This week, threat actors targeted the vital aspects of many companies characterized by their robust cybersecurity. 23andMe got hit early on, suffering demographic and relationship exposures that may target Ashkenazi Jews and Chinese descendants. The D.C. Board of Elections was also targeted, potentially exposing the voter information of 600,000+ individuals. Flagstar Bank and Air Europa also suffered, leaking the payment information of their trusting consumers. Florida’s First District Court circuit also fell, bringing the courts to a standstill. Learn more about these breaches below, and take immediate precautions if you suspect hackers obtained your information.

23andMe

At the beginning of October, an internet user published a marketplace post claiming access to possibly two million consumer records; the records comprised profile details and relations, most involving the profiles of Ashkenazi Jews and some Chinese descendants. 23andMe has not confirmed that the supposed records were factual. If you receive a breach notification from 23andMe, avoid answering prying questions from strangers and set up identity monitoring services. 

D.C. Board of Elections

Entrusted with distributing and maintaining D.C.’s voter choices, the Board of Elections suffered a data leak. The leak came from a third-party server, which may have been possible following an injection or security vulnerability. The stolen information could include a voter’s name, various ID numbers, dates of birth, contact details, and SSNs. Much of the data was publicly available online; however, those involved in this breach should still consider identity and financial monitoring services to mitigate damages. 

Flagstar Bank

Flagstar Bank reported 830,000+ financial records stolen in the third data breach in two years. The records likely included the full names and SSNs of their clients. The attack may have also exposed th e contact and demographic information of the victims. Hackers made this possible thanks to the MOVEit data breach, which inadvertently exposed Fiserv’s application details. Fiserv maintains Flagstar’s online banking and mobile payment application; subsequently, consumers who use these services may have had their data stolen in the breach. 

Florida First District Courts

There was also an assault on Florida’s First District Courts earlier this month. The attack halted court activities immediately. The scope of the attack is unknown, but it could impact employees or residents of the area. Investigations will likely see more details in their conclusion. The ransomware gang BlackCat also claimed the attack, though the courts have not confirmed this. The threat actors purportedly obtained information ranging from employee SSNs to vital network maps. The cost of this attack is unclear, yet those who believe their information is exposed should take steps to protect themselves. 

Air Europa

Spain’s Air Europa also suffered a data breach involving consumer payment information. Threat actors breached their payment application and stole the payment details of credit and debit cards recently submitted. The thieves obtained entire card numbers, the expiration dates of those cards, and their three-digit security codes. Air Europa sent emails to those impacted; however, more notifications may occur. Those notified should cancel their cards and hire financial and fraud monitoring services.