Weekly Cybersecurity Recap November 25
Table of Contents
- By Steven
- Nov 25, 2022
While we took this week to reflect on what we’re thankful for, devious individuals were not taking a break. There were still several data breaches, plus settlements from some corporate giants that took place. Taking the steps to keep your data safe is a simple thing you can do to provide peace of mind on your holidays, especially when we know that hackers do not take the same holidays off that the rest of us do. Here’s an overview of some of the events of this week.
Following an investigation that began in 2018, Google agreed to pay a settlement of almost $400M for not being as transparent about data collection as it should have been. 40 states came together in a lawsuit against Google with proof that they kept collecting data when users thought the setting was turned off. The way the settings were put together required two separate settings to be turned off before they stopped collecting data. The settlement makes it clear that Google must simplify the process and pay restitution to those who had their data collected against their will.
Booz Allen Hamilton
Government contractor Booz Allen Hamilton is facing the aftermath of an internal data breach. A former employee accessed the internal network of the company, accessing a lot of sensitive information. The ex-employee accessed information like names and SSN, but the more dangerous part is the fact that the hacker accessed the security clearance of other employees. This could prove dangerous if the hacker puts that information up for sale in that whoever buys that data could pressure those employees into getting sensitive information the victim has access to. With over 27,000 employees at the time of the breach, that could put a lot of people in harm’s way.
A hacker gained access to the network of Forefront Dermatology, accessing a lot of personal data from the clients of the company. Hackers accessed names, addresses, financial and medical information, and more for nearly 2.5 million people. The company agreed to pay a settlement to victims this week at a cost of nearly $4M. The data the hacker accessed is plenty for an outsider to steal the identity of these patients. It is important that patients remain vigilant in watching their medical and credit data to ensure their information is not being abused by others.
Mortgage lender, HomeTrust Mortgage, was a recent victim of ransomware. They have a lot of clients who have turned to them for a mortgage, so they have a lot of data that hackers look for. What hackers found were the addresses, SSNs, and full names of many customers. The company is doing what it can to work with investigators and notify customers. However, the information is not currently accounted for, so no one knows where it may end up in the future.
Gateway Rehabilitation Center
Nothing is sacred, including rehabilitation and medical facilities. A case in point is how hackers stole a lot of data from Pennsylvania-based addiction rehab company Gateway Rehabilitation Center. They help people who struggle with addiction recovery, so they have a lot of data on their clients. The exposed data includes names and birthdays, SSN and ID numbers, health insurance and payment information, and more. The breach came as a result of a hacker gaining access to the company’s network, and it has not yet shown up on the Dark Web for sale, but that could happen in the future.