September has been marked by a series of significant data breaches affecting various organizations across different sectors. From financial institutions to security providers, these breaches have exposed sensitive information, highlighting the growing threat to cybersecurity and online privacy.

MoneyGram

In September 2024, MoneyGram, one of the world’s largest money transfer companies, experienced a significant cybersecurity breach that resulted in a widespread outage lasting several days. Initially described as a “cybersecurity issue” affecting its network, the company proactively took systems offline to mitigate potential threats while investigating the incident. This action, however, disrupted operations globally, with customers unable to make payments or access services both online and in-person. Despite working with external cybersecurity experts and law enforcement, MoneyGram had not provided specific details regarding the nature of the attack.

Later, MoneyGram confirmed that hackers had accessed and stolen customer information, including sensitive data such as names, contact details, and in some cases, SocineyGral Security numbers and government-issued identification. Transaction data, including the dates and amounts of transfers, was also compromised. While MoneyGram did not disclose the total number of affected customers, the breach was reported to regulatory bodies, including the U.K.’s data protection authorities. The company’s investigation is still in its early stages, and it had not provided a timeline for full system restoration.

Comcast

Telecommunications giant Comcast notified 238,000 individuals that their personal information had been compromised in a ransomware attack at Financial Business and Consumer Solutions (FBCS), a debt collection agency. Although the breach was initially disclosed in April 2024, the incident began in February when attackers infiltrated FBCS’s systems. The breach allowed cybercriminals to access sensitive personal data for over 4.25 million individuals, affecting multiple organizations that had previously worked with FBCS. Comcast, which ended its partnership with FBCS in 2020, discovered in July that its customers’ data, dating from around 2021, had been compromised during the attack.

The stolen information included names, addresses, dates of birth, Social Security numbers, and Comcast account details. Although FBCS’s financial situation has prevented them from offering affected customers direct support, Comcast stepped in to provide one year of credit monitoring and identity protection services to those impacted.

Dell

Dell faced claims of two data breaches in less than a week, with hackers alleging that they exposed sensitive internal files through compromised Atlassian tools. The hackers, operating under the aliases “grep” and “Chucky,” claimed responsibility for both breaches, stating that they had accessed internal systems using widely employed development and collaboration tools, such as Jira, Jenkins, and Confluence. The leaked data reportedly included 3.5 GB of uncompressed files related to system configurations, database schemas, and user credentials, all potentially vital to Dell’s internal infrastructure. This follows an earlier breach on September 19, which affected sensitive information about 10,863 Dell employees.

Dell had already initiated an investigation into the first breach, but as of the latest reports, the company has not officially commented on the second breach claims. If verified, the leaked information could expose Dell to further attacks, given the detailed system data involved. The hackers’ ability to compromise multiple tools across Dell’s Atlassian software suite signals deeper vulnerabilities within the company’s development environment.

ADT

ADT, a leading provider of home security solutions, revealed that unauthorized access to its network had resulted in data theft. The company notified the SEC of the incident, explaining that hackers gained entry to its systems by exploiting compromised credentials obtained from a business partner. Although the investigation indicated that encrypted internal data associated with employee user accounts had been exfiltrated, ADT stated that it does not believe that customers’ personal information was accessed or that their security systems were compromised.

This breach follows an earlier incident in August, where ADT confirmed that hackers had stolen customer information, impacting over 30,000 records. Although both breaches involved unauthorized access, ADT clarified that they are not related. The company noted that its containment measures had led to disruptions in its information systems, and the investigation into the latest breach is still ongoing. At this point, no specific ransomware group has claimed responsibility for the attack.

Confidant Health

Confidant Health, an AI-powered healthcare firm, leaked approximately 5.3TB of sensitive mental health records, raising significant privacy concerns for patients. The non-password-protected server contained over 126,276 files and 1.7 million logging records that revealed:

• Personal Identifying Information (PII): Names, addresses, contact information, driver’s license numbers, and insurance details.
• Mental health evaluations: Comprehensive assessments of patients’ mental health statuses, family backgrounds, and experiences of trauma.
• Medical records: Records of prescribed medications, diagnostic test results, health insurance information, treatment documentation, letters detailing prescribed medications.
• Audio and video content: Including recordings of therapy sessions along with text transcripts.

This data breach affects patients receiving mental health and addiction treatment services across multiple states, including Connecticut, Florida, New Hampshire, Texas, and Virginia. Confidant Health has acknowledged the data leak and restricted access to the compromised server, but it remains unclear whether the database was managed internally or by a third party. The duration of the exposure and the extent of potential unauthorized access are still unknown.

Protecting Your Identity and Personal Info

Trend Micro is here to have your back in 2024. We would encourage readers to head over to our new ID Protection portal, which has been designed to meet the security and privacy threats we now all face. With ID Protection, you can:

• Safeguard your social media accounts against hackers
• Receive alerts if your personal info gets leaked
• Protect against online threats, such as phishing scams
• Stop sites from collecting privacy-compromising data
• Create, store, and manage strong, tough-to-hack passwords.

What’s even better is that you can enjoy a 7-day free trial of ID Protection‘s paid version, so that you can take advantage of all its awesome features and start securing your identity and privacy today! Why not give it a go today?