Weekly Cybersecurity Recap April 21
Table of Contents
- By Steven
- Apr 21, 2023
This week has been full of serious data breaches from major hospitals, financial institutions, accounting firms, and more. It's a bad time to trust your data to companies online, and more and more businesses are proving they don't have the means to keep our data safe. Find out how Discord, NY Presbyterian Hospital, Bank of America, Unlimited Care Inc., and Harding, Symanski, and Company were all involved in data breaches this week.
Discord
While Discord didn't suffer from a data breach directly, the communication tool was utilized to transmit confidential documents to people around the internet. The company is working closely with the government to try and locate the users that shared the protected government documents. The breach into the Department of Defense files unveiled a great deal of data about the War on Ukraine as well as some other details about the military. The data was quickly spread on sites like Reddit and other social media platforms and also shared on Discord. The companies are offering data to government officials in an attempt to track down the hackers.
New York Presbyterian Hospital
New York Presbyterian Hospital is an academic hospital that offers in-person and virtual care to patients in a number of different specialties. The hospital recently exposed data for over 54,000 patients by way of the analytics tools it had installed on its website. The organization installed analytics software to track website activity, but the software gave away some personal information, such as the mailing addresses, email addresses, and full names of patients using the website to schedule appointments. If you used the website to schedule appointments over the last few years, you might have had your data exposed to the companies responsible for the analytics software.
Bank of America
On February 4, 2023, Bank of America was informed that its debt-collection service provider was attacked and that as many as 500,000 Bank of America customers had their data stolen as a result. Bank of America works with NCB Management to help collect overdue debts, and the company stores customer data as part of its process of collecting debts. The company's file servers were broken into, and attackers stole essential data. The customer data includes details like Driver's license numbers, credit card information, bank account balances, routing numbers, Social Security numbers, and more. The company is offering between 12 and 24 months of identity theft protection services, and anyone that gets a notice should take advantage of the free offer to protect themselves.
Unlimited Care Inc.
Unlimited Care Inc. is a home care company that helps elderly patients and disabled individuals live comfortably and safely at home. The company employs more than 2,500 people overall. This company suffered a network data breach that exposed company data. Among the data exposed were names, addresses, birth dates, Social Security numbers, and more. The attackers will likely try to leverage the data and use it to commit fraud.
Harding, Shymanski, and Company
In March of this year, a group of attackers broke into Harding, Shymanski, and Company to steal tax data for a large number of the firm's customers. This data breach was possible because the attackers obtained employee credentials. The stolen data was used to file fake tax returns for several individuals and will likely cause a great deal of trouble for everyone involved. The stolen information includes Social Security Numbers, Driver's license numbers, full names, addresses, bank account details, and more.