Security News
Medibank, Australia's largest private health provider, has confirmed that last week's "Cyber incident" has resulted in a data breach. Medibank Group took action: they engaged cyber security firms and began "Isolating and removing access to some customer-facing systems to reduce the likelihood of damage to systems or data loss."
Advocate Aurora Health, a 26-hospital healthcare system in Wisconsin and Illinois, is notifying its patients of a data breach that exposed the personal data of 3,000,000 patients. The incident was caused by the improper use of Meta Pixel on AAH's websites, where patients log in and enter sensitive personal and medical information.
The data snafu dates back to 2020, and, according to EyeMed, it's likely the result of one of its people falling for a phish. The investigation later revealed that the intrusion ran from around June 24 to July 1, 2020, during which time miscreants read and stole emails and attachments containing consumers' non-public health information, including data concerning minors, that date back six years prior to the cyberattack.
Microsoft said today that some of its customers' sensitive information was exposed by a misconfigured Microsoft server accessible over the Internet. "This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services," the company revealed.
Popular international fine wine online retailer iDealwine has suffered a data breach during the past weekend, and has yet to reveal the number of customers affected. Its e-shop is still offline,...
Recent research from Thales has found that malware, ransomware, and phishing continue to plague global organizations. 21% have experienced a ransomware attack in the last year, with 43% of those experiencing a significant impact on operations.
Woolworths' MyDeal subsidiary has disclosed a data breach affecting 2.2 million customers, with the hacker trying to sell the stolen data on a hacker forum. Last Friday, MyDeal stated that it suffered a breach after a hacker used compromised user credentials to access the company's Customer Relationship Management system, allowing the threat actor to view and export customer information.
Chinese company Zoetop, former owner of the wildly popular SHEIN and ROMWE "Fast fashion" brands, has been fined $1,900,000 by the State of New York. Frankly, we're surprised that Zoetop got off so lightly, considering the size, wealth and brand power of the company, its apparent lack of even basic precautions that could have prevented or reduced the danger posed by the breach, and its ongoing dishonesty in handling the breach after it became known.
In April 2022, Omnicell reported a data breach affecting nearly 62,000 patients. Will you be the next victim like Omnicell? If you are overlooking the importance of data protection, attackers can get you in no time.
Australian carrier Optus's recent data breach will be investigated by two regulators, the double trouble likely an indicator of the nation's displeasure at the incident - which saw almost ten million locals' personal data exposed online. One of the probes will be conducted by the Australian Communications and Media Authority, which will ponder "Obligations relating to the acquisition, authentication, retention, disposal and protection of personal information, and requirements to provide fraud mitigation protections." The Authority's chair, Nerida O'Loughlin, said "A key focus for the ACMA will be Optus's compliance with these obligations."