402,437,094 known records breached in 240 publicly disclosed incidents
Welcome to this week’s global round-up of the biggest and most interesting news stories.
At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks.
Publicly disclosed data breaches and cyber attacks: in the spotlight
Unsecured Zenlayer database exposes over 380 million records
The cyber security researcher Jeremiah Fowler has discovered an unprotected database that exposed over 380 million data records, including customer information and internal data relating to the network services provider Zenlayer.
Fowler sent a responsible disclosure notice when he discovered the database and it was secured the following day. It is not known how long the database was publicly available, nor whether anyone else accessed it.
Date breached: 384,658,212 records.
ALPHV/BlackCat ransomware gang adds 2.7 TB of ASA Electronics data to its leak site
The ALPHV/BlackCat ransomware gang is attempting to extort a ransom from ASA Electronics for 2.7 TB of data, including engineering drawings, prints, schematics, patents, source code, supplier and vendor information, accounting data, and more.
In response to ASA’s apparent refusal to negotiate, ALPHV is threatening to “contact clients, business partners, and competitors” next week.
Data breached: 2.7 TB.
Further victims of Harvard Pilgrim Health Care ransomware attack identified
Harvard Pilgrim Health Care suffered a ransomware attack in April 2023, which it has been investigating since then. In January 2024, it identified more potential victims, and has now written to inform them that their personal data may have been compromised in the incident.
The total number of victims is now more than 5 million.
Data breached: 2,632,275 people’s data.
Publicly disclosed data breaches and cyber attacks: full list
This week, we found 402,437,094 records known to be compromised, and 240 organisations suffering a newly disclosed incident. 204 of them are known to have had data exfiltrated, exposed or otherwise breached.
We also found 6 organisations providing a significant update on a previously disclosed incident.
| Organisation(s) | Sector | Location | Data breached? | Known records breached |
| Zenlayer Source New |
Telecoms | USA | Yes | 384,658,212 |
| ASA Electronics Source New |
Engineering | USA | Yes | 2.7 TB |
| Harvard Pilgrim Health Care Source New |
Healthcare | USA | Yes | 2,632,275 |
| INTEGRIS Health Source Update |
Healthcare | USA | Yes | 2,385,646 |
| Kreyenhop & Kruge Source New |
Transport | Germany | Yes | 1,241,127 |
| Constantia FPP Source New |
Manufacturing | UK | Yes | 756 GB |
| Rajawali Corpora Source New |
Finance | Indonesia | Yes | 715 GB |
| BTL Veranstaltungstechnik Source New |
Other | Germany | Yes | 585 GB |
| Patrizia Pepe Source New |
Retail | Italy | Yes | 577 GB |
| Universal Services Source New |
Engineering | USA | Yes | 470 GB |
| Leonard’s Syrups Source New |
Manufacturing | USA | Yes | 453 GB |
| The Chattanooga Heart Institute Source New |
Healthcare | USA | Yes | 413,236 |
| Sanford Person Thone & Strean Source New |
Legal | USA | Yes | 401 GB |
| Centrale Paysanne Luxembourgeoisie Source New |
Agricultural | Luxembourg | Yes | 375 GB |
| Barber Emerson Source New |
Legal | USA | Yes | 351 GB |
| Van Wingerden Greenhouses Source New |
Agricultural | USA | Yes | 337 GB |
| CGM, Inc. Source Update |
Manufacturing | USA | Yes | 315,346 |
| Virginia Farm Bureau Source New |
Finance | USA | Yes | 261,187 |
| Arcis Golf Source New |
