Malware
31 Million Email Addresses Alarmingly Exposed: A Massive Data Breach Uncovered
Discover the details of the Neiman Marcus data breach, where 31 million email addresses were exposed. Learn about the company’s response, the potential risks, and tips for protecting your data. Stay informed on the latest cybersecurity news with Bleeping Computer.
If you’ve ever shopped at the American luxury retailer and department store chain Neiman Marcus, I’ve got some bad news for you. A data breach that took place in May 2024 has exposed more than 31 million customer email addresses, according to cybersecurity expert Troy Hunt, who analyzed the stolen data.
This is a big deal, especially considering that Neiman Marcus initially reported to the Office of the Maine Attorney General that the breach had only impacted 64,472 people. But after digging deeper, Hunt discovered 30 million unique email addresses in the stolen data and confirmed with multiple people that their information was indeed legitimate.
That’s a massive discrepancy, and it means that millions of people have had their personal information compromised.
The stolen data includes names, contact information (such as email and postal addresses, and phone numbers), dates of birth, gift card info, transaction data, partial credit card numbers (without expiration dates or CVVs), Social Security numbers, and employee identification numbers.
So, what happened? Enter the Snowflake data theft attack
Neiman Marcus has linked the incident to the so-called Snowflake data theft attacks. In June 2024, the company announced that an unauthorized party had gained access to a cloud database platform used by Neiman Marcus and provided by a third party, Snowflake.
This disclosure came after a threat actor using the handle “Sp1d3r” put Neiman Marcus’ data up for sale on a hacking forum, asking for $150,000 in exchange for 12 million gift card numbers, 70 million transactions with full customer details, and 6 billion rows of customer shopping records, store information, and employee data.
It’s worth noting that the threat actor initially claimed that Neiman Marcus had refused to pay an extortion demand. However, the forum post and the data sample were later taken down, suggesting that the company may have begun negotiating.
An investigation conducted by SnowFlake, Mandiant, and CrowdStrike revealed that a financially motivated group known as UNC5537 was responsible for the attacks. Using stolen customer credentials, they targeted at least 165 organizations that had failed to configure multi-factor authentication (MFA) protection on their SnowFlake accounts. Other recent breaches linked to these attacks include Ticketmaster, Santander, Pure Storage, QuoteWizard/LendingTree, Advance Auto Parts, and Los Angeles Unified.
What can you do to protect yourself?
First and foremost, if you’re a Neiman Marcus customer, you need to be vigilant. Keep an eye on your accounts for any suspicious activity, and consider changing your passwords and enabling multi-factor authentication wherever possible.
But this isn’t just about Neiman Marcus. As an IT Services expert, I can’t emphasize enough how important it is to take cybersecurity seriously. Always use strong, unique passwords, enable multi-factor authentication, and stay informed about the latest threats and best practices.
Remember, cybersecurity is a shared responsibility. Let’s all do our part to keep our personal information and the digital world safe.
And if you want to learn more about cybersecurity, don’t hesitate to reach out to us. We’re here to help you navigate the ever-changing landscape of threats and best practices. Stay safe out there!
Malware
Henry Schein’s Wake-Up Call: Uncovering the Data Breach One Year Later
Can you imagine discovering that your personal information was exposed in a data breach one whole year after the fact? That’s exactly what happened to thousands of customers of Henry Schein, a leading provider of medical and dental supplies. This isn’t just an unfortunate incident; it’s a sobering reminder of the importance of cybersecurity in today’s digital age. And it’s a wake-up call for businesses of all sizes to step up their security game.
A Shocking Discovery: The Ransomware Attack That Rocked Henry Schein
Picture yourself walking into your office on a typical Monday morning. You grab a cup of coffee, sit down at your desk, and power up your computer. Suddenly, you’re greeted by a chilling message: “Your files have been encrypted. Pay up or lose everything.”
That’s what happened to Henry Schein in February 2020 when they fell victim to a ransomware attack. The company was forced to shut down its systems to contain the damage. While they managed to recover from the attack, the incident left a lasting impression. But the real shocker came one year later when the company discovered that sensitive customer data had also been compromised during the attack.
Playing Catch-Up: The Long-Term Impact of a Data Breach
A data breach can have far-reaching consequences for both consumers and businesses. For consumers, the risks are clear: identity theft, financial fraud, and a host of other potential problems. But businesses like Henry Schein also face serious fallout from a data breach. The financial burden of incident response, customer notifications, and potential lawsuits can be staggering. And then there’s the damage to a company’s reputation, which can take years to repair.
