Search This Blog

Showing posts with label Social Security Number. Show all posts

Data Exposed at County of Tehama, Here's All You Need to Know

As per the announcement made by the County of Tehama in California, a data security breach that allowed unauthorized access to files on its systems was handled. 

The County of Tehama started mailing to individuals whose data may have been linked to the event on November 17, 2022. The County of Tehama is giving free credit monitoring and identity theft prevention services to anybody whose Social Security numbers or driver's licence numbers were involved.

In addition, the organisation opened an investigation and alerted law authorities. After conducting an investigation, the County of Tehama came to the conclusion that between November 18, 2021, and April 9, 2022, an unauthorised person had gained access to its IT network.

Further findings from the inquiry revealed that the unauthorised user had accessed files on the County of Tehama Department of Social Services' computer systems.

A special, toll-free incident response line has also been set up by the County of Tehama to address any queries people may have. Call 855-926-1376 between 6:00 a.m. and 3:30 p.m., Pacific Time, Monday through Friday if anyone has any questions about this incident or thinks their information may have been compromised.

The County of Tehama advises those whose information may have been compromised to stay alert to the danger of fraud by examining their financial account statements and promptly informing their financial institution of any suspicious activity.

Data Breach at City of Tucson Affected 123,500 Users

The City of Tucson, Arizona, recently announced a data breach that compromised the personal data of more than 125,000 people.

Data breach

A data breach is a scenario in which information is taken from a system without the owner's knowledge or consent. A data breach could happen to a small business or a major corporation.

If related data are among the information stolen, victims and their customers can also sustain financial damages. Malware or hacking attacks are to be blamed for the majority of data breaches.

Violation of user data

Although the event was discovered around May 2022, the city's investigation was not finished until last month.

The city claims that the issue was triggered by compromised network account credentials that gave the hackers access to files containing certain people's personal information in a data breach notice posted on its website. Between May 17 and May 31, the malicious hackers who had access to the network may have stolen or downloaded documents that contained the personal information of 123,513 people. 

The attacker may have had access to the affected people's names and Social Security numbers among other sensitive personal information disclosed during the incident, the City informed those who might have been impacted on September 23. Furthermore, according to letters of notification issued to the affected parties, there is no proof that this personal data has been exploited up to this point.

The city claims that after quickly recognizing the breach, it was able to contain it and make repairs and that it is also taking extra steps to strengthen its cybersecurity. The City is also offering advice to those affected on better defending themselves against fraudulent activities including identity theft and fraud.

The breach notification letters stated, "As part of its ongoing obligations to the security of information under its care, the City is reviewing its current policies and procedures regarding cybersecurity and considering extra measures and safeguards to defend against this sort of event in the future.

In addition, the city said it will provide free credit monitoring services to anyone affected and advice on how to safeguard oneself against fraud and identity theft.

Nelnet Servicing breach over 2.5 Million Student Loan Data

A hack on technology services supplier Nelnet Servicing affected more than 2.5 million persons with students with student loan accounts with EdFinancial and the Oklahoma Student Loan Authority. 

The provider claims that hackers accessed its systems without authorization in June and continued to do so through July 22. There have been about 2,501,324 people who were affected by the data breach.

The information that was made public includes full name, place of residence, email address, contact details, and social security number. 

Hackers can exploit the aforementioned data by employing a number of tricks like phishing, social engineering, impersonation, and other tactics. The danger of exposure is amplified because loans are such a delicate subject.

Nelnet informed Edfinancial and OSLA that the attackers initially gained access by taking advantage of a vulnerability in its systems.

Nelnet claims to have stopped the hack as soon as the security vulnerability was discovered, but a later review, which was finished on August 17, 2022, found that some student loan account registration data may have been obtained.

Customers who might be impacted have already been informed by EdFinancial and OSLA, although EdFinancial made it clear that not all of its clients are affected as Nelnet Servicing is not its only technology supplier. 

It has been suggested that people use the free identity theft protection services offered by EdFinancial and OSLA if their data may have been affected by the event. Furthermore, due to the data breach, the provider of technical services could be subject to a class action lawsuit. 

The law firm "Markovits, Stock & DeMarco" yesterday began an inquiry into the possibility of a class action lawsuit due to the magnitude of this data breach occurrence.

