At a glance.
- US lending company falls victim to data breach.
- Vice Society claims responsibility for Palermo cyberattack.
- Medical data breaches pervasive in Arizona.
- Cancer center in Seattle reports data breach.
US lending company falls victim to data breach.
New York-based global business lending company OnDeck has disclosed it suffered a data breach as the result of an unauthorized party gaining access to the company’s computer network. JDSupra reports that the intruder exfiltrated sensitive consumer data and transferred it to a private cloud storage account. The exposed data includes customer names, Social Security numbers, tax ID numbers, driver’s license numbers, passport numbers, financial account/payment card account numbers, and medical or health insurance information. OnDeck first detected suspicious activity across some of its computers on March 10 and immediately shut down access to all affected devices. But three days later, OnDeck confirmed that the attackers had copied certain OnDeck data to a private cloud storage account. On March 17, OnDeck’s team of investigators gained control over the cloud storage account, recovered the data, and shut down access, but it’s unclear what the threat actor might have done with the data while it was in his or her possession. OnDeck filed an official notice of the breach on June 2 and had begun notifying impacted parties.
Vice Society claims responsibility for Palermo cyberattack.
BleepingComputer reports that the Vice Society ransomware group has claimed responsibility for the cyberattack on Palermo. City services, websites, and all internet-related services remain unavailable in the Italian municipality, affecting over a million people. The group has threatened to publish all stolen documents if a ransom isn’t paid by Sunday.
Medical data breaches pervasive in Arizona.
Arizona healthcare providers have found themselves at the forefront of cyberattacks within the last two years. Fox10 reports that according to the Office for Civil Rights database, 20 healthcare entities within the state have cases under investigation, and sixteen of them are because of hacking or IT incidents. It was found that nearly 600,000 medical records in Arizona have been exposed within the last two years. John Komer, owner of Kraken Cyber Security Group, said, "If they haven't protected the data, the release can be really damaging. I've seen clinics and others actually close down because they were not in compliance with federal law, with HIPAA. They got breached and patient records were released.” Healthcare data breaches have been pervasive as of late, with 679 breaches affecting 45 million people last year, according to Critical Insight Security.
Cancer center in Seattle reports data breach.
Fred Hutchinson Cancer Center in Seattle has reported that they have fallen victim to a data breach. Komo News reports that the hacker breached an employee email account on March 25, which contained sensitive information including medical records, social security numbers, addresses, names, and financial information. The center has reported in a release that there has been no evidence of identity theft or fraud, but that they are notifying affected people via mail. The provider also notes that they are taking steps to prevent another attack, including “reviewing its technical controls, policies and procedures.”