According to a 2020 IBM study, the average cost of a data breach in the United States is $8.64 million. That’s a hefty price tag for any business to bear.
Learning from Henry Schein’s Mistake: The Importance of Proactive Cybersecurity
It’s easy to look at the Henry Schein incident and think, “That couldn’t happen to me.” But, as a cybersecurity expert, I can tell you that no business is immune to cyber threats. In fact, 43% of cyberattacks are aimed at small businesses, and 60% of those targeted go out of business within six months.
The key takeaway from the Henry Schein debacle is the importance of proactive cybersecurity. It’s not enough to react to threats as they arise; businesses need to be constantly monitoring and updating their security practices to stay ahead of the game.
Don’t Be a Victim: Take Action to Protect Your Business Today
It’s time to take a stand against cyber threats. Whether you’re a small business owner or part of a major corporation, investing in cybersecurity measures is essential to protect your company’s sensitive data and maintain customer trust.
Get started by conducting a thorough security audit of your systems and processes. Identify potential weaknesses and work to address them. Regularly update software and hardware to ensure your systems are up-to-date. Provide comprehensive cybersecurity training for your employees to help prevent human error and promote a culture of security awareness.
And most importantly, don’t hesitate to seek professional help when needed. As your cybersecurity partner, we can help you navigate the complex world of digital security and ensure your business is protected against ever-evolving threats.
Don’t wait for a wake-up call like Henry Schein’s. Take action to protect your business today. Contact us to learn more about our comprehensive cybersecurity solutions and keep coming back for the latest information on how to stay secure in an increasingly connected world.
Why Cybersecurity Matters: A Personal Perspective
Imagine this: you’re planning a surprise birthday party for your best friend. You’ve spent weeks organizing the event, and the big day is almost here. The last thing you need is someone spoiling the surprise, right? Now, imagine if that someone was a hacker who got their hands on your personal information and ruined everything. That’s what can happen when you don’t take cybersecurity seriously. And that’s just a small-scale example.
The Growing Impact of Cybercrime
Let me give you some staggering statistics: In 2020, cybercrime damages amounted to $6 trillion globally. By 2025, that number is expected to rise to $10.5 trillion. That’s a lot of money! But it’s not just about the financial impact. Cybercrime can lead to identity theft, ruined reputations, and even physical harm. So, how can you protect yourself and your loved ones from this growing threat?
Understanding the Basics of Cybersecurity
Think of cybersecurity as a shield that protects your digital life. It’s like locking your doors and windows at night to keep intruders out. There are several ways to improve your cybersecurity, and it all starts with understanding the basics:
- Passwords: Use strong, unique passwords for each account and change them regularly. A good rule of thumb is to create passwords with at least 12 characters, including uppercase and lowercase letters, numbers, and symbols.
- Software Updates: Keep your devices and software up-to-date. Hackers often exploit vulnerabilities in outdated software, so make sure you’re always using the latest versions.
- Phishing Scams: Be cautious when opening emails or clicking on links from unknown sources. Phishing scams often use deceptive messages to trick you into revealing sensitive information.
Empower Yourself Through Knowledge
Knowledge is power, and in the world of cybersecurity, it’s your best defense against cybercriminals. Stay informed about the latest threats, learn about new technologies, and be proactive in safeguarding your digital life. Remember, cybersecurity isn’t a one-time task – it’s an ongoing process that requires your constant attention.
Take Action Today
Now that you have a better understanding of why cybersecurity matters, I encourage you to take action. Start by implementing the basic security measures I mentioned earlier, and then continue to educate yourself and stay informed. If you’re looking for more resources and guidance, reach out to us. We’re here to help you navigate the complex world of cybersecurity and protect your digital life.
So, don’t wait until your surprise party is ruined. Take action now and ensure that your digital life remains secure and private.
Imagine this: you’re a hugely successful healthcare solutions provider, with operations in 32 countries and a revenue of over $12 billion in 2022. You’ve earned your place as a Fortune 500 company. But then, out of nowhere, you’re hit by not one, but two cyberattacks in a row. Sounds like a nightmare, right? Well, that’s precisely what happened to Henry Schein in 2023.
The Double Whammy of Cyberattacks
On October 15, 2023, Henry Schein was forced to take some systems offline due to a cyberattack that impacted their manufacturing and distribution operations. The culprits? The notorious BlackCat Ransomware gang, who claimed responsibility and boasted about stealing 35 TB of sensitive files.
