At a glance.
- Spa gift certificate breach is anything but relaxing.
- US university releases few details about recent data breach.
- Even more stolen data dumped from Oakland ransomware attack.
- Pirate streaming service leaks customer data.
Spa gift certificate breach is anything but relaxing.
CTV News Ottawa reports that Canadian health spa Nordik Spa, located in Chelsea, Quebec, has experienced a data breach involving its gift card system. The spa has notified customers that the “event” might have allowed an intruder access to personal customer data including full names, street addresses, and credit card info. Nordik Spa first detected the suspicious activity in late February and responded by shutting down the gift card system and enlisting a third-party firm to launch an investigation. Impacted individuals are those who purchased a gift card between November 4, 2022 and February 27, 2023. However, customers can rest assured that the gift cards in question are still valid. "We will also work with third-party experts to continuously strengthen security measures and maximize the protection of our clients' data. We have reported the incident to the relevant authorities and corporations," Nordik Spa stated.
US university releases few details about recent data breach.
American private Catholic University Our Lady of the Lake has disclosed it suffered a breach that exposed personal data, but, as GovTech reports, details about the incident are sparse. Though the breach was first reported last month, the school, which is located in the US state of Texas, published its first statement about the incident on its website last week. It is unclear how many individuals were impacted, although it is believed that the data of faculty, staff, students, and even prospective attendees were exposed. The school has declined to discuss the nature of the attack, but the AvosLocker ransomware group has taken credit for the incident. The school has stated that their investigation of the attack revealed that a "limited amount of personal information was removed" and that that data include full names, Social Security numbers, driver's license and passport info, dates of birth, and bank account details. Impacted individuals are being notified, but the lack of details about the nature of the attack have some members of the school community concerned.
Even more stolen data dumped from Oakland ransomware attack.
As we previously discussed, the US city of Oakland, located in the state of California, suffered a ransomware attack in February that led to the publication of stolen data, and , and now Engadget reports that the hackers have released more data stolen in the attack. The Play ransomware group has dumped a second batch of approximately 600GB of data including confidential Oakland Police Department files, council members' communications, and staff medical records. The first dump consisted of 10GB of data, and the police union is demanding $25,000 per officer in damages. The attack forced the city to take its network offline, leaving the city in a state of emergency with many buildings closed and non-emergency services unavailable. The city has not disclosed Play’s ransom demands, but has stated it has no intention of paying.
Pirate streaming service leaks customer data.