Tag: Leaked | SpinSafe

Change Healthcare’s stolen ‘private’ patient data leaked by ransomware group

April 18, 2024/in Internet Security

        {
  "message": "Show article",
  "action": "show",
  "data": "",
  "placResultsPublic": {
    "overallContentType": "FreeWithRegContent",
    "userState": "ACCESSBYFREEWREG",
    "showWall": "",
    "userAccess": "1",
    "referrer": "http://www.bing.com/",
    "userAccessCookie": null,
    "productList": "",
    "contentMetaData": "<?xml version='1.0' encoding='UTF-8'?><ARTICLE><TYPE>ARTICLE</TYPE><ID>/2024/04/18/change-healthcares-stolen-private-patient-data-leaked-by-ransomware-group/</ID><SOURCE>BenefitsPro</SOURCE><PUBLICATION-DATE>2024-04-18</PUBLICATION-DATE><PUBLICATION-NAMES><PUBLICATION-NAME>BenefitsPro</PUBLICATION-NAME></PUBLICATION-NAMES><PRACTICE-AREAS /><CHANNELSECTIONS><CHANNELSECTION><CHANNEL></CHANNEL><SECTION>Consumer Driven Health Care</SECTION></CHANNELSECTION><CHANNELSECTION><CHANNEL></CHANNEL><SECTION>Core and Group Health</SECTION></CHANNELSECTION><CHANNELSECTION><CHANNEL></CHANNEL><SECTION>Employee Participation</SECTION></CHANNELSECTION><CHANNELSECTION><CHANNEL></CHANNEL><SECTION>Employee-Paid</SECTION></CHANNELSECTION><CHANNELSECTION><CHANNEL></CHANNEL><SECTION>Employer-Paid</SECTION></CHANNELSECTION></CHANNELSECTIONS><REFERRER>http://www.bing.com/</REFERRER></ARTICLE>",
    "decisionEngine": "Templates Cache",
    "rulesFiredString": null,
    "contentProductCodes": null
  }
}

Source…

Ransomware attack hits top chipmaker Nexperia, huge hoard of data set to be leaked

April 16, 2024/in Internet Security

Top chipmaker Nexperia suffered a ransomware attack last month which saw threat actors get away with a terabyte of sensitive corporate data.

“Nexperia has become aware that an unauthorized third party accessed certain Nexperia IT servers in March 2024,” the company said in a statement shared with BleepingComputer. “We promptly took action and disconnected the affected systems from the internet to contain the incident and implemented extensive mitigation.”

The company later brought in third-party security experts to determine the nature and the scope of the incident, and took “strong measures” to terminate the unauthorized access.

Dark Angels

In the meantime, a threat actor calling itself Dunghill Leak assumed responsibility for the attack, claiming they were in possession of a terabyte of confidential data. To prove its claims, the group shared a sample, which included microscope scans of electronic components, employee passports, non-disclosure agreements, and other information.

The group is now demanding an unknown ransom payment, and if Nexperia declines, they will allegedly leak:

371 GB of design and product data, including QC, NDAs, trade secrets, technical specifications, confidential schematics, and production instructions.
246 GB of engineering data, including internal studies and manufacturing technologies.
96 GB of commercial and marketing data, including pricing and marketing analysis.
41.5 GB of corporate data, including HR, employee personal details, passports, NDAs, etc.
109 GB of client and user data, including brands such as SpaceX, IBM, Apple, and Huawei.
121.1 GB of various files and miscellaneous data, including email storage files.

Nexperia is a subsidiary of Wingtech Technology, a major Chinese chipmaker that operates plants in Germany and the UK. It builds transistors, diodes, MOSFETs, and logic divides, it was said. Its annual revenue exceeds $2 billion.

In its writeup, BleepingComputer claims the Dunghill Leak site is linked to the Dark Angels ransomware group.