But the trouble didn’t end there. On November 22, the company disclosed that they were hit by the same gang yet again. This time, the ransomware gang encrypted Henry Schein’s network after negotiations failed and even threatened a third attack if a ransom was not paid.
While it’s unclear if the attackers followed through with their threats, they did release some of the stolen data on their leak site.
The Aftermath: Over 160,000 People Affected
Fast forward to over a year later, and Henry Schein has finally confirmed the extent of the damage. In a data breach notification to the Maine Attorney General, the company revealed that the ransomware gang managed to steal the personal data of 166,432 people during these attacks.
It took a considerable amount of time and resources to review the affected files and identify the information that was obtained by the unauthorized third party. The investigation determined that personal information, along with other sensitive data, was impacted during the incident.
We reached out to Henry Schein to ask about the type of data stolen but did not receive a response. However, the company is now offering impacted users a free 24-month membership to Experian’s IdentityWorksSM to help monitor their credit history and detect signs of fraud.
What Can You Learn from This?
As a US reader, you might be thinking, “Why should I care about a healthcare solutions provider halfway across the world?” Well, the truth is, cyberattacks can happen to anyone, anywhere. And as we’ve seen with Henry Schein, even the biggest and most successful companies aren’t immune.
So, what can you do to protect yourself and your business? The best way is to stay informed and be proactive about your cybersecurity practices. That’s where we come in. Our IT Services team is dedicated to helping you stay ahead of the curve and ensure that you’re well-equipped to handle any cyber threats that come your way.
Don’t wait until it’s too late. Contact us today to learn more about our cybersecurity services and how we can help you safeguard your valuable data. And remember, keep coming back to stay informed and up-to-date on the latest cybersecurity news and trends.
Malware
Landmark Insurance Admin Reveals Massive Data Breach Affecting 800,000 Individuals: Urgent Action Required
Insurance administrator Landmark White has reported a data breach impacting 800,000 people. The breach exposed personal information such as names, addresses, and contact details. Landmark White is working with authorities to investigate the incident and has made efforts to secure the data and limit any potential damage.
A Wake-Up Call from a Massive Data Breach
Imagine the shock and fear when you learn that your personal information has been compromised in a cyberattack. For over 800,000 people, this nightmare became a reality when insurance administrative services company Landmark Admin fell victim to a data breach in May.
Who is Landmark Admin and Why Does it Matter?
Landmark Admin is a third-party administrator for insurance companies, providing essential back-office services like new business processing and claims administration for major insurance carriers. Some of these carriers include American Monumental Life Insurance Company, Pellerin Life Insurance Company, American Benefit Life Insurance Company, Liberty Bankers Life Insurance Company, Continental Mutual Insurance Company, and Capitol Life Insurance Company.
What Happened During the Cyberattack?
According to a filing with the Main Attorney General’s office, Landmark detected suspicious activity on May 13th, prompting the company to shut down its IT systems and remote access to its network to prevent the spread of the attack. They then enlisted the help of a third-party cybersecurity company to address the incident and investigate whether any data was stolen.
What Did the Investigation Discover?
During the investigation, Landmark found evidence that the attacker accessed files containing the personal information of 806,519 people. The affected individuals’ data included first and last names, addresses, Social Security numbers, tax identification numbers, driver’s license numbers, passport numbers, financial account numbers, medical information, dates of birth, health insurance policy numbers, and life and annuity policy information.
Landmark is notifying affected individuals by mail and will continue to update them as the investigation progresses. However, at this time, no threat actors have claimed responsibility for the attack, leaving the true nature of the incident—whether ransomware or data theft—unknown.
What Should Impacted Individuals Do Now?
Due to the sensitive nature of the stolen data, it’s crucial for impacted people to keep a close eye on their credit reports and bank accounts for any suspicious activity. The breach serves as a stark reminder of the importance of cybersecurity and the need to protect our personal information.
Don’t Wait Until It’s Too Late
Don’t let this story become your reality. Be proactive in safeguarding your personal and business data by contacting us to learn more about how we can help you stay one step ahead of cyber threats. By working together, we can ensure that your information remains secure and out of the wrong hands.
Malware
Internet Archive Suffers Another Intrusion: Stolen Access Tokens Compromise Security
The Internet Archive has been breached for the second time, with attackers exploiting stolen access tokens to compromise user data. Users are urged to change their passwords and enable two-factor authentication to safeguard their accounts.
