Weekly Cybersecurity Recap December 1
Table of Contents
- By Steven
- Dec 01, 2023
This week, cybercriminals targeted health lifestyle members, patients, gamblers, and general consumers. Early on, Welltok returned to the news, this time with over 426k member data stolen by assailants; the organizations impacted by the breach were Premier Health and Graphic Packaging International. In North Carolina, cybercriminals targeted a healthcare clinic. The assailants stole more than 60k patient records from Robeson Health Care. Human resource solutions, Zeroed-In, was also targeted—leading to the exposure of nearly 2 million, including Dollar Store consumer records. Lastly, Caesars Entertainment returned to the news this week; despite paying the data breach ransom, millions of loyalty members may still be at risk for information misuse. Find more about each breach below.
An online lifestyle wellness program, Welltok has suffered significant losses recently, stemming from multiple breaches. This week’s victims were Premier Health and Graphic Packaging International associations. The stolen data in both organizations include names, birthdays, Social Security Numbers, health insurance plan information, group plan details, and prescription names with issuing providers. Some Premier Health victims may have lost medical record information or patient data. An estimated 426k patients and consumers may have lost data in the event—and more victims may still appear.
Robeson Health Care Corporation
Meanwhile, thieves stole over 60k patient records in North Carolina after a malware attack. The assailants may have obtained patients’ names, addresses, Social Security Numbers, birthdays, treating physicians’ information, prescription and treatment information, medical record numbers, Medicare/Medicaid numbers, patient ID numbers, and health insurance information. The amount of data stolen in the event differs between people—but the risks remain prevalent. Those with RHCC associations must invest in credit, financial, and medical record monitoring services.
Human resource analytics and solutions provider Zeroed-In had a data breach exposing nearly 2 million records this week. The attack was presumably significant, as officials cannot yet confirm the full scope of the event. According to what is public about the incident, the stolen data includes names, birthdays, and Social Security Numbers. However, investigations are ongoing—officials cannot yet verify how many files were accessed or what they contained. For these reasons, customers of Zeroed-In must take action to protect their identities; cybercriminals could sell them on the dark web or misuse them at any time.
Caesars Entertainment, Update
CE was one of numerous casino providers recently targeted by threat actors; since then, CE purportedly paid half the ransom to their attackers, but the data they accessed could still be at risk. CE loyalty members have lost information in this breach. The exposed information includes millions of members’ names, dates of birth, Social Security Numbers, driver’s licenses, and government-issued IDs. Members of the CE loyalty program should seek immediate assistance to mitigate future data misuse; monitoring services, increased cybersecurity policies, and complex passwords are just the beginning of sensible precautions.
Family Dollar & Dollar Tree
One of the most widely recognized company duos, Family Dollar & Dollar Tree, was also targeted this week. Nearly 2 million people had their identity information taken in this breach—although that number may grow. Consumer names, dates of birth, and Social Security Numbers were all exposed in the incident. Investigations into the breach are ongoing; subsequently, some information may change as they conclude. However, consumers don’t need to wait for a physical notice to start protecting their information.