Weekly Cybersecurity Recap November 3
Table of Contents
- Published: Nov 06, 2023
- Last Updated: Nov 23, 2023
This week, hackers targeted various industries for cyberattacks, including nationally-recognized organizations. Five Guys suffered a breach involving two employee email accounts and potentially losing employee and consumer credentials. Another national organization, Deer Oaks Behavioral Health, announced a data breach resulting in more than 170,000 patient records falling at risk for misuse. Mr. Cooper, a national mortgage loan giant, has also announced a data breach, although an ongoing investigation is still uncovering details. Additionally, the network monitor LiveAction announced a breach, impacting over 500 people. At the same time, United Medical Centers, based in deep Texas, suffered a 30,000+ patient data breach. Read a synopsis of each event below.
Five Guys Enterprises
The national franchise suffered two cybersecurity incidents, each lasting a few days. The first attack happened between March 20th and 31st, 2023, while the second occurred from May 31st to June 7th. It is unclear if the attackers targeted employees or consumer data. Although, the notice indicates full names and SSNs may be at risk. According to the breach notification provided to Maine, those who may have had details taken should seek preventative measures.
United Medical Centers
Based in South Texas, United Medical Centers announced a significant data breach. The attack happened in July, and officials commenced their investigations immediately. The stolen information is reportedly patient data, including personal information, SSNs, health insurance data, and more. As many as 1,700 Texans may have had their details put at risk as a resulting consequence.
LiveAction Inc.
Between April 13th and May 22nd, Live Action--a network monitor professional--suffered a sophisticated ransomware attack; according to their Maine Attorney General notice, more than 500 individuals may have exposed their credentials. The notice lists names, birthdays, SSNs, government IDs, and medical-related information as potentially stolen. None of the notices imply LiveAction’s response to the ransomware or its demands. Out of precaution, those with relationships to LiveAction should consider cybersecurity defenses.
Deer Oaks Behavioral Health
This week’s most devastating data breach, Deer Oaks, hosts more than 1,500 locations specializing in mental and behavioral medicines. The attack purportedly involved ransomware, which accessed their systems on or around September 1st, 2023. The stolen data belongs to patients, with as many as 170,000+ individuals potentially exposed. The stolen data included SSNs, treatment information, and personal details like addresses, contact data, and birthdays. Subsequently, those with relationships to Deer Oaks must seek financial and identity monitoring services.
Mr. Cooper
On October 31st, 2023, Mr. Cooper suffered a service disruption, disabling consumers from accessing some website membership features. Mr. Cooper subsequently launched an investigation, which is still ongoing. They reported the attack as a ransomware incident but did not publicly clarify what data the actors may have taken. At this time, it is unknown if the data belongs to some of their 9,000 employees or some of their 4.1 million consumers. Until the investigation finishes, the consequences of the attack will remain uncertain—don’t wait for the notice to take defensive action.