According to a letter sent to impacted borrowers, "we urge you to be alert against incidences of identity theft and fraud over the following 24 months, by examining your account statements and keeping an eye on your free credit reports for suspicious activity and to spot errors."

It is advised that those who receive the notices sign up for Experian's IdentityWorks service right once to shield themselves from fraud, and they should also keep a watch for any other incoming correspondence.

ATC Healthcare, Community of Hope & The People Concern Disclose Data Breaches


ATC Healthcare in New York made a news statement disclosing a breach in December 2021. Their press statement is not as clear or extensive as an updated notice on their website, thus this description is based on the website notice: 

ATC noticed strange behaviour with various staff email accounts on December 22, 2021. The email accounts were accessed without authorisation at various occasions between February 9, 2021, and December 22, 2021, according to the investigation. 

At the time of the incident, the compromised email accounts contained the following data: names, Social Security numbers, driver's licence numbers, financial account information, usernames and passwords, passport numbers, biometric data, medical information, health insurance information, electronic/digital signatures, and employer-assigned identification numbers. 

As is typically the case, investigators were unsure exactly what data had been accessed, thus notifications were made to all individuals who may have been affected. They do not appear to be providing any free services and highlight that there is no conclusive proof that any data was read, copied, or exfiltrated. 

Community of Hope D.C. (COHDC) 

COHDC learnt of a data security problem involving unauthorised access to one of its employees' email accounts on February 7, 2022. According to reports, the issue was uncovered after the account's authorised user saw spam messages being sent from the account. 

An investigation indicated that between January 27 and February 7, 2022, an unauthorised actor may have accessed specific files and data housed within a single Outlook 365 email account. Individuals' Social Security numbers, driver's licence numbers, financial information, health insurance information, and health diagnostic information may have been obtained. COHDC appears to have made arrangements with IDX to assist and serve the individuals affected. The complete notification is available on the COHDC website.   

The People Concern 

The People Concern (TPC) in California discovered that an unauthorised user accessed workers' email accounts on various days between April 6, 2021, and December 9, 2021, however, they do not identify when they initially detected an issue. 

As in previous incidents, investigators were unable to identify whether emails or data in the email accounts were accessed. TPC gathers information on community members and staff such as their name, date of birth, Social Security number, health insurance information, and medical information about the care they may have gotten in one of their programmes. TPC is giving IDX services to people whose SSN or driver's licence information may have been compromised. 

Advocates, Inc. 

Advocates, Inc. in Massachusetts published a news release on June 28. 

"According to the release, on October 1, 2021, Advocates was informed that Advocates' data had been copied from its digital environment by an unauthorized actor. Investigation revealed that an unknown actor gained access to and obtained data from the Advocates network between September 14, 2021, and September 18, 2021. The unauthorized individual was able to acquire personal and protected health information including name, address, Social Security number, date of birth, client identification number, health insurance information, and medical diagnosis or treatment information."

A further look at their website notice suggests that the identification of additional impacted persons was ongoing until June. As they put it:

"Advocates is not aware of any evidence of the misuse of any information potentially involved in this incident. However, beginning on January 3, 2022, Advocates mailed notice of this incident to potentially impacted individuals for which Advocates had identifiable address information. Advocates then worked diligently with experts to review the impacted data set and identify any additional potentially impacted individuals with address information. That process was completed on June 9, 2022, and on June 28, 2022, Advocates provided notice of this incident to those individuals."

LAPSUS$ Group Targets SuperCare Health


SuperCare Health, a California-based respiratory care provider, has revealed a data breach that exposed the personal details of over 300,000 patients. Someone had access to specific systems between July 23 and July 27, 2021. By February 4, the company had assessed the scope of the data breach, learning the attackers had also acquired patient files including sensitive personal information such as:
  • Names, addresses, and birth dates.
  • A medical group or a hospital.
  • Along with health insurance details, a patient's account number and a medical record number are required. 
  • Data about one's health, such as diagnostic and treatment information. 
  • A small number of people's Social Security numbers and driver's license information were also revealed. 

"We have no reason to suspect any information was published, shared, or misused," according to SuperCare Health, but all possibly impacted patients should take extra security precautions to avoid identity theft and fraud. 

On March 25, the company notified all affected customers and implemented extra security steps to prevent the following breaches. The breach has affected 318,379 people, according to the US Department of Health and Human Services. Based on the number of people affected, this is presently among the top 50 healthcare breaches disclosed in the last two years. SuperCare Health further told, "We have reported the event to a Federal Bureau of Investigation and it will cooperate to help us identify and prosecute those involved." 