Hospitality and Leisure | USA | Yes | 250 GB |
| Antunovich Associates Source New |
Construction and real estate | USA | Yes | 208 GB |
| Satse Source New |
Charity and non-profit | Spain | Yes | 195,086 |
| Golden Corral Corporation Source New |
Hospitality and leisure | USA | Yes | 183,272 |
| Trans-Northern Pipelines Source 1; source 2 New |
Energy and utilities | Canada | Yes | 183 GB |
| Schuster Trucking Company Source New |
Transport | USA | Yes | 161 GB |
| Global Rescue Source New |
Healthcare | USA | Yes | 155 GB |
| YKP Source New |
Professional services | Brazil | Yes | 150 GB |
| BM Catalysts Source New |
Manufacturing | UK | Yes | 100 GB |
| MMI Culinary Source New |
Manufacturing | USA | Yes | 100 GB |
| Prince George’s County Public Schools Source New |
Education | USA | Yes | 99,543 |
| Pacifica Source New |
Other | UK | Yes | 85 GB |
| New-Indy Containerboard Source New |
Manufacturing | USA | Yes | 82 GB |
| Champion Source New |
Transport | Columbia | Yes | 81 GB |
| Sercide Source New |
Energy and utilities | Spain | Yes | 69 GB |
| Concello de Teo Source New |
Public | Spain | Yes | 65,979 |
| Griffin Dewatering Source New |
Construction and real estate | USA | Yes | 65,580 |
| Sitrack Source New |
Finance | Argentina | Yes | 63 GB |
| The Source Source New |
Retail | Canada | Yes | 60 GB |
| Hats Interior Decoration Source New |
Other | UAE | Yes | 60 GB |
| Infosys McCamish Systems LLC/Bank of America Source New |
Finance | USA | Yes | 57,028 |
| Coleman Professional Services Inc. Source New |
Healthcare | USA | Yes | 51,889 |
| Core Engineering Source New |
Engineering | USA | Yes | 43 GB |
| United Regional Health Care System Source 1; source 2 New |
Healthcare | USA | Yes | 36,900 |
| CUSO Financial Services, LP Source New |
Finance | USA | Yes | 25,698 |
| The Northwestern Mutual Life Insurance Company Source Update |
Finance | USA | Yes | 24,518 |
| Unidentified contractors and employees of, and applicants to the US Department of Defense Source Update |
Public | USA | Yes | 20,601 |
| AGC America, Inc. Source New |
Manufacturing | USA | Yes | 20,415 |
| TECA Srl Source New |
Transport | Italy | Yes | 16.7 GB |
| AGC Flat Glass North America, Inc. Welfare Benefits Plan Source 1; source 2 New |
Healthcare | USA | Yes | 13,079 |
| Insurance ACE/Humana Inc. Source 1; source 2 New |
Healthcare | USA | Yes | 12,539 |
| Cal-Comp Electronics Source New |
Manufacturing | Thailand | Yes | 12,000 |
| Tax Favored Benefits Source New |
Finance | USA | Yes | 10,974 |
| US GAO (Government Accountability Office) Source New |
Public | USA | Yes | 6,600 |
| Dobson Technologies, Inc. Source New |
Telecoms | USA | Yes | 6,158 |
| Nabholz Construction Company Employee Welfare Health Plan Source 1; source 2 New |
Healthcare | USA | Yes | 5,326 |
| Dawson James Securities, Inc. Source Update |
Finance | USA | Yes | 4,673 |
| North Hill (North Hill Communities, Inc., North Hill Home Health Care, Inc., North Hill Needham, Inc., Connected for Life, Inc., and the North Hill Employee Dental Plan) Source New |
Healthcare | USA | Yes | 4,798 |
| Advarra, Inc. Source New |
Healthcare | USA | Yes | 4,656 |
| Forward Healthcare, LLC Source 1; source 2 New |
Healthcare | USA | Yes | 3,999 |
| Cardiothoracic and Vascular Surgeons, P.A. Source New |
Healthcare | USA | Yes | 2,345 |
| CareFirst BlueCross BlueShield Community Health Plan – District of Columbia Source 1; source 2 New |
Healthcare | USA | Yes | 2,189 |
| County of Cumberland Source New |
