Connect with us

Malware

AT&T Confronts Intense Legal Battles Amid Massive Data Breach Impacting 73 Million Customers

AT&T faces lawsuits after a data breach affecting 73 million customers. The telecom giant allegedly failed to protect user data, with hackers gaining access to personal information. Learn more about the implications of this cybersecurity incident and the legal action taken against AT&T.

Published

on

It’s a nightmare scenario: AT&T, one of the largest telecommunications companies in the U.S., has admitted to a massive data breach that exposed the sensitive information of 73 million current and former customers. Now, they’re facing multiple class-action lawsuits as a result.

Legal Battle Begins

Since AT&T confirmed the breach on Saturday, ten lawsuits have been filed against the company. One of them is being handled by Morgan & Morgan, a law firm known for its recent success in a privacy lawsuit against Google. They are representing plaintiff Patricia Dean and others similarly affected by the breach.

The lawsuit argues that AT&T failed to adequately protect the personal data of its customers, leading to a cyberattack and subsequent data breach that exposed sensitive information for a whopping 73 million people. This includes names, addresses, phone numbers, dates of birth, Social Security Numbers, and email addresses.

A Timeline of Denials

Back in 2021, threat actor Shiny Hunters claimed to have hacked AT&T and attempted to sell the stolen data. AT&T denied these allegations, saying the leaked data samples didn’t belong to them. Fast forward to March 17, 2024, when another threat actor named ‘MajorNelson’ leaked the entire database on a hacking forum for free, confirming it was the same data from Shiny Hunters’ attack.

Despite this, AT&T continued to deny that the leaked data originated from their systems and claimed there were no signs of a breach. However, after conducting an internal investigation, they finally admitted on March 30, 2024, that the exposed data belonged to 7.6 million current account holders and approximately 65.4 million former account holders.

Worse still, AT&T revealed that the passcodes for 7.6 million customers were exposed in the leak. These passcodes are required for customer support or sensitive account changes, so this breach could have allowed attackers to gain access to accounts more easily.

Years of Risk

AT&T believes the leaked data is from 2019 and earlier, but they still can’t determine whether it came from their systems or a partner. Their initial and subsequent denials about the origin and authenticity of the leaked data, coupled with their inability to determine the source through timely investigations, have put customers at risk of scams and phishing attacks for nearly three years – if not longer.

Dean’s complaint argues that AT&T’s inadequate security measures and failure to provide timely, adequate notice about the data breach exposed customers to substantial risks, including identity theft and various forms of fraud. The lawsuit accuses AT&T of negligence, breach of implied contract, and unjust enrichment, and seeks compensatory damages, restitution, injunctive relief, improvements to AT&T’s data security protocols, future audits, credit monitoring services funded by the company, and a trial by jury.

A Call for Accountability

In a statement, a Morgan & Morgan spokesperson said, “As the largest telecommunications company in the country, AT&T has a crucial duty to safeguard their current and former customers’ sensitive information. We allege AT&T knew about the vulnerability that allegedly led to this breach but allowed it to occur by failing to act. We’re also alleging AT&T exacerbated the problem by failing to acknowledge the breach had occurred until March 30 of this year, allowing customers’ personal data to linger in criminal hands without their knowledge for more than two-and-a-half years. We will fight to hold AT&T accountable for their alleged actions and inactions that allowed this to happen, and secure justice for all 73 million Americans impacted by this attack on their privacy.”

We reached out to AT&T for a statement but are still awaiting a response. In the meantime, other class-action lawsuits have been filed against AT&T, including those by plaintiffs Williamson, Escano, Collier, and Cumo. These lawsuits will likely be consolidated in the future.

As consumers, it’s crucial that we stay informed about the security measures taken by the companies we trust with our sensitive information. Keep coming back to us for the latest news on cybersecurity and learn how to protect yourself from potential threats.

Malware

Phishing Attack Leaves Patients’ Sensitive Data Vulnerable: Urgent Security Alert

Los Angeles County Department of Health Services is investigating a security breach that exposed personal data of over 14,000 patients. The breach was caused by a phishing attack, compromising several employee email accounts and revealing sensitive patient information. Authorities are notifying affected individuals and offering free credit monitoring and identity theft protection services.

