Security News

Pôle emploi, France's governmental unemployment registration and financial aid agency, is informing of a data breach that exposed data belonging to 10 million individuals. Although the agency does not specify the number of impacted individuals, Le Parisien reports an estimate of 10 million people to be impacted.

Multiple reports on social media warn of a data breach at financial and risk advisory company Kroll that resulted in exposing to an unauthorized third-party the personal data of some credit claimants. Kroll is facilitating claims for insolvent companies FTX, BlockFi, and Genesis Global Holdco.

Starting on Monday, Discord has been reaching out to users affected by a data breach disclosed earlier this year to let them know what Personal Identifying Information was exposed in the incident. The breach stemmed from a security breach at a third-party service provider detected on March 29, involving the compromise of an account belonging to a customer support agent.

Missouri's Department of Social Services warns that protected Medicaid healthcare information was exposed in a data breach after IBM suffered a MOVEit data theft attack. Yesterday, the Missouri Department of Social Services disclosed a data breach that exposed health information related to Medicaid services in the state.

The UK Electoral Commission disclosed a massive data breach exposing the personal information of anyone who registered to vote in the United Kingdom between 2014 and 2022. The disclosure comes ten months after the Commission first detected the breach and two years after the initial breach occurred, raising questions about why it took so long to report the incident to the public.

The Colorado Department of Higher Education discloses a massive data breach impacting students, past students, and teachers after suffering a ransomware attack in June. "On June 19, 2023, CDHE became aware it was the victim of a cybersecurity ransomware incident that impacted its network systems," explains the data breach notification.

Serco Inc, the Americas division of multinational outsourcing company Serco Group, has disclosed a data breach after attackers stole the personal information of over 10,000 individuals from a third-party vendor's MoveIT managed file transfer server. "On June 30, 2023, Serco was made aware that our third-party benefits administration provider, CBIZ, experienced a ransomware attack and data breach," the company explained.

While consumers are usually the ones worried about their information being exposed in data breaches, it's now the hacker's turn, as the notorious Breached cybercrime forum's database is up for sale and member data shared with Have I Been Pwned. Yesterday, the Have I Been Pwned data breach notification service announced that visitors can check if their information was exposed in a data breach of the Breached cybercrime forum.

U.S. government services contractor Maximus has disclosed a data breach warning that hackers stole the personal data of 8 to 11 million people during the recent MOVEit Transfer data-theft attacks.The Clop ransomware gang added Maximus to its dark web data leak site yesterday as part of a big batch of 70 new victims, all having been breached using the MOVEit zero-day flaw.

IBM released its annual Cost of a Data Breach Report, showing the global average cost of a data breach reached $4.45 million in 2023 - an all-time high for the report and a 15% increase over the last 3 years. Data breaches disclosed by the attacker cost nearly $1 million more on average compared to studied organizations that identified the breach themselves.