More from TechRadar Pro

Source…

73 Million AT&T Users’ Data Leaked As Hacker Said, ‘I Don’t Care If They Don’t Admit. I’m Just Selling’ Auctioned At Starting Price Of $200K – AT&T (NYSE:T)

April 4, 2024/in Computer Security

Telecommunications giant AT&T Inc. T recently disclosed a significant data breach dating back to 2021 that resulted in the exposure of sensitive information belonging to 73 million users and is now circulating on the dark web.

The leaked data includes a wealth of personal details such as Social Security numbers, email addresses, phone numbers and dates of birth, affecting both current and former account holders. AT&T revealed that among the impacted people, 7.6 million are current account holders.

“Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set. The company is communicating proactively with those impacted and will be offering credit monitoring at our expense where applicable,” AT&T said in its press release about the situation.

Don’t Miss:

The hacker behind this brazen cyberattack is ShiningHacker, a notorious figure known for previous data breaches targeting platforms such as Wattpad, Tokopedia, and Microsoft Corp.’s GitHub, according to Bleeping Computer.

Initially, AT&T denied any internal data breach when a small portion of the stolen data surfaced in 2021, claiming no knowledge of leaked information from their servers or vendors.

However, subsequent investigations revealed a different story. While AT&T refuted the claims initially, ShiningHacker admitted to the breach, dismissing AT&T’s stance with the assertion, “I don’t care if they don’t admit. I’m just selling,” according to Bleeping Computer.

The hacker attempted to monetize the stolen data by offering it for sale on the RaidForums data theft forum, setting the starting price at $200,000 and accepting incremental offers of $30,000. ShiningHacker indicated a willingness to immediately sell the data for $1 million, underscoring the severity and audacity of the cybercrime.

Trending: Long overdue disruption in the moving industry is underway. Here’s how to invest in it with just $100.

Telecommunications providers have become recent targets of cyberattacks, with T-Mobile facing a breach in 2023 affecting 37 million customers, and Verizon Communications Inc. experiencing a leak impacting 63,000 customers and employees.

In December, the Federal…

Source…

NHS Trust Confirms Clinical Data Leaked by Recognized Ransomware Group

March 28, 2024/in Internet Security

NHS Dumfries and Galloway has confirmed that patient clinical data has been leaked online by a ransomware group following the attack on its systems earlier this month.

The statement by the Scottish NHS Trust dated March 27, 2024, revealed that clinical data relating to a small number of patients has been published by a “recognized ransomware group.”

The trust acknowledged that in the cyber-attack, which it first reported on March 15, the hackers accessed “a significant amount of data including patient and staff-identifiable information.”

It follows a threat by the ransomware group Inc Ransom on its leak site that it will soon publish 3TB of data relating to NHS Scotland patients and staff unless its demands are met.

The threat actor also included a ‘proof pack’ in its post, which appeared to show a range of sensitive clinical documents, such as genetics reports and letters between doctors discussing patient treatments.

Trevor Dearing, director of critical infrastructure at Illumio, commented: “The methods used by INC Ransom are common among ransomware groups. Ransomware attacks against healthcare organizations are now multiple layers of extortion – cybercriminals will look to steal and leak sensitive data, as well as affect operational up-time. Stolen healthcare data can be sold on the dark web for a quick profit or used in identity fraud.”

NHS Helping Impacted Patients

NHS Dumfries and Galloway Chief Executive Jeff Ace said the service is making contact with patients whose data has been leaked at this point and will continue working to limit any sharing of this information.

“NHS Dumfries and Galloway is very acutely aware of the potential impact of this development on the patients whose data has been published, and the general anxiety which might result within our patient population,” he commented.

Ace acknowledged that the information has been released by the attackers to prove it is in their possession. He made no reference to any ransom demand made by the group.

“We absolutely deplore the release of confidential patient data as part of this criminal act,” he said.

Ace added: “We are continuing to work with Police Scotland, the…

Source…

Tag Archive for: Leaked

NHS Helping Impacted Patients