Weekly Recap December 30
Table of Contents
- By Steven
- Dec 30, 2022
We've talked the last few weeks about the holiday crime rate and how it rises above most of the rest of the year. We've talked about how hospitals and schools are prime targets for hackers because of the plethora of information they contain. We've also talked about how financial companies are high on that list because they can offer a hacker nearly everything they want to know. As it's the last week of the year, hackers have decided to go out with a bang. Let's look at what we scrounged up this week.
Blue Shield of California
The Blue Shield breach was the culmination of paranoia for many people. Rather than an unknown party slipping into company computers and stealing data below the radar, this breach was an employee's doing. A now-former employee was caught sending emails containing sensitive client information to their personal email. This happened twice, once in July and once in October 2022. When the incident was discovered, the employee was immediately barred access from the rest of the systems and was fired.
MedStar Mobile Healthcare
MedStar Mobile Healthcare is an ambulance provider for Tarrant County, Texas. The company fell victim to a data breach that (luckily) only affected patients. We know we may sound crass in our idea of luck, but I think we'd all much rather have someone have our medical records than wonder if our EMT is actually certified or if they're a fake. The attacker accessed PII (personally identifying information), including names, social security numbers, and certain medical information, among other things, though most people only had non-financial billing information accessed.
BetMGM is an online sportsbook that generates around 850 million dollars yearly. The data is being sold on the dark web but, luckily, wasn't released to the general public, though we have seen this with other hacks. The hacker accessed birthdays, names, emails, postal addresses, hashed social security numbers, player IDs, phone numbers, and screen names, as well as "information related to your transactions." "We learned of the issue on November 28, 2022, and believe the issue occurred in May 2022," reads the company's notice.
At Human Investing, a financial planner, the main priority is to stay "focused on your financial wellbeing." Unfortunately, the company had an employee email compromised, thus affecting an undisclosed amount of people. The hack seems to have occurred on July 20, and the investigation ended in mid to late October.
Steel River System, LLC.
Steel River System is a telephone debt collector. We find it ironic; phishing scammers often pose as debt collectors, and now a debt collector has been hacked. Unfortunately, this kind of business holds a lot of personal information in its databases, and that's exactly what the hacker had access to. All Steel River said on the breach is that more than names were accessed and that it varied by the victims. The good news is if you were affected by this breach, the notice you received from the company would detail what information was affected by the breach.