Weekly Cybersecurity Recap February 9
Table of Contents
- By Steven
- Published: Feb 12, 2024
- Last Updated: Feb 13, 2024
This week, around 643k data records were announced as lost in the cyber wars. Early on, the public learned of HopSkipDrive’s event, which impacted 155k student guardians. The most significant breach of this week, with an impact figure of over 307k, also occurred early in the week; the Des Moines Orthopaedic Surgeon clinic claimed the incident was due to a vendor’s failure. Global communications conglomerate Verizon was featured this week after an unauthorized employee accessed over 63k employee credential profiles. A retirement and life insurance provider—Infosys McCamish Systems—announced a breach late in the week; threat actors disrupted their applications and then stole the information of over 57k members. Finally, the week ended with a breach announcement from West Virginia’s Bay Heritage Credit Union. Their incident may impact more than 61k of their borrowers. Read a synopsis of each event below.
HopSkipDrive
An education transportation and ride-share service, HSD, is a necessary solution for students and their guardians. HSD announced that threat actors emailed them after the unauthorized agents stole data files from a third-party network application. The information compromised in this event includes victims’ names, addresses, emails, driver’s license numbers, and government-issued IDs. Those with data impacted by this event can mitigate potential damages by acting to secure their accounts and protect their credentials.
Des Moines Orthopaedic Surgeons
In Iowa, DMOS announced a data breach made possible by a “vendor failure.” Additional details about the attack are unavailable, although many impacted data elements exist. The data compromised in this event include victims’ names, Social Security Numbers (SSNs), dates of birth, driver’s licenses, passport numbers, bank information, medical data, and health insurance credentials. The 307k patients victimized by this event must consider securing their accounts and taking steps to protect their data immediately.
Verizon Communications
Although not a traditional breach (external attack), Verizon announced a data event this week. It is unclear if the exposure was intentional, as the “criminal” in this incident was a Verizon employee with unauthorized access to the data. The information compromised in the incident belongs to other employees; it includes personal identifiers, SSNs, national identities, gender data, union details, and compensation information. It is unclear if the unauthorized employee has given the data to cybercriminals; however, victims should act to protect themselves before that happens.
Infosys McCamish Systems
A retirement and life insurance provider, IMS announced about a breach at the end of October 2023. They were alerted to the attack after some of their applications began experiencing disruptions. The threat actors may have removed data from IMS systems, as officials cannot describe the compromised data elements entirely. Their list of impacted data elements includes member names, residential addresses, business emails, birthdays, SSNs, and “other account information.” Despite considerable unknowns in this event, potential victims should consider safeguarding their data immediately.
Bayer Heritage Federal Credit Union
The final breach of this week came out of West Virginia, where the Bayer credit union reported an incident that occurred at the end of October 2023. Their incident has signs that indicate they were the victim of a ransomware assault, but public resources about the event are tight-lipped about the determining details. This event may have exposed the names and SSNs of 61k borrowers and associates of Bayer. Consequently, victims must consider account and identity security options, especially if the information has made its way into the hands of extortionists.
