This Week in Cybersecurity – 11th March to 15th March: Class Action Lawsuits Filed Against UnitedHealth Data Breach

Written by Gabby Lee

March 15, 2024

This Week in Cybersecurity – 11th March to 15th March: Class Action Lawsuits Filed Against UnitedHealth Data Breach

Class Action Lawsuits Filed against UnitedHealth data breach, Acer Data Breached. Equilend and Stanford suffers ransomware attack, Play Ransomware leaks Swiss Documents, Donex ransomware on the rise

6 Class Action Lawsuits Filed Against UnitedHealth Data Breach, More to Follow

UnitedHealth faces six class action lawsuits over a breach at its subsidiary Change Healthcare. Hackers accessed personal data of millions after infiltrating Change Healthcare in February. Lawsuits allege the insurer failed to protect medical details, Social Security numbers, and banking info compromised in the attack. Stolen information from the breach is said to be for sale online too. The lawsuits were filed in both Tennessee, where Change Healthcare is based, and Minnesota, UnitedHealth’s home. Read more

Health Dept Office of Civil Rights Starts Probe into UnitedHealth Hack

The US Health Department has launched a HIPAA probe into UnitedHealth’s Optum hack from February. The investigation will look at whether patient medical records were taken when hackers hit Optum’s Change Healthcare payment network, which handles insurers, providers and pharmacies. The BlackCat ransomware group stole an alleged 6TB of data before dissolving yet still controls the stolen information. Read more

Roku Data Breached: 15,000 Roku Accounts Sold for Only 50¢ Each on Dark Web

Roku accounts were breached when 15,000 logins from past data dumps were used to access streaming profiles. Hackers then adjusted account settings to block owners and illegally charged stored payments. Roku secured compromised profiles, refunded costs and suggested password resets. Meanwhile hackers had sold stolen logins for just 50 cents each. Read more

Acer Data Breached: Acer Philippines Employee Data Leaked on a Hacking Forum

Acer Philippines confirmed a data breach exposing employee records handled by an external vendor. A hacker stole and posted the database on a forum, clarifying the motive was data theft without ransomware. While no customer information was involved, officials notified authorities and are investigating the full scope. Acer assured the public their own systems remained protected and only limited staff details were compromised from the third party incident. Read more

Stanford Ransomware Attack: Data of 27,000 People Stolen Allegedly by Akira Ransomware

Stanford reported a ransomware attack on its Department of Public Safety network compromising records of 27,000 people. The hackers only accessed that system and no others. Though Stanford did not blame any group, Akira ransomware claimed stealing 430GB of data from the university. It’s investigating this incident and securing its cyber defenses after personal details including IDs, payments and health info may have been at risk. Read more

Hackers Abuse WordPress Plugin Flaw (CVE-2023-6000) to Infect 3,300 Websites

Hackers are targeting a cross-site scripting vulnerability (CVE-2023-6000) in outdated Popup Builder WordPress plugins to infect over 3,300 sites. Malicious code exploits plugin event handlers to redirect users or fetch external payloads. Recent injections set redirect URLs and inserted header code from bad domains. Sites should update plugins, block related sites, and remove injections to prevent redirects and further attacks. The vulnerability remains an issue as around 80,000 plugins are still vulnerable. Read more

Equilend Data Stolen in a Ransomware Attack, Equiland Warns Employees

Equilend suffered an employee data breach when hit by LockBit ransomware in January. It quickly shut down systems and later warned staffers that names, DOBs and SSNs had been compromised, though no identity theft was found. While Equilend did not blame LockBit directly, the group itself took the credit. Equilend services were restored with no client data access found. Affected employees were offered free identity protection. Read more

New DoNex Ransomware Targets Enterprises in the Wild

A new ransomware threat called DoNex is actively targeting companies in the US and Europe. It uses double extortion by encrypting files with victim IDs and stealing sensitive data as leverage for payment. Impacted firms find ransom notes referring victims to the secure Tox messenger for negotiations. Broadcom first observed DoNex in March but attack methods are still unknown. Read more

Microsoft Says Russian Hackers “Midnight Blizzard” AKA ‘Nobelium’ Stole Source Code in Cyberespionage

Microsoft disclosed a cyberattack by Russian group Midnight Blizzard/Nobelium, responsible for SolarWinds. Attackers targeted executive emails, stole source code and data after exploiting a test account without two-factor authentication using password spraying. Microsoft found the group aims to compromise customers by abusing secrets stolen from the company and is advising impacted clients as the investigation continues. Read more

Magnet Goblin Hackers Exploit 1-day Vulnerabilities to Deploy NerbianRAT Linux Malware

The hacking group Magnet Goblin rapidly exploits disclosed vulnerabilities within an hour to breach servers and install Linux malware. They target flaws in Ivanti, ActiveMQ and others allowing deployment of NerbianRAT and MiniNerbian to collect data, receive commands and enable remote access. Check Point has warned of the risks of abusing short windows before patches and challenges in tracing fast attacks. Read more

Play Ransomware Leaked 65,000 Stolen Swiss Government Documents

The Play ransomware leaked over 65,000 Swiss government documents following an attack on technology provider Xplain. Most files belonged to the Federal Department of Justice and Police, including personal data, IT systems and passwords. A smaller number were from the Federal Department of Defence. The Swiss government is investigating and will publish findings, with preliminary analysis revealing the significant scale and sensitivity of the leaked information. Read more

Related Articles

Daixin Ransomware Claims Omni Hotels Cyberattack

Daixin Ransomware Claims Omni Hotels Cyberattack

The Daixin Team ransomware gang has taken responsibility for a recent cyberattack on Omni Hotels & Resorts and is currently issuing threats to publish sensitive customer information unless a ransom is paid. This development comes after the hotel chain experienced...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter

 

Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!