Published

on

Imagine this: you’re a patient in Los Angeles County, home to the most populous county in the United States. You rely on your local hospitals and clinics for your healthcare needs. One day, you receive a letter informing you that your personal and health information has been exposed in a data breach. How would you feel?

A Massive Phishing Attack in L.A. County

This frightening scenario recently unfolded for thousands of patients in L.A. County. The Department of Health Services, which operates the public hospitals and clinics in the area, had to disclose a data breach after a phishing attack impacted over two dozen employees. These mailboxes contained sensitive information for about 6,085 individuals, making this a significant incident.

How Did This Happen?

It all started with a phishing email. A hacker duped 23 employees into clicking a link that appeared to be a legitimate message from a trustworthy source. This simple action gave the attacker access to the employees’ mailboxes, and ultimately, to patients’ personal and health data.

Among the compromised information were patients’ names, dates of birth, home addresses, phone numbers, email addresses, medical record numbers, client identification numbers, dates of service, medical information (such as diagnosis, treatment, test results, and medications), and health plan information. Thankfully, no Social Security Numbers or financial information were exposed in this breach.

Responding to the Breach

Upon discovering the breach, the L.A. County Health Services took swift action. They disabled the impacted email accounts, reset and re-imaged the compromised employees’ devices, and quarantined suspicious incoming emails. The health system also sent out awareness notifications to all employees, reminding them to be vigilant when reviewing emails, especially those containing attachments or links.

In addition, the health system plans to notify the U.S. Department of Health & Human Services’ Office for Civil Rights, the California Department of Public Health, and other relevant agencies about the data breach. While no evidence was found that the attackers accessed or misused the exposed information, L.A. County Health Services advises affected patients to contact their healthcare providers to verify the content and accuracy of their medical records.

A Call to Action: Let’s Protect Our Data Together

This incident serves as a stark reminder of the importance of cybersecurity in the healthcare sector. As patients, we trust our healthcare providers with our most sensitive information, and we must demand that they take every measure to protect it.

As an IT Services company, we understand the challenges healthcare organizations face in safeguarding personal and health information. We encourage you to reach out to us, learn more about our services, and take proactive steps to protect your data. Together, let’s create a safer digital world for all.

Continue Reading

Malware

North Korean Cyber Warriors Infiltrate South Korean Defense Contractors: A Chilling Security Breach

North Korean hacking groups Kimsuky and APT37 have targeted South Korean defense contractors, particularly those working on the KF-21 fighter jet. Cybersecurity firm Cybereason has identified spear-phishing campaigns and watering hole attacks used to infiltrate the systems and steal sensitive information. Protect your data from cyber threats with this informative article.

Published

on

Imagine waking up one day and realizing that your top-secret defense technologies have been stolen by hackers. That’s exactly what happened to several South Korean defense companies recently. So, let’s dive into what happened and how we can learn from these incidents to protect our own sensitive information.

The National Police Agency in South Korea sent out an urgent warning about North Korean hacking groups targeting defense industry entities to steal valuable technology information. These hackers, known as Lazarus, Andariel, and Kimsuky, have successfully breached the defenses of multiple South Korean companies by exploiting vulnerabilities in their networks or those of their subcontractors.

Following a special inspection conducted earlier this year, authorities discovered that some companies had been compromised since late 2022 but were completely unaware of the breach. This highlights the importance of being proactive with cybersecurity measures and staying vigilant for potential threats.

Let’s take a closer look at the attacks

These reports detail three cases involving each of the hacking groups, showing how diverse their attack methods can be when targeting defense technology.

In one case, Lazarus hackers took advantage of poorly managed network connection systems designed for testing. They penetrated the internal networks of a defense company and gathered critical data from at least six of the firm’s computers, transferring it to a cloud server abroad.

The Andariel group’s attack was even more insidious. They stole account information from an employee of a maintenance company that serviced defense subcontractors. Using this stolen account, they installed malware on the servers of these subcontractors, leading to major leaks of defense-related technical data. This situation was made worse by employees using the same passwords for personal and work accounts.