In the last several months, several healthcare institutions have revealed massive data breaches. Monongalia Health System (400,000 people affected), South Denver Cardiology Associates (287,000 people affected), Norwood Clinic (228,000 people affected), and Broward Health (228,000 people affected) are among the organizations on the list (1.3 million). 

Last week, the Health Department issued an advisory to healthcare groups, warning companies about the impact of a major cybercrime attack by the Lapsus$ cybercrime group. In recent months, the hackers have targeted Samsung, NVIDIA, Vodafone, Ubisoft, Globant, Microsoft, and Okta, among others. The organization takes information, often source code, and threatens to release it unless they are paid.

LAPSUS$ steals confidential information from organizations which have been hacked, then threatens to disclose or publish the information if the requested amount is not paid. The LAPSUS$ extortion ring, on the other hand, has abandoned the typical ransomware strategies of file encryption and computer lockout. 

According to the notice, the Health Department is aware of healthcare institutions which have been hacked as a result of the Okta attack; Okta has verified that more than 300 of its clients have been affected by the breach. In the light of the incident, Police in the United Kingdom have identified and charged several accused members of the Lapsus$ gang.

Another T-Mobile Cyberattack Allegedly Exposed User Information and SIM Cards


T-Mobile has been subjected to yet another cyberattack following a big data breach in August. According to documents revealed by The T-Mo Report, attackers gained access to "a small number of" users' accounts this time. The damage appears to be far less serious this time. It appears that just a small percentage of consumers are affected. There is no further information regarding what transpired, with the records just stating that some information was leaked. 

Customers who have been affected fall into one of three categories. First, a client may have only been impacted by a CPNI leak. This information could include the billing account name, phone numbers, the number of lines on the account, account numbers, and rate plan information. That's not ideal, but it's far less damaging than the August incident, which exposed client social security numbers. 

The second category into which an impacted consumer may fall is having their SIM swapped. In order to get control of a phone number, a malicious actor will alter the physical SIM card linked with it. This can and frequently does result in the victim's other online accounts being accessed through two-factor authentication codes supplied to their phone number. According to the document, consumers who were affected by a SIM swap have now had that action reversed. The final category consists of both of the previous two. Customers who were affected may have had their private CPNI accessed as well as their SIM card swapped. 

When it comes to account security, T-Mobile does not have the finest track record. As previously stated, a huge data breach occurred earlier this year in August, exposing information on roughly 50 million users across both post-paid and prepaid accounts. The stolen files contained crucial personal information such as first and last names, dates of birth, Social Security numbers, and driver's licence / ID numbers - the kind of information you could use to open a new account or hijack an existing one. It did not appear to include "phone numbers, account numbers, PINs, or passwords." 

Affected customers, who appear to be few in number, have received letters warning them of the unlawful activity on their accounts. Memos have also been placed on those impacted accounts so that reps may see them when they log in.

"We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed. Unauthorized SIM swaps are unfortunately a common industry-wide occurrence, however, this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf," a T-Mobile spokesperson said.

Cyber-Attack on Dotty’s Exposed Personal Data of Customers


Customers' personal data was revealed as a result of a cyber-attack on Dotty's, a fast food and gaming franchise in the United States, according to the company. Dotty's has around 300,000 players in its database and runs 120 gambling locations in Nevada. Nevada Restaurant Services (NRS) owns and operates Dotty's, a fast-food franchise with 175 locations that offers gaming services. On January 16, 2021, malware was detected on "some computer systems." 

The investigation found that “an unauthorized person accessed certain systems” on the NRS network, according to the firm. Furthermore, the company admitted that an unauthorized person copied data from those systems on or before January 16 of this year. The NRS discovered that certain users' data may have been impacted after further examination and analysis. 

NRS examined the impacted data thoroughly to establish what sorts of information were implicated and to whom it was linked. Individuals' names, dates of birth, Social Security numbers, driver's license numbers or state ID numbers, passport numbers, financial account and/or routing numbers, health insurance information, treatment information, biometric data, medical records, and taxpayer identification numbers are just some of the data elements that could be involved. 

NRS sent notice letters to those who had proper mailing addresses and had been recognized as possibly affected. Users have told Vital Vegas that they received a letter from Dotty's regarding the breach, but that they just learned about it lately — months after the alleged assault. 