Here’s a story that may raise some concern: the Internet Archive was breached again. This time, the attack targeted their Zendesk email support platform, after they had been warned about stolen GitLab authentication tokens.
Imagine our surprise when we received numerous messages from people who got replies to their old Internet Archive removal requests, warning that the organization had been breached because they didn’t properly rotate their stolen authentication tokens.
As one email from the threat actor stated, “It’s dispiriting to see that even after being made aware of the breach weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets.”
Anyone seeking information or requesting the removal of their site from the Wayback Machine may have had their data fall into the hands of this random guy. And if it wasn’t this person, it could have been someone else.
What’s more, the email headers in these messages passed all DKIM, DMARC, and SPF authentication checks, proving they were sent by an authorized Zendesk server.
The troubling part is that a recipient of these emails shared with us that they had to upload personal identification when requesting a removal of a page from the Wayback Machine. The threat actor may now also have access to these attachments, depending on the API access they had to Zendesk and if they used it to download support tickets.
This incident follows our repeated attempts to warn the Internet Archive that their source code had been stolen due to a GitLab authentication token being exposed online for almost two years.
Exposed GitLab authentication tokens
On October 9th, we reported that the Internet Archive was hit by two different attacks simultaneously: a data breach where user data for 33 million users was stolen and a DDoS attack by an alleged pro-Palestinian group named SN_BlackMeta.
While both attacks occurred over the same period, they were conducted by different threat actors. However, many outlets incorrectly reported that SN_BlackMeta was behind the breach rather than just the DDoS attacks.
This misreporting frustrated the threat actor behind the actual data breach, who contacted us through an intermediary to claim credit for the attack and explain how they breached the Internet Archive.
According to the threat actor, the initial breach started with them finding an exposed GitLab configuration file on one of the organization’s development servers. We were able to confirm that this token had been exposed since at least December 2022, with it rotating multiple times since then.
The threat actor says this GitLab configuration file contained an authentication token allowing them to download the Internet Archive source code, which in turn contained additional credentials and authentication tokens. This enabled the threat actor to download the organization’s user database, further source code, and modify the site.
The threat actor claimed to have stolen 7TB of data but would not share any samples as proof. However, we now know that the stolen data also included the API access tokens for the Internet Archive’s Zendesk support system.
We tried to contact the Internet Archive numerous times, offering to share what we knew about the breach and its reasons, but we never received a response.
Breached for cyber street cred
After the Internet Archive was breached, conspiracy theories abounded about the reasons behind the attack. Some people believed it was Israel, the United States government, or corporations battling the Internet Archive over copyright infringement.
However, the Internet Archive was not breached for political or monetary gain – it was simply because the threat actor could.
There is a large community of people who traffic in stolen data, whether for money by extorting the victim, selling it to other threat actors, or simply because they are collectors of data breaches.
These people often release data for free to gain cyber street cred, increasing their reputation among other threat actors as they compete for the most significant and most publicized attacks.
In the case of the Internet Archive, there was no money to be made by trying to extort the organization. However, as a well-known and extremely popular website, it definitely boosted the attacker’s reputation among this community.
While no one has publicly claimed this breach, we were told it was done while the threat actor was in a group chat with others, and many received some of the stolen data. This database is now likely being traded among other people in the data breach community, and we may see it leaked for free on hacking forums in the future.
Update 10/20/24: Added information about how some people had to upload personal IDs when requesting removal from the Internet Archive.
-
Malware1 year ago
Flagstar Bank’s Latest Data Breach: 800,000 Customers Impacted, Marking the Third Incident of 2021
-
Malware1 year ago
Blackbaud: Taking Responsibility with a Landmark $49.5 Million Settlement for Devastating Ransomware Data Breach
-
Data Protection Regulations12 months ago
Top Data Protection Officer Certification Courses Reviewed
-
Data Protection Regulations12 months ago
Top 11 Data Protection Training Programs for Compliance
-
Security Audits and Assessments12 months ago
Mastering Healthcare Data Security: 5 Essential Audit Tips
-
Data Protection Regulations12 months ago
Navigating Data Protection Laws for Nonprofits
-
Data Protection Regulations12 months ago
9 Best Insights: CCPA’s Influence on Data Security
-
Security Audits and Assessments11 months ago
HIPAA Security Risk Assessment: Essential Steps Checklist