Public | USA | Yes | 1,948 |
| Cumberland Advisors, Inc. Source New |
Finance | USA | Yes | 1,637 |
| Health New Zealand Te Whatu Ora Source New |
Healthcare | New Zealand | Yes | 12,000 |
| The Bengtson Center for Aesthetics and Plastic Surgery Source 1; source 2 New |
Healthcare | USA | Yes | 935 |
| Kentucky Cabinet for Health and Family Services Source 1; source 2 New |
Healthcare | USA | Yes | 857 |
| Liberty Hospital Source 1; source 2 Update |
Healthcare | USA | Yes | 501 |
| Crescent Community Health Center Source 1; source 2 New |
Healthcare | USA | Yes | 501 |
| Spectrum Vision Partners Source 1; source 2 New |
Healthcare | USA | Yes | 500 |
| Orbus Visual Communications, LLC Source New |
Manufacturing | USA | Yes | 458 |
| USCC Services, LLC d/b/a UScellular Source New |
Telecoms | USA | Yes | 100 |
| Aramark Correctional Services, LLC Source New |
Multiple | USA | Yes | 67 |
| Jeff Wyler Automotive Family, Inc. Source New |
Retail | USA | Yes | 12 |
| Family and Children’s Services of Lanark, Leeds and Grenville Source New |
Public | Canada | Yes | 4 |
| 100 Romanian hospitals using the Hipocrate Information System Source 1; source 2 New |
Healthcare | USA | Yes | Unknown |
| Prudential Financial Source New |
Finance | USA | Yes | Unknown |
| Securence (a subsidiary of U.S. Internet Corp) Source New |
Telecoms | USA | Yes | Unknown |
| Washington County Source New |
Public | USA | Yes | Unknown |
| Robert Half Source New |
Professional services | USA | Yes | Unknown |
| Lili’s Brownies Source New |
Manufacturing | France | Yes | Unknown |
| Kadac Source New |
Manufacturing | Australia | Yes | Unknown |
| Doprastav Source New |
Construction and real estate | Slovakia | Yes | Unknown |
| Communication Federal Credit Union Source New |
Charity and non-profit | USA | Yes | Unknown |
| Roosens Betons Source New |
Construction and real estate | Belgium | Yes | Unknown |
| Motilal Oswal Source New |
Finance | India | Yes | Unknown |
| Giraud Pere et Fils Source New |
Construction and real estate | France | Yes | Unknown |
| Pradier Granulats Source New |
Construction and real estate | France | Yes | Unknown |
| School District of Nekoosa Source New |
Education | USA | Yes | Unknown |
| ASP Basilicata Source New |
Healthcare | Italy | Yes | Unknown |
| Falco Electronics Source New |
Manufacturing | Mexico | Yes | Unknown |
| América Móvil Source New |
Telecoms | Mexico | Yes | Unknown |
| Unifer Source New |
Construction and real estate | France | Yes | Unknown |
| Institutional Casework Source New |
Education | USA | Yes | Unknown |
| ATB SA Ingénieurs-Conseils Source New |
Engineering | Switzerland | Yes | Unknown |
| Bronstein & Carmona Source New |
Insurance | USA | Yes | Unknown |
| Waldemar S. Nelson & Company Source New |
Professional services | USA | Yes | Unknown |
| Silverlining Source New |
Construction and real estate | USA | Yes | Unknown |
| Dubose Strapping Source New |
Manufacturing | USA | Yes | Unknown |
| Meerservices Source New |
Multiple | Netherlands | Yes | Unknown |
| Onclusive Source New |
Professional services | USA | Yes | Unknown |
| Mechanical Reps Source New |
Manufacturing | USA | Yes | Unknown |
| H.R.Ewell Source New |
Transport | USA | Yes | Unknown |
| Hy-Tec Source New |
Telecoms | USA | Yes | Unknown |
| Norman, Fox & Co Source New |
Manufacturing | USA | Yes | Unknown |
| Von Hagen Design Source New |
Manufacturing | USA | Yes | Unknown |
| LD Davis Source New |
Manufacturing | USA | Yes | Unknown |
