CYBER SECURITY NEWS – WEEK OF JULY 15, 2024

Change Healthcare, a subsidiary of UnitedHealth Group, suffered a major data breach that potentially impacted over 110 million people.
Hackers were able to access Change Healthcare’s internal systems and stole a significant amount of sensitive data.
The stolen information includes health insurance details, medical records, billing and claims data, as well as personal information like Social Security numbers and financial data.
Change Healthcare has confirmed that the stolen data was obtained by an affiliate of the BlackCat ransomware group, who remain in possession of a copy.
The RansomHub ransomware group has also claimed to have acquired the data.
To mitigate the impact, Change Healthcare is providing 2 years of complimentary credit monitoring and identity theft protection services to affected individuals.

AT&T, one of the largest telecommunications companies in the U.S suffered a massive data breach where threat actors stole the call logs of approximately 109 million customers, nearly all of AT&T’s mobile customers.
The stolen data included telephone numbers, call and text records, aggregate call durations, and cell site IDs for calls made between May 2022 and January 2023.
The data was stolen from AT&T’s Snowflake account, a cloud-based data warehouse, as part of a wave of recent attacks targeting Snowflake customers using stolen account credentials.
While the stolen data did not contain sensitive information like Social Security numbers or financial details, the communications metadata can be used to identify customers and their activities.

The Neiman Marcus data breach in May 2024 exposed over 31 million customer email addresses, according to analysis by founder Troy Hunt.
This is significantly more than the 64,472 people the company initially reported in its data breach notification.
The stolen data also included names, contact information, dates of birth, gift card info, transaction data, partial credit card details, Social Security numbers, and employee identification numbers. Neiman Marcus linked the breach to the Snowflake data theft attacks, where a threat actor used stolen customer credentials to target organizations without multi-factor authentication on their Snowflake accounts.
Other recent breaches tied to these attacks include Ticketmaster, Santander, Pure Storage, QuoteWizard/LendingTree, Advance Auto Parts, and Los Angeles Unified.

Evolve Bank & Trust, an Arkansas-based financial institution, disclosed a data breach affecting 7.64 million individuals.
The breach was initially believed to be caused by a hardware failure in late May, but an investigation revealed that hackers had infiltrated the network as early as February, potentially compromising sensitive customer data.
The stolen information includes names, Social Security numbers, bank account numbers, and contact details.
The breach also impacted customers of Evolve’s open banking platform, used by fintech firms such as Affirm and Wise.

Rite Aid, the third-largest drugstore chain in the U.S., experienced a cyberattack that resulted in a data breach.
The attack was claimed by the RansomHub ransomware group, which claimed to have stolen over 10GB of customer data, including names, addresses, driver’s license IDs, dates of birth, and Rite Aid rewards numbers – around 45 million lines of personal information.
Rite Aid confirmed the data breach but stated that no social security numbers, financial information, or patient health data was impacted.
The company said it has restored its systems with the help of cybersecurity experts and is in the process of notifying affected customers.

Advance Auto Parts, a major auto parts retailer, suffered a data breach that impacted over 2.3 million current and former employees and job applicants.
The stolen data included full names, Social Security numbers, driver’s licenses, and government ID numbers of the affected individuals.
This information was collected as part of Advance’s job application process.
Advance Auto Parts notified the impacted individuals and is providing 12 months of complimentary identity theft protection and credit monitoring services through Experian.
The breach was initially reported to only impact Advance employees, but the company later clarified that 2.3 million people were affected, including job applicants and former employees.
The stolen data was offered for sale by a threat actor named ‘Sp1d3r’, who claimed to have 380 million Advance customer