October saw multiple data breaches impacting organizations across diverse sectors. From NPOs to healthcare and insurance companies, these incidents exposed sensitive data and highlighted the growing risks to cybersecurity and online privacy. Read on for the low-down.
Internet Archive Hacked
Internet Archive, the beloved non-profit providing free digital access to resources like books, films, software, and old websites, had a tough October that saw it targeted in several cyberattacks. First, a data breach exposed the information of 31 million users, including usernames, email addresses, and encrypted passwords. During the breach, hackers defaced the Archive’s website, posting a message referencing “Have I Been Pwned”, a site that alerts users about compromised data.
Shortly after, the website was targeted in a series of DDoS attacks, one of which was linked to a pro-Palestinian threat group known as “SN_Blackmeta”. This group claimed responsibility, citing political motives against the U.S., though the Internet Archive is an independent, non-governmental entity. In a third incident, attackers stole GitLab authentication tokens, accessing Internet Archive’s email support platform, after which they sent unauthorized messages to users who had contacted support.
In response, Internet Archive sought to strengthen its security, prioritizing data protection over service availability. As of now, key services like the Wayback Machine and Open Library have been restored. Chris Freeland, Director of Library Services at Internet Archive, states:
“More services and features coming online soon. Services may be interrupted for ongoing maintenance. Thank you for your patience and ongoing support.”
Landmark Admin Breach Affects Over 800,000
Insurance administrator Landmark Admin has informed over 800,000 people of a ransomware attack that led to the theft of personal data earlier this year. Threat actors exfiltrated and encrypted data, as detailed in notification letters sent to affected individuals and regulators in Maine, California, and Texas. The breach impacted 806,519 individuals, as reported to Maine’s Attorney General. No details about the attackers have been disclosed, and no ransomware group has publicly claimed responsibility for the breach.
Compromised information may include names, addresses, dates of birth, Social Security numbers, driver’s license or state-issued ID numbers, passport numbers, medical and insurance details, bank account numbers, and life or annuity policy data. In response, Landmark has restored secure system operations, enhanced network protections, and notified law enforcement. Additionally, the company is offering 12 months of free credit monitoring and identity theft protection to affected individuals.
Omni Family Health: 470,000 Victims
California health center network Omni Family Health is informing 470,000 individuals of a cyberattack that resulted in the theft of personal data. The breach was discovered on August 7th, after threat actors posted data allegedly taken from Omni on the dark web. According to the organization, the incident affected 468,344 current and former patients and employees, as reported to the US Department of Health and Human Services.
Omni stated on its website that compromised data includes names, addresses, dates of birth, Social Security numbers, and health insurance and medical information for patients. For employees, similar information was impacted, along with financial account details and information about dependents and beneficiaries. Omni is providing affected individuals with a year of free credit monitoring and identity protection services.
Mystic Valley Elder Services
Mystic Valley Elder Services (MVES), a Massachusetts non-profit supporting the elderly and disabled, has experienced a data breach affecting 87,000 individuals. Investigations found that attackers may have accessed files with sensitive data, including names, dates of birth, Social Security numbers, passport numbers, financial and online credentials, driver’s license numbers, and medical information.
MVES began notifying affected individuals way back in June, but recently disclosed the full scale to the Maine Attorney General and the Department of Health and Human Services. No ransomware group has claimed responsibility for the MVES breach, though this doesn’t rule out ransomware involvement.
OnePoint Patient Care: Nearly 800,000 Victims
OnePoint Patient Care (OPPC), an Arizona-based hospice pharmacy serving over 40,000 patients daily, is notifying customers of a data breach affecting their personal information. The organization detected suspicious activity on its network in late summer and an investigation confirmed that hackers had accessed files containing names, addresses, medical records, prescription details, and diagnoses. Social Security numbers were also compromised for some individuals. The Inc Ransom group claimed responsibility, listing OPPC on its Tor-based leak site and releasing stolen data, indicating no ransom was paid.
Protect Yourself with ScamCheck
With the increasing number and sophistication of scams, staying one step ahead is more crucial than ever. Unfortunately, antivirus software alone isn’t enough. Introducing the newly updated Trend Micro ScamCheck! Available for both Android and iOS, ScamCheck offers comprehensive protection from deceptive phishing scams, scam and spam text messages, deepfakes, and more:
- Scam Check: Instantly analyze emails, texts, URLs, screenshots, and phone numbers with our AI-powered scam detection technology. Stay secure and scam-free.
- SMS Filter & Call Block: Say goodbye to unwanted spam and scam calls and messages. Minimize daily disruptions and reinforce your defenses against phishing.
- Deepfake Scan: Detect deepfakes in real-time during video calls, alerting you if anyone is using AI face-swapping technology to alter their appearance.
- Web Guard: Surf the web safely, protected from malicious websites and annoying ads.
To download ScamCheck or to learn more, click the button below. As ever, if you’ve found this article an interesting or helpful read, please SHARE it with friends and family to help keep the online community secure and protected. Also, please consider clicking the LIKE button or sharing your experience in a comment below. Here’s to a secure 2024!