Tag Archive for: Giant

US pharmacy giant says hackers accessed personal data of almost 6 million patients

/in


One of the largest pharmacy service providers in the United States has confirmed that hackers accessed the personal data of almost six million patients.

PharMerica operates more than 2,500 facilities across the U.S. and offers more than 3,100 pharmacy and healthcare programs.

In a data breach notification filed with Maine’s attorney general, PharMerica said it learned of suspicious activity on its computer network on March 14. An internal investigation revealed that an “unknown third party” accessed its systems days earlier and stole the personal information of 5.8 million current and deceased individuals, including 35,000 patients based in Maine.

In a letter sent to affected patients, the Kentucky-based company said hackers obtained patients’ names, dates of birth, Social Security numbers, medication and health insurance information.

But samples of the leaked data, seen by TechCrunch, suggest the hackers also stole the protected health information of at least 100 patients, including allergy information, Medicare numbers and detailed diagnoses, including details about alcohol, drug and mental health-related illnesses.

This stolen data was published on the dark web leak site of the Money Message ransomware gang, a relatively new operation first observed in March, which took credit for the cyberattack. Money Message claims to have stolen a total of 4.7 terabytes of data from PharMerica and its parent company BrightSpring Health, a home and community-based health service provider.

The same ransomware gang claimed responsibility for the cyberattack on Taiwanese hardware maker Micro-Star International, known as MSI, which compromised reams of data, including the company’s private code-signing keys.

Neither PharMerica nor BrightSpring Health has confirmed that the nature of the incident was ransomware, and BrightSpring Health spokesperson Leigh White did not respond to TechCrunch’s questions.

In a statement posted to its website, PharMerica said it is taking additional steps to help reduce the likelihood of a similar event happening in the future, but did not specify what these steps are.

With almost six million patients affected, the PharMerica…

Source…

Password protection giant LastPass admits the major data breach that came of its August hack

/in


Popular password manager LastPass has admitted encrypted password vaults were stolen by hackers in an August data breach affecting the company’s millions of users.

The company denied that any sensitive data was accessed at the time, but now claims that the threat actor has since collected data which could be used to guess master passwords.

WATCH THE VIDEO ABOVE: Telstra customers exposed in data breach.

Watch the latest news and stream for free on 7plus >>

Hackers made copies of account information like phone numbers, billing and email addresses, as well as encrypted passwords.

No unencrypted master passwords, used to login to the password aggregate, were obtained, but by using the basic information, LastPass CEO Karim Toubba warned: “The threat actor may attempt to use brute force to guess your master password.”

If best password practices outlined by LastPass were followed by customers, the company said it would be “difficult” for the hackers to guess master passwords this way.

The people behind the hack may also attempt to decrypt the encrypted customer vault, Toubba said.

While the initial breach didn’t appear to access any sensitive customer data, it did access technical information which was used to target a LastPass employee, the company made known in November.

It is now clear that hackers were able to obtain “credentials and keys” from the employee “which were used to access and decrypt some storage volumes within the cloud-based storage service,” Toubba said on Thursday.

“The threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.”

“The threat actor was also able to copy a backup of customer vault data from the encrypted storage container.”

The company says this vault “contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.”

The extent of an August LastPass hack has recently become clear, after threat…

Source…

Australian Telecom Giant TPG Discloses Email Hack

/in


Forensics
,
Security Operations

Threat Actors Searched Email Inboxes for Cryptocurrency and Financial Information

Mihir Bagwe (MihirBagwe) •
December 15, 2022    

Australian Telecom Giant TPG Discloses Email Hack
Image: Shutterstock

Australian telecom and internet service provider TPG disclosed a data breach detected by an outside cybersecurity forensics team conducting a historical review.

See Also: Finding a Password Management Solution for Your Enterprise

The Microsoft Exchange email accounts of as many as 15,000 customers at subsidiaries iiNet and Westnet may be affected by the breach, TPG disclosed in a Wednesday filing to the Australian Securities Exchange.

It appears, TPG wrote, that hackers searched inboxes for data on cryptocurrency and other financial information they could steal. “We have implemented measures to stop the unauthorized access, further security measures have been put in place, and we are in the process of contacting all affected customers on the Hosted Exchange service,” the company said. “We have notified the relevant government authorities.”

Consumer products were not affected, the company said. TPG encompasses a slew of brands including mobile carrier and ISP brands such as Vodafone, AAPT, Internode, Lebara and Felix.

Cybersecurity firm Mandiant, now owned by Google, notified the TPG about the attack on Tuesday. Mandiant has an “ongoing engagement to assist with cyber protection” and was in the process of sifting through historical data when analysts spotted the intrusion.

The breach adds to a growing list of cyberattacks on Australia’s telecommunication industry.

Only days ago, Telstra published names, numbers and addresses of over 130,000 customers whose details were supposed to be unlisted. The company blamed a “misalignment of databases” (see: Australian Telecom…

Source…

German semiconductor giant Semikron says hackers encrypted its network – TechCrunch

/in


Semikron, a German manufacturer that produces semiconductors for electric vehicles and industrial automation systems, has confirmed it has fallen victim to a cyberattack that has resulted in data encryption.

“Semikron is already in the process of dealing with the situation so that workflows and all related processes can continue without disruption for both employees and customers as soon as possible,” a Semikron spokesperson told TechCrunch.

Semikron declined to disclose the nature of the cyberattack, but all signs point to ransomware. The semiconductor maker said in a statement that hackers claim to have “exfiltrated data from our system,” adding that the incident has led to a “partial encryption of our IT systems and files.” This suggests the malicious actor behind the attack has used the double extortion ransomware tactic, whereby cybercriminals exfiltrate a victim’s sensitive data in addition to encrypting it.

The Nuremberg-based group company, which claims to power 35% of the wind turbines installed globally each year, declined to say who was behind the attack nor whether it received a ransom demand. However, Bleeping Computer reports that Semikron was the victim of the LV ransomware, with the hackers apparently stealing 2 terabytes of documents.

LV ransomware has been in operation since at least 2020 and uses a modified variant of REvil ransomware, according to cybersecurity company Secureworks. According to the group’s dark web blog, which doesn’t yet list Semikron as a victim, the gang targets companies that allegedly do not meet data protection obligations.

“They rejected to fix their mistakes, they rejected to protect this data in the case when they could and had to protect it,” its dark web blog states. “These companies preferred to sell their private information, their employees’ and customers’ personal data.”

It’s unclear what data was exfiltrated from Semikron’s systems, and the company declined to say how many customers and employees are potentially impacted. Semikron has over 3,000 employees in 24 offices and 8 production sites worldwide across Germany, Brazil, China, France, India, Italy, Slovakia, and the…

Source…