Major Data Breaches and Hackings in June 2023

Data Breaches

MOVEit

Managed file transfer software product.

Breach Size: >3.5 million

Data Exposed with Minnesota Department of Education: name, demographic details and where foster children have been placed.

Data Exposed with Oregon and Lousiaina Department of Transportation: name, address, Social Security number, date of birth, height, eye color, driver’s license number, vehicle registration information, handicap placard information.

MOVEit experienced a significant data breach in which millions of state identification records were stolen by a ransonware gang. Over 3.5 million records from Oregon and Louisiana and over 95,000 from Minnesota. Additional reports of information breached by MOVEit includes Johns Hopkins University and Johns Hopkins Health System, although the amount of individuals effected is still unknown at the time this article is published.

There are ongoing investigations and security measures being undertaken to address the incident and prevent future breaches.

Harvard Pilgrim Health Care

Health benefits plan provider.

News Coverage: CBS News

Breach Size: 2,550,922

Data Exposed: name, address, Social Security number, taxpayer ID number, and medical information and history

This cyber attack compromised the personal and health information of 2,550,922 of its members. Harvard Pilgrim notified its customers and continues to investigate the incident. Though they are unsure if the information was exposed or misused, Harvard Pilgrim is offering identity protection and credit monitoring services to any affected customers.

Enzo Biochem, Inc.

Biotechnology company.

News Coverage:Health IT Security

Breach Size: 2,470,000

Data Exposed: clinical test information, Social Security number (for at least 600,000)

Enzo Biochem confirmed the major data breach breach that occurred on April 6, 2023, which stemmed from a ransomware attack. On April 11, 2023, Enzo Biochem determined that the Social Security numbers and protected health information of millions of patients were exposed in the breach. Enzo Biochem plans to notify all victims of the breach.

Intellihartx, LLC

Revenue cycle management company.

News Coverage:Tech Crunch

Breach Size: 489,830

Data Exposed: name, address, medical billing and insurance information, diagnosis, medication, date of birth and Social Security number.

Intellihartx suffered a data breach in January 2023, but did not become aware of the breach until February 2, 2023. Investigations continued until March 24, 2023. A second review was completed on May 29th. ITx (Intellihartx) sent out letters to all individuals who had been affected by the breach, informing individuals what type of their data had been leaked and also offer 12 months of Experian credit monitoring. ITx is working to mitigate the effects of the breach and restore their systems.

ONIX Group

Real estate firm.

News Coverage: Bank Info Security

Breach Size: 319,500

Data Exposed: name, Social Security number, direct deposit information and health plan enrollment information.

Onix Group experienced a ransomware attack which was discovered on March 27, 2023. After investigation, they concluded that the unauthorized person had access between March 20th and March 27th and corrupted certain systems while taking a subset of files. Onix mailed letters to affected individuals and promised to strengthen the security of its systems.

Hacking News

OREGON AND LOUISIANA DRIVERS AT RISK

Hackers successfully breached the federal systems of Oregon and Louisiana, compromising the personal data of millions of drivers’ license and state ID holders. The stolen data includes sensitive information that can be used for identity theft and other malicious purposes, raising concerns about the potential consequences for the affected individuals and the need for enhanced cybersecurity measures.

ATOMIC WALLET HACKING

Atomic Wallet, a digital cryptocurrency wallet, has fallen victim to a large-scale digital wallet hack resulting in the loss of more than $35 million worth of various cryptocurrencies. The breach has raised questions about the security practices of cryptocurrency platforms and highlighted the risks associated with storing digital assets in online wallets.

SOCIAL ENGINEERING ALIVE AND WELL

Verizon’s 2023 Data Breach Investigations Report confirms that hackers have a renwed interest in social engineering, which is the act of coercing people to share personal information that could lead to identity theft or fraud. While it’s still considered one of the “oldest tricks in the book”, many still fall victim to this manipulative tactic.

EU ANNOUNCES LEGISLATION FOR AI

The European Union has introduced comprehensive legislation aimed at regulating artificial intelligence (AI) technology and its applications. The legislation addresses various aspects, including transparency, accountability, and ethical considerations, aiming to ensure that AI systems are developed and used in a responsible and trustworthy manner.

FCC UNVEILS NEW TASK FORCE

The Federal Communications Commission (FCC) has established a task force to tackle the rising threat of carrier hacks and SIM swapping attacks. This initiative seeks to enhance the security of telecommunication networks, protect consumer data, and prevent unauthorized access and fraudulent activities that exploit vulnerabilities in the telecommunications infrastructure. They will also examine how carriers collect and share geolocation data.

STRAVA FIT FOR TROUBLE

Concerns have arisen over the potential privacy risks associated with the popular fitness app Strava, which has over 100 million users world wide. Researchers at the North Carolina State University Raleigh discovered that Strava’s heat map feature could be exploited to track and reveal users’ home addresses, raising significant privacy and security concerns.

IDSeal can help

We get it. Being part of a data breach can be scary. While you can’t undo what has already been done, you can be prepared for the next steps when you have IDSeal.

If your information is compromised, chances are it will end up for sale on the dark web. IDSeal members have their personal and financial information monitored around the clock, so if it’s found on the dark web, they’ll receive a notification with instructions on the next steps to take.

If your information is used without your consent, IDSeal will be there to help with our licensed restoration specialists. Our protection plans even include up to $1M in insurance² to help recover any losses associated with identity theft.

The most important piece? You don’t have to be alone. IDSeal will be by your side every step of the way, from the moment you get an alert and suspect identity theft until the time you receive reimbursement for lost funds.