Weekly Cybersecurity Recap August 4
Table of Contents
- By Steven
- Published: Aug 04, 2023
- Last Updated: Aug 07, 2023
Each week we look at the data losses, hacker attacks, and the state of security in the United States and around the world. This week things seem to be particularly bleak. We always expect to see some breaches in major companies, but this week we learned about widespread employee credential losses in countless corporations throughout the United States and the world. We also see major federal services breached, and we have many reminders the MOVEit data breach issues are still occurring, with Michigan State University and PokerStars being added to the list of impacted organizations. Get the details below about how the breaches impacted Maximus Federal Services, PokerStars, MSU, Fairfax OMS, and several nationwide corporations.
Maximus Federal Services
Maximus Federal Services is a government contractor that helps with healthcare, student loan programs, and much more for state and federal governments. This contractor lost health and personal information for between 8 and 11 million American citizens. The data lost includes things like Social Security numbers, email addresses, healthcare data, and more. Affected individuals will receive a personalized letter explaining the situation in more detail, and they are encouraged to use identity theft protection services.
Corporation Credentials
Major corporations from all over the world are losing valuable employee credentials to cloud-based services like Chat GPT, DocuSign, Google Cloud Platform, Hubspot, and many others. The breaches are largely occurring because employees are working from home, and they don't follow the same security standards they do at the office, but some data is being lost at corporate locations as well. According to studies performed by Flare, more than 179,000 AWS credentials were recently lost, 15,500 from QuickBooks, 2,300 from Google Cloud, 64,500 from DocuSign, and many others. Details about these losses were located in Stealer Logs online, showing how so many corporations are at risk for serious data losses because of poor security practices today.
PokerStars
PokerStars is well-known for being the leader in online poker gameplay. Millions of people play at PokerStars online each year. The company allows real money poker wagering and must take verification information from its player base to legally allow them to play. Some of the gathered data was recently put at risk because of the MOVEit data breaches occurring in hundreds of separate companies. PokerStars used MOVEit file transfer services for some of its data, and attackers were able to gain access to it on May 30 and 31, 2023. Over 110,000 people lost their data to the breach. If you receive a notice from PokerStars about the breach, you have 24 months of credit monitoring protection you should use to guard your information.
Michigan State University
Notices recently went out to students at Michigan State University, warning them that their information may have been exposed in the recent National Student Clearinghouse breaches. The National Student Clearinghouse verifies student identities as a service to major colleges and universities, and hackers have recently stolen data using the MOVEit security vulnerability. The Clearinghouse relied on MOVEit to protect files, and students from dozens of separate US schools have suffered data losses because of this.
Fairfax OMS
Fairfax Oral and Maxillofacial Surgery, a Virginia-based dental surgery practice with six separate locations, was recently the victim of a data breach. The organization was broken into directly by an attacker. The breach was reported on July 14, 2023, and because of the break-in, over 208,000 patients may have lost their health information to hackers. The breach is a serious problem, and it's something that Fairfax OMS patients should protect themselves from.
