Weekly Cybersecurity Recap November 24
Table of Contents
- By Steven
- Nov 24, 2023
This week, the cybersecurity environment continued to be rocked by the global MOVEit data breach. Various Stanford Health groups had information taken in the MOVEit event, up to 1.6 million patient records. AutoZone also announced MOVEit’s involvement in a 185,000-person security incident. Delaware Life Insurance suffered a similar breach from MOVEit, although the number of records lost remains unknown. Finance software consultant firm Systems East suffered an event exposing over 200k consumer records. Finally, workforce management NSC Tech also announced a breach, exposing over 50,000 current and applicant employee records. Find a synopsis of each breach below.
Systems East, Inc.
Financial consultants in Central New York suffered a cyber event, exposing 209,328 records. The assailants broke into Systems East and copied an encrypted database; it is unknown if the hackers have broken the encryption—but consumers should take preventative measures regardless. The database contained names and payment information but did not involve credentials usually needed for transactions like PINs or addresses. Systems East account holders should take steps immediately to prevent data misuse.
Standford/Packard Health Groups
Officials discovered that numerous members of Stanford University’s health groups had information exposed in a MOVEit data breach. Today’s most destructive data breach has impacted over 2,000 organizations worldwide, exposing millions of records to bad actors and the internet. Stanford’s breach may impact 1.6 million patients and group plan holders. The influenced entities include Stanford Health Care, Lucile Packard Children’s Hospital, Stanford Medicine Partners, Stanford Tri-Valley, and Packard Children’s Health Alliance.
AutoZone’s data breach was also due to the MOVEit data breach event. The breach exposed 184,995 records, including employee and account holder information. The stolen data is known to include names and Social Security Numbers (SSNs), but no other details are public. Those who receive a consumer notice about the breach should take considerable countermeasures. Until the data is in a crime, there’s no way to know what data a threat actor has; that means every record exposed in the breach could result in potential victimization. AutoZone employees and account holders must take precautions before criminals misuse their stolen information.
Delaware Life Insurance
The last MOVEit data breach this week, Delaware Life is a subsidiary insurance company of Group 1001. A Delaware Life vendor, Pension Benefit Information, utilized MOVEit for file maintenance; subsequently, they suffered a data breach with thousands of organizations worldwide. Producer and policyholder names, residential addresses, birthdays, and SSNs appeared in the breach. Some may have also lost their contract, group, or policy number. In response, impacted individuals should invest in monitoring services, particularly for identity and medical records.
Workforce acquisition firm NSC Tech suffered a significant breach this week, unrelated to the global MOVEit event. Instead, their systems were attacked directly by a sophisticated threat. The stolen information of 48,531 people included data from some NSC subsidiaries, including Consolidated Marine Systems, Anistar Technologies, ULG Companies, Superior Resource Group, Staff Matters, Staffing Resources, and Nationwide Temporaries. Stolen data may involve names and SSNs, but from the suggested response, it may include financial, credit, and identity accounts. Current employees and applicants of NSC Tech or a subsidiary company must take immediate action to safeguard their data.