| Advantage Orthopedic & Sports Medicine Clinic Source New |
Healthcare | USA | Yes | Unknown |
| Dobrowski Stafford & Pierce Source New |
Legal | USA | Yes | Unknown |
| Réseau Ribé Source New |
Agricultural | France | Yes | Unknown |
| The Closing Agent Source New |
Construction and real estate | USA | Yes | Unknown |
| VARTA AG Source New |
Manufacturing | Germany | Unknown | Unknown |
| Office of the President of the Republic of Korea Source New |
Public | The Republic of Korea | Unknown | Unknown |
| Office of the Colorado State Public Defender Source New |
Public | USA | Unknown | Unknown |
| MSH International Canada Source New |
Healthcare | Canada | Unknown | Unknown |
| ISSPOL (Instituto de Seguridad Social De La Policía Nacional) Source New |
Public | Ecuador | Unknown | Unknown |
| Jacksonville Beach Source New |
Public | USA | Unknown | Unknown |
| River Oaks Baptist School Source New |
Education | USA | Unknown | Unknown |
| Park Home Assist Insurance Services Source New |
Finance | UK | Unknown | Unknown |
| Grupo Camarotto Source New |
Construction and real estate | Italy | Unknown | Unknown |
| Lyon Equipment Ltd Source New |
Manufacturing | UK | Unknown | Unknown |
| Diener Precision Pumps Source New |
Manufacturing | Switzerland | Unknown | Unknown |
| Fédération Envie Source New |
Charity and non-profit | France | Unknown | Unknown |
| Sealco (Shaker Electronics and Appliances Lebanon Co.) Source New |
Retail | Lebanon | Unknown | Unknown |
| Palterton Primary School Source New |
Education | UK | Unknown | Unknown |
| Victory Heights Primary School Source New |
Education | UAE | Unknown | Unknown |
| Disaronno International Source New |
Manufacturing | USA | Unknown | Unknown |
| Allmetal Inc. Source New |
Manufacturing | USA | Unknown | Unknown |
| Freedom Munitions Source New |
Manufacturing | USA | Unknown | Unknown |
| Arlington Perinatal Associates Source New |
Healthcare | USA | Unknown | Unknown |
| Plexus Teleradiology Source New |
Healthcare | USA | Unknown | Unknown |
| Cámara Arbitral de la Bolsa de Cereales Source New |
Manufacturing | Argentina | Unknown | Unknown |
| Taiwan Textiles Source New |
Manufacturing | Taiwan | Unknown | Unknown |
| Silver Airways Source New |
Transport | USA | Unknown | Unknown |
| Henri Germain Source New |
Construction and real estate | France | Unknown | Unknown |
| Lower Valley Energy Source New |
Energy and utilities | USA | Unknown | Unknown |
| Forge Precision Source New |
Manufacturing | USA | Unknown | Unknown |
| Garon Products Source New |
Manufacturing | USA | Unknown | Unknown |
| Conseguros, Corredor de Seguros Source New |
Insurance | Guatemala | Unknown | Unknown |
| Kabat Tyre Source New |
Manufacturing | Poland | Unknown | Unknown |
| Kevin Leeds Source New |
Finance | USA | Unknown | Unknown |
| Hawbaker Engineering Source New |
Engineering | USA | Unknown | Unknown |
| Bombay Grill Restaurant Source New |
Hospitality and leisure | Croatia | Unknown | Unknown |
| Caribbean Radiation Oncology Center Source New |
Healthcare | USA | Unknown | Unknown |
| Spalding SSD Source New |
Manufacturing | Canada | Unknown | Unknown |
| Tormetal SpA Source New |
Engineering | Chile | Unknown | Unknown |
| ASAM SA Source New |
Engineering | Romania | Unknown | Unknown |
Note 1: ‘New’/‘Update’ in the first column refers to whether this breach was first publicly disclosed this week, or whether a significant update was released this week. The updated data point is italicised in the table.
