Giant Tiger Data Breached, RansomHub Ransomware Leaks Change Healthcare data, Cerebral Settles Facebook Pixel Data Case at $7 Million
Giant Tiger, a Canadian retail chain, experienced a data breach where approximately 2.8 million customer records were leaked online. The leaked database has been added to the HaveIBeenPwned service, allowing individuals to check if their personal information was compromised. While no payment information or passwords were exposed, customers should remain cautious of phishing attempts and consider identity monitoring services for added protection. Read more
RansomHub Ransomware Gang Leaks Stolen Change Healthcare Data
The RansomHub ransomware gang has leaked stolen data from Change Healthcare. After ceasing their activities, the BlackCat gang’s affiliate, “Notchy,” partnered with RansomHub to target Change Healthcare again. The threat actors threaten to release the data unless a resolution is reached. The leaked data includes agreements, financial documents, and sensitive patient information. Read more
Chipmaker Nexperia Data Breached, Ransomware Gang Leaks Data on Dunghill Leaks
Nexperia, a Dutch chipmaker, experienced a data breach in March 2024. A ransomware gang leaked some of the allegedly stolen data, which included microscope scans of electronic components, employee passports, and non-disclosure agreements. Nexperia has taken immediate action by shutting down its IT systems and initiating an investigation. The breach has been reported to the police and data protection authorities in the Netherlands. The ransomware gang, known as Dark Angels, has threatened to release additional data if their ransom demands are not met. The authenticity of the leaked materials has not yet been confirmed. Read more
Daixin Ransomware Claims Omni Hotels Cyberattack
The Daixin Ransomware group has claimed responsibility for a cyberattack on Omni Hotels. They are threatening to release customer information unless a ransom is paid. The attack caused a significant IT outage, affecting reservation systems and room locks. Omni Hotels confirmed the attack and shut down their systems to protect data. The Daixin Team plans to leak stolen information, including visitor records. They target the healthcare sector and use double extortion tactics. Omni Hotels operates 50 hotels across the US, Canada, and Mexico. In 2016, they experienced a data breach compromising payment card information. Read more
Ivanti Issues Security Updates to Critical Flaws in Avalanche MDM Solution
Ivanti has released security updates for 27 critical flaws in Avalanche MDM Solution. This includes two critical heap overflows that could allow remote command execution. Avalanche is a widely used mobile device management solution. The vulnerabilities, identified as CVE-2024-24996 and CVE-2024-29204, require immediate attention. Ivanti has also patched 25 medium and high-severity bugs to prevent denial-of-service attacks, arbitrary command execution, information extraction, and remote code execution. Customers should download Avalanche 6.4.3 to address these issues. Read more
UnitedHealth Reports that Change Healthcare Cyberattack Caused $872 Million Loss
UnitedHealth Group reported a $872 million loss in Q1 earnings due to a ransomware attack on Change Healthcare. The attack incurred $593 million in direct costs and $279 million in business disruptions. Despite the setback, UnitedHealth Group saw impressive revenue growth, reaching $99.8 billion. They estimate a full-year impact of $1.15 to $1.35 per share in 2024. The company is actively addressing the impact on consumers and care providers, expanding financial assistance programs to support affected providers. Read more
Cerebral Settles Suit at $7 Million in Facebook Pixel Data Leak Case
Cerebral has settled a lawsuit with the FTC by agreeing to pay $7 million in a Facebook Pixel data leak case. The FTC accused Cerebral and its former CEO of violating consumer privacy by sharing personal health information for advertising and failing to comply with cancellation policies. The settlement includes provisions such as refunds to customers, a civil penalty, a ban on sharing health data for marketing, and the implementation of a data security program. The outcome of charges against the former CEO will be determined by the court. Read more
8Base Ransomware Claims Breach on Atlantic States Marine Fisheries Commission
The Atlantic States Marine Fisheries Commission (ASMFC) is currently dealing with a cyber incident following claims made by the 8Base ransomware gang regarding a data breach. The ASMFC has reported that its email system is currently unavailable and has set up alternative communication channels. The 8Base gang has demanded a ransom within four days, claiming to have obtained sensitive information from the ASMFC, including invoices, personal data, and contracts. This incident highlights the active targeting of the agriculture industry by the 8Base ransomware group and their connections to other criminal platforms. Read more
FIN7 Attempts Phishing at American Automaker’s IT Staff
The financially motivated group FIN7 targeted an American automaker’s IT staff through a phishing attack. They used spear-phishing emails and the Anunak backdoor to gain unauthorized access. BlackBerry researchers found that the attack relied on living-off-the-land binaries and scripts. FIN7 tricked privileged individuals with malicious URLs, leading to a fake site and a Dropbox page where a harmful file was downloaded. FIN7 typically targets large organizations and deploys ransomware. Robust security measures and comprehensive employee training are crucial to defend against phishing attacks. Read more
