Weekly Cybersecurity Recap September 15
Table of Contents
- By Steven
- Sep 15, 2023
This week, data breaches were particularly bad, with attacks impacting travel technology giant Sabre, production giant Johnson and Johnson, and medical company Amerita. The online service marketplace called Freecycle was also impacted and so was Traderie, a game trading platform. Millions of individuals lost their information between these various breaches. Get more details about each of the specific attacks below.
Freecycle is an online group dedicated to helping individuals give away any items they no longer want. The organization is free to use, but it manages data for its users that was recently compromised. Freecycle learned it had been breached on August 30, 2023, and that stolen information from the organization first appeared for sale on the dark web on May 30, 2023. The stolen information includes things like usernames and IDs for the site. Passwords and email addresses were also taken. Millions of Freecycle users were impacted in the breach.
Johnson and Johnson's Janssen CarePath
Johnson and Johnson has a healthcare services division known as Janssen CarePath. The division specializes in providing affordable and low-cost healthcare options to patients prescribed its medications. The data breach exposed the birth dates, health insurance data, contact information, full names, and more medical details of a huge number of people on August 2, 2023.
Traderie is an online sales broker site that specializes in item transactions for the Nintendo video game Animal Crossing: New Horizons. The site works with more than 2.6 million individuals, enabling them to buy and sell items from the game. A recent security incident makes it clear that Traderie was breached. During the breach user IP addresses, Google Roblox and Apple identifiers, and Stripe data were taken from millions. A BreachForums member known as "victim" is taking credit for this breach, and is attempting to sell the stolen data for $5,000 in Bitcoin.
Amerita is a large-scale medical company that specializes in senior care and infusions. The organization suffered from a data breach that potentially impacted nursing facilities, hospitals, and countless individual patients. The breach occurred on March 12 and 13, 2023 and it occurred when one or more individuals were able to break into the company's network. No ransomware gang has taken credit for the attack yet. Data such as health insurance information, medical history, full patient name, diagnosis, and more were taken, though Social Security numbers and financial information seem to have been spared.
The massive travel service provider Sabre which works with some of the largest airlines and hotel chains in the United States recently suffered from a serious data breach. The ransomware gang Dunghill Leak Group posted photos and sample files showing vast amounts of stolen data from the company. The hackers claim to have stolen more than 1.3 terabytes of data, including corporate financial documents, personal employee information, travel logs, ticket sales information, and more. With data as recent as July 2023 in the displayed stolen documents, this data breach could impact huge numbers of people.