sorokin confirmed the authenticity of the leak in a tweet on Wednesday, adding that “as an immediate action, we have asked that Binance, KuCoin, and other supported exchanges revoke all the [API] keys that were connected to 3Commas.”

Nio

China-based Nio Inc said on Tuesday that hackers had breached its computer systems and accessed data on users and vehicle sales, in the latest hacking incident to hit the global auto industry.

The hackers had sent an email to the electric carmaker demanding $2.25 million worth of bitcoin and claiming that they had its internal data, according to media reports.

The company said it was working with government authorities to investigate the data breach.

Comcast Xfinity

Comcast Xfinity customers report their accounts being hacked in widespread attacks that bypass two-factor authentication. These compromised accounts are then used to reset passwords for other services, such as the Coinbase and Gemini crypto exchanges.

Starting on December 19th, many Xfinity email users began receiving notifications that their account information had been changed. However, when attempting to access the accounts, they could not log in as the passwords had been changed.