August has been marked by a series of significant data breaches affecting various organizations across different sectors. From technology giants to educational institutions, these breaches have each exposed sensitive information, highlighting the growing threat to cybersecurity and online privacy.

Tencent

A massive data leak exposed 1.4 billion user accounts from Tencent, a leading Chinese technology company. The breach, carried out by a hacker known as “Fenice”, involved sensitive information, including emails, phone numbers, and QQ IDs. The leaked data, shared in a 500GB file, was linked to what has been termed the “Mother of All Breaches” (MOAB). This incident has raised serious concerns about the security of user information handled by major technology companies, emphasizing the need for enhanced data protection measures.

Oregon Zoo

The Oregon Zoo experienced a data breach that impacted nearly 118,000 individuals. The breach compromised payment card information processed through the zoo’s online ticketing service. The stolen data included names, card numbers, CVVs, and expiration dates, affecting transactions from December 20^th, 2023, to June 26^th, 2024. The breach is believed to have resulted from a web skimmer attack, a type of malware that infiltrates websites to steal payment information. Although the zoo has taken steps to secure its systems and notified affected individuals, the incident highlights the persistent threat of digital skimming attacks.

Kootenai Health

Idaho-based healthcare provider Kootenai Health disclosed a data breach that compromised the personal and health information of over 460,000 individuals. The breach, discovered on March 2^nd, 2024, involved attackers accessing the network for over a week, beginning on February 22^nd. Sensitive data, including Social Security numbers, medical records, and health insurance information, was exfiltrated. The “3AM” ransomware gang claimed responsibility for the attack, further complicating the situation. Despite the breach, Kootenai Health continued to operate without interruption, and those affected were offered credit monitoring and identity protection services.

Toyota

Toyota confirmed a limited data compromise affecting its US branch, following the exposure of 240 GB of data by the threat actor, ZeroSevenGroup. The breach involved the exfiltration of sensitive information, including customer and employee data, financial records, and network infrastructure details. The attack, which occurred in December 2022, adds to Toyota’s recent cybersecurity challenges, including previous data leaks and ransomware attacks. The incident illustrates the need for robust cybersecurity measures to protect against sophisticated attacks.

East Valley Institute of Technology (EVIT)

The East Valley Institute of Technology (EVIT) suffered a data breach that compromised the personal and health information of over 200,000 individuals. The breach, which occurred on January 9^th, 2024, involved unauthorized access to EVIT’s network, exposing a wide range of sensitive data, including Social Security numbers, medical information, and biometric data. The LockBit ransomware group claimed responsibility for the attack, though it remains unclear if any data was publicly released. EVIT has since taken corrective actions to secure its systems and is offering identity protection services to those affected.

SOCRadar

SOCRadar, a prominent threat intelligence platform, was involved in a security incident where 332 million email addresses were scraped and later leaked online. The incident, which occurred in July 2024, involved a hacker known as USDoD, who initially sold the data before it was made publicly available by another threat actor, Dominatrix. Although the leak did not include passwords or other personal information, the exposure of such a large dataset raises the risk of phishing attacks, spam campaigns, and brute force attempts on online accounts.

Netflix

Localization company Iyuno, a production partner of Netflix, suffered a serious security breach that led to the leak of unreleased episodes of popular shows online. The breach, confirmed on August 9^th, involved unauthorized access to confidential content, including low-resolution footage with visible watermarks. Shows affected by the leak include Arcane, Heartstopper, and the highly anticipated Season 5 of Stranger Things. Iyuno is actively investigating the breach, which has sparked mixed reactions from fans, some eager to view the leaked content and others calling for a boycott.

Safeguard Your Identity

Trend Micro is here to have your back in 2024. We would encourage readers to head over to our new ID Protection portal, which has been designed to meet the security and privacy threats we now all face. With ID Protection, you can:

• Safeguard your social media accounts against hackers
• Receive alerts if your personal info gets leaked
• Protect against online threats, such as phishing scams
• Stop sites from collecting privacy-compromising data
• Create, store, and manage strong, tough-to-hack passwords.

What’s even better is that you can enjoy a 7-day free trial of ID Protection ‘s paid version, so that you can take advantage of all its awesome features and start securing your identity and privacy today! Why not give it a go today?