Data Breaches

> Roll20 says the data breach was due to a “bad actor” who gained access to an account on the company’s administrative website for one hour.

> Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks.

> Healthcare fintech firm HealthEquity is warning that it suffered a data breach after a partner's account was compromised and used to access the Company's systems to steal protected health information.

> FIA (Fédération Internationale de l'Automobile), the auto racing governing body since the 1950s, says attackers gained access to personal data after compromising several FIA email accounts in a phishing attack.

> Buy now, pay later loan company Affirm is warning that holders of its payment cards had their personal information exposed due to a data breach at its third-party issuer, Evolve Bank & Trust (Evolve).

> Patelco Credit Union has disclosed it experienced a ransomware attack that led to the proactive shutdown of several of its customer-facing banking systems to contain the incident's impact.

> On or about March 14, 2024, through March 15, 2024, Human Technology Inc., and its affiliates, Greer Orthotics & Prosthetics, Inc., Murphy's Orthopedic & Footcare, Inc., and Hi-Tech Prosthetics & Orthotics, Inc., ("Human Technology and its affiliates") suffered a data security incident. Human Technology and its affiliates became aware of this suspicious activity within its environment on March 15, 2024.

> The news highlights that the fallout from the Evolve data breach on third-party companies — and their customers and users —  is still unclear.

> The company seemingly underestimated the severity of the breach after originally providing a head count of roughly 36,000 impacted individuals.

> Geisinger, a prominent healthcare system in Pennsylvania, has announced a data breach involving a former employee of Nuance, an IT services provider contracted by the organization.

> With many popular apps, users must hand over personal information to prove their identity, and the big downside is they have no control over how that information gets processed and stored.

> Ticketmaster has started to notify customers who were impacted by a data breach after hackers stole the company's Snowflake database, containing the data of millions of people.

> The company “identified a security incident that involved bad actors targeting a limited number of HubSpot customers and attempting to gain unauthorized access to their accounts” on June 22.

> The BlackSuit ransomware gang claimed a recent cyberattack on KADOKAWA corporation and is now threatening to publish stolen data if a ransom is not paid.

> Agropur, one of the largest dairy cooperatives in North America, is notifying customers of a data breach after some of its shared online directories were exposed.

> The remote access software company TeamViewer is warning that its corporate environment was breached in a cyberattack yesterday, with a cybersecurity firm claiming it was by an APT hacking group.

> Infosys McCamish Systems (IMS) disclosed that the LockBit ransomware attack it suffered earlier this year impacted sensitive information of more than six million individuals.

> A hacker claims to be selling an extensive database associated with an Indian government portal meant for blue-collar workforce emigrating from the country.

> rabbit inc has known that we have had their elevenlabs (tts) api key for a month, but they have taken no action to rotate the api keys.

> Recently-disrupted LockBit ransomware group, in a desperate attempt to make a comeback, claimed this week that it had hit the Federal Reserve, the central bank of the United States. Except, the rumor has been quashed.

> Geisinger said a former Nuance Communications employee with improper access to official records stole critical patient information.

> Luxury retailer Neiman Marcus confirmed it suffered a data breach after hackers attempted to sell the company's database stolen in recent Snowflake data theft attacks.

> The central banking system is allegedly negotiating with the ransomware gang LockBit to restore 33 terabytes of confidential banking data.

> CISA is warning that its Chemical Security Assessment Tool (CSAT) environment was breached in January after hackers deployed a webshell on its Ivanti device, potentially exposing sensitive security assessments and plans.

> CoinStats suffered a massive security breach that compromised 1,590 cryptocurrency wallets, with the attack suspected to have been carried out by North Korean threat actors.

> Authorities say Indonesia’s national data center has been compromised by a hacking group asking for a $8 million ransom that the government won’t pay.

> UnitedHealth has confirmed for the first time what types of medical and patient data were stolen in the massive Change Healthcare ransomware attack, stating that data breach notifications will be mailed in July.

> The Los Angeles Unified School District confirmed that one of its vendors had its data compromised in the recent cyberattack against the cloud storage provider Snowflake.

> The gang shared almost 400GB of the private information on their darknet site and Telegram channel.

> A hacker is claiming to have extracted contact details of 33,000 current and former employees of the IT giant Accenture in a breach that involves a third-party firm.

> The Association of Texas Professional Educators (ATPE) is notifying more than 414,000 members of a data breach.

> T-Mobile has denied it was breached or that source code was stolen after a threat actor claimed to be selling stolen data from the telecommunications company.

> Forklift manufacturer Crown Equipment confirmed today that it suffered a cyberattack earlier this month that disrupted manufacturing at its plants.

> Advance Auto Parts has confirmed it suffered a data breach after a threat actor attempted to sell stolen data on a hacking forum earlier this month.

> AMD is investigating whether it suffered a cyberattack after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains AMD employee information, financial documents, and confidential information.

> Health insurance provider Maxicare has reported a data breach to the National Privacy Commission.

> Learnosity, an e-learning platform with more than 40 million learners, has disclosed a cybersecurity incident.

> Panera Bread, an American chain of fast food restaurants, most likely paid a ransom after being hit by a ransomware attack, suggests language used an internal email sent to employees.

> The personal information of more than 200,000 people in Los Angeles County was potentially exposed after a hacker used a phishing email to steal login credentials.

> PCBA manufacturing giant Keytronic is warning it suffered a data breach after the Black Basta ransomware gang leaked 530GB of the company's stolen data two weeks ago.