On April 28, a new forum user on BreachForums called “Menelik” claimed to have 49 million Dell Technologies customer records for sale. The Daily Dark Web provided a screencap and details from the listing. The customer data purportedly includes data between 2017 and 2024, with “full names, addresses, cities, provinces, postal codes, countries, unique 7-digit…
Category: U.S.
Ascension reports cybersecurity incident, possible data breach
Caroline Hudson reports: Ascension has detected a cybersecurity incident that is disrupting its clinical operations, and has advised business partners to disconnect from its systems. The nonprofit health system said Wednesday it had discovered “unusual activity” on select network systems that it believes is due to a cybersecurity event. An Ascension spokesperson did not respond to…
Guardant notifies patients of unintended information exposure going back to October 2020
A notification by Guardant Health, Inc. in California (“Guardant”) caught DataBreaches’ eye yesterday. Guardant is a laboratory that performs cancer screening tests on samples received from its physician and hospital partners. Patient information that they received may have been inadvertently exposed between October 5, 2020 and February 29, 2024. They explain: Guardant recently determined that…
More than 380,000 additional NYC students had info breached in 2022 Illuminate Education hack
Carl Campanile reports: More than 380,000 additional city public-school students had their personal data hacked in a massive cyber attack — bringing the total number of kids affected to well over 1 million, The Post has learned. The New York City Department of Education last week began sending letters notifying the hundreds of thousands of additional current and…
Fred Hutch notifies more patients of November 2023 attack (1)
In December 2023, UW’s Fred Hutchinson Cancer Center (“Fred Hutch”) reported a November cyberattack that involved the exfiltration of patient data and attempted extortion of patients. DataBreaches contacted Fred Hutch on December 8 to ask whether the attackers had encrypted their files and whether they had negotiated with the threat actors. They did not reply….
CISA’s KEV catalog making a positive difference to defenders
Jonathan Greig reports that a CISA resource is having a positive effect at both a federal level as well as for non-governmental organizations: The Cybersecurity and Infrastructure Security Agency (CISA) has run its Known Exploited Vulnerabilities (KEV) catalog for nearly three years and it has quickly become the go-to repository for software and hardware bugs actively being exploited by hackers around the world. Experts…