Latest security breaches
In a significant data breach at the Centers for Medicare & Medicaid Services (CMS), health and personal information of more than three million health plan beneficiaries was exposed. The breach stemmed from an attack on Wisconsin Physicians Service (WPS) through the MOVEit Transfer vulnerability. Exposed data includes personal details like names, Social Security numbers, and Medicare information. CMS is offering credit monitoring services to affected individuals.
Fortinet suffered a data breach resulting in the theft of 440GB of files from its Microsoft SharePoint server, compromising limited customer data. The threat actor, "Fortibitch," attempted to extort Fortinet for ransom, but the company refused to pay, leading to the data leak.
Russian anti-malware company Dr.Web experienced a cyberattack over the weekend, prompting a temporary halt in virus database updates and a disconnection of its servers.
Despite the security breach, Dr.Web confirmed that none of its customers were impacted and it has since resumed virus database updates after implementing measures to isolate and eliminate the threat.
The city of Arkansas City, Kansas, experienced a cybersecurity incident at its Water Treatment Facility, prompting a switch to manual operations to ensure water safety and service continuity. Despite the incident, efforts are underway to resolve the issue and safeguard the water supply for Arkansas City residents.
In another significant data breach, The Star Health data leak includes highly sensitive information such as policy documents, claims forms, personal identification numbers, tax details, medical reports, and more. The threat actor, operating under the pseudonym “xenZen,” has been distributing free samples through chatbots on Telegram.
MoneyGram International has experienced a cybersecurity incident, leading to disruptions in its operations. The company is collaborating with cybersecurity experts and law enforcement to address the attack's impact. The frequency and severity of cyberattacks on the financial sector have increased, with potential direct and indirect financial losses emphasizing the critical need for effective cybersecurity management.
Huntress construction firm was breached by hackers who used brute-force attacks on accounting software, particularly targeting exposed Microsoft SQL servers. These attacks allowed cybercriminals to exploit weak credentials, gaining access to privileged accounts and executing system commands. The breaches impacted various construction companies, including plumbing and HVAC firms.
In another data breach, Transport for London (TfL) has confirmed that customer data, including names, contact details, and bank account information for some customers, has been compromised in a cyberattack. Despite minimal impact on customers so far, TfL is still facing system outages and disruptions, with certain services temporarily suspended or unavailable.