Note 2: For incidents where we only know the file size of the data breached, we use the formula 1 MB = 1 record. Given that we can’t know the exact numbers, as it depends on the types of records included (e.g. pictures and medical histories are considerably larger files than just names and addresses), we err on the side of caution by using this formula. We believe that this underestimates the records breached in most cases, but it is more accurate than not providing a number at all.
AI
Open AI removes accounts used by state-sponsored hackers
ChatGPT’s parent company, Open AI, has closed accounts used by state-sponsored attackers from China, Iran, North Korea and Russia that were misusing its large language model to enhance their capabilities. Following information from Microsoft, Open AI closed accounts associated with the Forest Blizzard (Strontium), Emerald Sleet (Thallium), Crimson Sandstorm (Curium), Charcoal Typhoon (Chromium) and Salmon Typhoon (Sodium) threat groups.
Tech giants agree to combat AI-enhanced election fraud
At the Munich Security Conference last Friday, executives from Adobe, Amazon, Google, IBM, Meta, Microsoft, OpenAI and TikTok announced a new framework for responding to AI-generated deepfakes designed to trick voters. Twelve other companies will also sign the accord.
Enforcement
Joint operation disrupts LockBit ransomware
Operation Cronos, an international operation involving the UK National Crime Agency, the US FBI and law enforcement partners from nine other countries, has disrupted the LockBit ransomware group, seizing numerous servers and public-facing websites. Two LockBit actors have been arrested in Poland and Ukraine, and over 200 cryptocurrency accounts linked to the group have been frozen.
FBI dismantles Warzone RAT malware operation
The US FBI has seized the infrastructure of the Warzone RAT (remote access trojan) and two individuals associated with the cyber crime operation have been arrested. Daniel Meli, 27, was arrested by Maltese police and Prince Onyeoziri Odinakachi, 31, was arrested in Nigeria at the request of the US law enforcement agencies.
Head of JabberZeus cyber crime gang pleads guilty
Vyacheslav Igorevich Penchukov, one of the leaders of the JabberZeus cyber criminal group, has pleaded guilty to two charges related to his role in the Zeus and IcedID malware groups. He faces a maximum of 40 years’ imprisonment.
Other news
South Korean researchers release Rhysida ransomware decryption tool
Researchers from Kookmin University and KISA (the Korea Internet & Security Agency) have released a free decryption tool for the Rhysida malware. It is available on the KISA website. Recent victims of Rhysida include the British Library and Sony’s Insomniac Games.
NIST publishes guidelines for securing software supply chains
NIST (the US National Institute of Standards and Technology) has now issued the final version of SP 800-204D, Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines. The guidance describes NIST’s SSDF (Secure Software Development Framework), and sets out ways to integrate elements of software supply chain security assurance into continuous integration/continuous delivery pipelines to demonstrate SSDF compliance.
Patch Tuesday: Microsoft patches two zero-day vulnerabilities
In February’s Patch Tuesday release, Microsoft addressed 73 vulnerabilities, including two zero-day and five critical vulnerabilities.
Key dates
31 March 2024 – PCI DSS v4.0 transitioning deadline
Version 3.2.1 of the PCI DSS (Payment Card Industry Data Security Standard) is being retired on 31 March, to be replaced by version 4.0 of the Standard. There are more than 50 new requirements in PCI DSS v4.0. You can find out more about them on the PCI Security Standards Council’s website.
That’s it for this week’s round-up. We hope you found it useful.
We’ll be back next week with the biggest and most interesting news stories, all rounded up in one place.
In the meantime, if you missed it, check out last week’s round-up. Alternatively, you can view our full archive.
Security Spotlight
To get news of the latest data breaches and cyber attacks straight to your inbox, subscribe to our weekly newsletter: the Security Spotlight.
Every Wednesday, you’ll get a 4-minute email with:
- Industry news, including this weekly round-up;
- Our latest research and statistics;
- Interviews with our experts, sharing their insights and expertise;
- Free useful resources; and
- Upcoming webinars.
The post The Week in Cyber Security and Data Privacy: 12 – 18 February 2024 appeared first on IT Governance UK Blog.
