This Week in Cybersecurity – April 15th to April 19th: Giant Tiger Data Breached

Written by Gabby Lee

May 2, 2024

This Week in Cybersecurity – April 15th to April 19th: Giant Tiger Data Breached

Giant Tiger Data Breached, RansomHub Ransomware Leaks Change Healthcare data, Cerebral Settles Facebook Pixel Data Case at $7 Million

Giant Tiger Data Breached, 2.8M Records Leaked Online

Giant Tiger, a Canadian retail chain, experienced a data breach where approximately 2.8 million customer records were leaked online. The leaked database has been added to the HaveIBeenPwned service, allowing individuals to check if their personal information was compromised. While no payment information or passwords were exposed, customers should remain cautious of phishing attempts and consider identity monitoring services for added protection. Read more

RansomHub Ransomware Gang Leaks Stolen Change Healthcare Data

The RansomHub ransomware gang has leaked stolen data from Change Healthcare. After ceasing their activities, the BlackCat gang’s affiliate, “Notchy,” partnered with RansomHub to target Change Healthcare again. The threat actors threaten to release the data unless a resolution is reached. The leaked data includes agreements, financial documents, and sensitive patient information. Read more

Chipmaker Nexperia Data Breached, Ransomware Gang Leaks Data on Dunghill Leaks

Nexperia, a Dutch chipmaker, experienced a data breach in March 2024. A ransomware gang leaked some of the allegedly stolen data, which included microscope scans of electronic components, employee passports, and non-disclosure agreements. Nexperia has taken immediate action by shutting down its IT systems and initiating an investigation. The breach has been reported to the police and data protection authorities in the Netherlands. The ransomware gang, known as Dark Angels, has threatened to release additional data if their ransom demands are not met. The authenticity of the leaked materials has not yet been confirmed. Read more

Daixin Ransomware Claims Omni Hotels Cyberattack

The Daixin Ransomware group has claimed responsibility for a cyberattack on Omni Hotels. They are threatening to release customer information unless a ransom is paid. The attack caused a significant IT outage, affecting reservation systems and room locks. Omni Hotels confirmed the attack and shut down their systems to protect data. The Daixin Team plans to leak stolen information, including visitor records. They target the healthcare sector and use double extortion tactics. Omni Hotels operates 50 hotels across the US, Canada, and Mexico. In 2016, they experienced a data breach compromising payment card information. Read more

Ivanti Issues Security Updates to Critical Flaws in Avalanche MDM Solution

Ivanti has released security updates for 27 critical flaws in Avalanche MDM Solution. This includes two critical heap overflows that could allow remote command execution. Avalanche is a widely used mobile device management solution. The vulnerabilities, identified as CVE-2024-24996 and CVE-2024-29204, require immediate attention. Ivanti has also patched 25 medium and high-severity bugs to prevent denial-of-service attacks, arbitrary command execution, information extraction, and remote code execution. Customers should download Avalanche 6.4.3 to address these issues. Read more

UnitedHealth Reports that Change Healthcare Cyberattack Caused $872 Million Loss

UnitedHealth Group reported a $872 million loss in Q1 earnings due to a ransomware attack on Change Healthcare. The attack incurred $593 million in direct costs and $279 million in business disruptions. Despite the setback, UnitedHealth Group saw impressive revenue growth, reaching $99.8 billion. They estimate a full-year impact of $1.15 to $1.35 per share in 2024. The company is actively addressing the impact on consumers and care providers, expanding financial assistance programs to support affected providers. Read more

Cerebral Settles Suit at $7 Million in Facebook Pixel Data Leak Case

Cerebral has settled a lawsuit with the FTC by agreeing to pay $7 million in a Facebook Pixel data leak case. The FTC accused Cerebral and its former CEO of violating consumer privacy by sharing personal health information for advertising and failing to comply with cancellation policies. The settlement includes provisions such as refunds to customers, a civil penalty, a ban on sharing health data for marketing, and the implementation of a data security program. The outcome of charges against the former CEO will be determined by the court. Read more

8Base Ransomware Claims Breach on Atlantic States Marine Fisheries Commission

The Atlantic States Marine Fisheries Commission (ASMFC) is currently dealing with a cyber incident following claims made by the 8Base ransomware gang regarding a data breach. The ASMFC has reported that its email system is currently unavailable and has set up alternative communication channels. The 8Base gang has demanded a ransom within four days, claiming to have obtained sensitive information from the ASMFC, including invoices, personal data, and contracts. This incident highlights the active targeting of the agriculture industry by the 8Base ransomware group and their connections to other criminal platforms. Read more

FIN7 Attempts Phishing at American Automaker’s IT Staff

The financially motivated group FIN7 targeted an American automaker’s IT staff through a phishing attack. They used spear-phishing emails and the Anunak backdoor to gain unauthorized access. BlackBerry researchers found that the attack relied on living-off-the-land binaries and scripts. FIN7 tricked privileged individuals with malicious URLs, leading to a fake site and a Dropbox page where a harmful file was downloaded. FIN7 typically targets large organizations and deploys ransomware. Robust security measures and comprehensive employee training are crucial to defend against phishing attacks. Read more

Related Articles

Stay Up to Date With The Latest News & Updates

Join Our Newsletter


Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!