Class Action Lawsuits Filed against UnitedHealth data breach, Acer Data Breached. Equilend and Stanford suffers ransomware attack, Play Ransomware leaks Swiss Documents, Donex ransomware on the rise
6 Class Action Lawsuits Filed Against UnitedHealth Data Breach, More to Follow
UnitedHealth faces six class action lawsuits over a breach at its subsidiary Change Healthcare. Hackers accessed personal data of millions after infiltrating Change Healthcare in February. Lawsuits allege the insurer failed to protect medical details, Social Security numbers, and banking info compromised in the attack. Stolen information from the breach is said to be for sale online too. The lawsuits were filed in both Tennessee, where Change Healthcare is based, and Minnesota, UnitedHealth’s home. Read more
Health Dept Office of Civil Rights Starts Probe into UnitedHealth Hack
The US Health Department has launched a HIPAA probe into UnitedHealth’s Optum hack from February. The investigation will look at whether patient medical records were taken when hackers hit Optum’s Change Healthcare payment network, which handles insurers, providers and pharmacies. The BlackCat ransomware group stole an alleged 6TB of data before dissolving yet still controls the stolen information. Read more
Roku Data Breached: 15,000 Roku Accounts Sold for Only 50¢ Each on Dark Web
Roku accounts were breached when 15,000 logins from past data dumps were used to access streaming profiles. Hackers then adjusted account settings to block owners and illegally charged stored payments. Roku secured compromised profiles, refunded costs and suggested password resets. Meanwhile hackers had sold stolen logins for just 50 cents each. Read more
Acer Data Breached: Acer Philippines Employee Data Leaked on a Hacking Forum
Acer Philippines confirmed a data breach exposing employee records handled by an external vendor. A hacker stole and posted the database on a forum, clarifying the motive was data theft without ransomware. While no customer information was involved, officials notified authorities and are investigating the full scope. Acer assured the public their own systems remained protected and only limited staff details were compromised from the third party incident. Read more
Stanford Ransomware Attack: Data of 27,000 People Stolen Allegedly by Akira Ransomware
Stanford reported a ransomware attack on its Department of Public Safety network compromising records of 27,000 people. The hackers only accessed that system and no others. Though Stanford did not blame any group, Akira ransomware claimed stealing 430GB of data from the university. It’s investigating this incident and securing its cyber defenses after personal details including IDs, payments and health info may have been at risk. Read more
Hackers Abuse WordPress Plugin Flaw (CVE-2023-6000) to Infect 3,300 Websites
Hackers are targeting a cross-site scripting vulnerability (CVE-2023-6000) in outdated Popup Builder WordPress plugins to infect over 3,300 sites. Malicious code exploits plugin event handlers to redirect users or fetch external payloads. Recent injections set redirect URLs and inserted header code from bad domains. Sites should update plugins, block related sites, and remove injections to prevent redirects and further attacks. The vulnerability remains an issue as around 80,000 plugins are still vulnerable. Read more
Equilend Data Stolen in a Ransomware Attack, Equiland Warns Employees
Equilend suffered an employee data breach when hit by LockBit ransomware in January. It quickly shut down systems and later warned staffers that names, DOBs and SSNs had been compromised, though no identity theft was found. While Equilend did not blame LockBit directly, the group itself took the credit. Equilend services were restored with no client data access found. Affected employees were offered free identity protection. Read more
New DoNex Ransomware Targets Enterprises in the Wild
A new ransomware threat called DoNex is actively targeting companies in the US and Europe. It uses double extortion by encrypting files with victim IDs and stealing sensitive data as leverage for payment. Impacted firms find ransom notes referring victims to the secure Tox messenger for negotiations. Broadcom first observed DoNex in March but attack methods are still unknown. Read more
Microsoft Says Russian Hackers “Midnight Blizzard” AKA ‘Nobelium’ Stole Source Code in Cyberespionage
Microsoft disclosed a cyberattack by Russian group Midnight Blizzard/Nobelium, responsible for SolarWinds. Attackers targeted executive emails, stole source code and data after exploiting a test account without two-factor authentication using password spraying. Microsoft found the group aims to compromise customers by abusing secrets stolen from the company and is advising impacted clients as the investigation continues. Read more
Magnet Goblin Hackers Exploit 1-day Vulnerabilities to Deploy NerbianRAT Linux Malware
The hacking group Magnet Goblin rapidly exploits disclosed vulnerabilities within an hour to breach servers and install Linux malware. They target flaws in Ivanti, ActiveMQ and others allowing deployment of NerbianRAT and MiniNerbian to collect data, receive commands and enable remote access. Check Point has warned of the risks of abusing short windows before patches and challenges in tracing fast attacks. Read more
Play Ransomware Leaked 65,000 Stolen Swiss Government Documents
The Play ransomware leaked over 65,000 Swiss government documents following an attack on technology provider Xplain. Most files belonged to the Federal Department of Justice and Police, including personal data, IT systems and passwords. A smaller number were from the Federal Department of Defence. The Swiss government is investigating and will publish findings, with preliminary analysis revealing the significant scale and sensitivity of the leaked information. Read more