NRS has put in place security measures to secure its systems and the information it holds, and it has worked to improve its environment's technical protections. Following the event, NRS took urgent steps to protect its systems and undertake a thorough investigation into the issue's entire nature and scope. In addition, the firm provided free access to its “credit monitoring and identity theft restoration services, through IDX.” 

According to NRS, this will give an additional layer of protection for consumers who want to utilize it. With that in mind, the NRS emphasized that customers who wish to engage must do it themselves since the business is unable to do so on their behalf. Finally, the NRS expressed regret for any inconvenience or worry that the data breach event may have caused.

38 Million Records Exposed Due to Microsoft Misconfiguration


According to experts, some 38 million records from over a thousand web apps that use Microsoft's Power Apps portals platform were left accessible online. Data from COVID-19 contact tracing operations, vaccine registrations, and employee databases, including home addresses, phone numbers, social security numbers, and vaccination status, is believed to have been included in the records. 

Major corporations and organizations were impacted by the incident, including American Airlines, Ford, J.B. Hunt, the Maryland Department of Health, the New York City Municipal Transportation Authority, and New York City public schools. While the data breaches have already been fixed, they demonstrate how a single incorrect configuration setting in a widely used platform can have far-reaching repercussions.  

Customers can use the Power Apps services to easily create their own web and mobile apps. It provides developers with application programming interfaces (APIs) to use with the data they collect. Upguard discovered, however, that accessing those APIs makes data received through Power Apps Portals public by default, necessitating manual reconfiguration to keep the information private. 

In May, researchers from the security firm Upguard began investigating the problem. They discovered that data from several Power Apps portals, which was intended to be secret, was accessible to anyone who knew where to look. According to Upguard, on June 24th, it provided a vulnerability report to the Microsoft Security Resource Center, which included links to Power Apps portal accounts with sensitive data exposed and methods to discover APIs that allowed anonymous data access. 

“The number of accounts exposing sensitive information, however, indicates that the risk of this feature– the likelihood and impact of its misconfiguration– has not been adequately appreciated,” the researchers wrote in the report. “Multiple governmental bodies reported performing security reviews of their apps without identifying this issue, presumably because it has never been adequately publicized as a data security concern before.” 

 On Monday, a Microsoft representative defended the product's security, noting that the firm worked directly with affected users to ensure that their data remained private and that consumers were notified if their data was made publicly available. “Our products provide customers flexibility and privacy features to design scalable solutions that meet a wide variety of needs," a Microsoft spokesperson said in a statement.

Latest Research Reports Prices of Your Documents on the Dark Web

Atlas VPN did a new study based on Flash Intelligence Research findings from 2017-2019. The research has revealed the costs of essential goods and services on the dark web. For instance, the Social Security Numbers, which are now out of date and insecure as they are no longer in use, especially after the 2018 Equifax Hack, they are still widely used as a primary proof of identification confirmation. Hackers tend to attack websites that can generate millions of SSNs at once so that all the data is vulnerable to hackers.

Therefore, with millions of SSNs in the open, they are sold up to $4 on the dark web. According to Flashpoint, the following services are available on the dark web along with the SSNs.

These services are divided into four types:

  •  Hacker Services
  •  Forged Documents 
  • Personal Identifiable Information (PII) 
  • Stolen Financial Information 

The PII (personally identifiable information) package, in addition to the SSN for $4, has the victim's Name, Passport No, Driver's License Details, and email id. However, access to Stolen Financial Information costs much more than SSN. According to Atlas VPN, credit cards up to $5k balance costs $10, whereas discredited bank accounts with savings more than $10000 cost $25.

Note: The price also depends on the victim's savings. If the savings go higher, the cost to obtain the details also goes higher. It is because of victims with high credit score accounts are less risky to attack as their banks won't notice it and won't cut it off.

Forged documents top the list in the prices. Physical passports are sold for $3k-$5k on the dark web. According to other reports, a 1-hour DDoS (Distributed Denial of Service allows the servers to shut down or stop working )attack on any bank or government website costs around $165.

How to prevent yourself? 

It is a bit difficult to prevent such attacks, but the users can always follow some rules to secure their account information. These are:

  •  Secure your devices with a password; a pin would be better.
  •  Avoid using public wifis while browsing or downloading apps. 
  • Use 2 step verification