Lastly, Kimsuky hackers exploited a vulnerability in the email server of a defense subcontractor. This allowed them to download and steal substantial technical data from the company’s internal server without authentication.

What can we learn from these incidents?

The Korean police recommend several steps companies can take to protect themselves from similar attacks. These include improving network security segmentation, periodic password resets, setting up two-factor authentication on all critical accounts, and blocking foreign IP accesses.

But let’s take this a step further. As individuals and businesses, we must recognize the importance of safeguarding our sensitive information. This means investing in robust cybersecurity measures, staying informed about potential threats, and taking proactive steps to protect our data.

Don’t wait until it’s too late

These incidents serve as a stark reminder that cyber threats are ever-present and constantly evolving. With an increase in remote work and reliance on digital systems, it’s more important than ever to take cybersecurity seriously. Don’t wait until you’re the next victim – be proactive in protecting your valuable information.

For more information on cybersecurity and how to protect yourself or your business, keep coming back to our IT Services website. We’re here to help you stay informed and secure in an increasingly digital world.

Continue Reading

Malware

UnitedHealth Admits Paying Ransomware Gang to Prevent Massive Data Breach

UnitedHealth confirms paying an undisclosed ransom to the Conti ransomware gang to prevent the leak of sensitive patient data. Learn more about the incident and the rise of ransomware attacks on healthcare institutions.

Published

on

UnitedHealth Group recently confirmed that they had to pay a ransom to cybercriminals to protect sensitive data stolen during a ransomware attack on Optum in late February. This attack wasn’t just any ordinary cybercrime; it led to a massive outage that affected Change Healthcare payment systems, impacting several critical services used by healthcare providers and pharmacies throughout the U.S. These services included payment processing, prescription writing, and insurance claims.

Can you believe that the organization reported $872 million in financial damages from this single cyberattack? It’s mind-boggling! But it doesn’t stop there. The BlackCat/ALPHV ransomware gang claimed responsibility for the attack, alleging that they stole 6TB of sensitive patient data. And in early March, they even pulled off an exit scam after allegedly receiving $22 million in ransom from UnitedHealth.

During that time, one of the gang’s affiliates, known as “Notchy,” claimed they had UnitedHealth data because they conducted the attack and that BlackCat cheated them out of the ransom payment. The transaction was visible on the Bitcoin blockchain, and researchers confirmed it reached a wallet used by BlackCat hackers.

As if things couldn’t get more complicated, a week later, the U.S. government launched an investigation into whether health data had been stolen in the ransomware attack at Optum. And by mid-April, the extortion group RansomHub raised the stakes even higher for UnitedHealth by starting to leak what they claimed to be corporate and patient data stolen during the attack. UnitedHealth’s patient data reached RansomHub after “Notchy” partnered with them to extort the company again.

Data stolen, ransom paid

In a statement, UnitedHealth confirmed that they paid a ransom to prevent patient data from being sold to cybercriminals or leaked publicly. The company said, “A ransom was paid as part of the company’s commitment to do all it could to protect patient data from disclosure.”

We checked RansomHub’s data leak website and can confirm that the threat actor has removed UnitedHealth from its list of victims. UnitedHealth’s removal from RansomHub’s site may indicate that today’s confirmation is for a payment to the new ransomware gang rather than the alleged $22 million payment to BlackCat in March.

Recently, UnitedHealth posted an update on its website announcing support for people whose data had been exposed by the February ransomware attack, officially confirming the data breach incident. The company stated that based on initial targeted data sampling, they have found files containing protected health information (PHI) or personally identifiable information (PII). This could potentially affect a substantial proportion of people in America. However, the company reassures patients that they have not seen evidence of exfiltration of materials such as doctors’ charts or full medical histories among the data.

UnitedHealth further explained that only 22 screenshots of stolen files, some containing personally identifiable information, were posted on the dark web, and that no other data exfiltrated in the attack has been published “at this time.” The organization has promised to send personalized notifications once it completes its investigation into the type of information compromised.

As part of its efforts to support those impacted, UnitedHealth has set up a dedicated call center offering two years of free credit monitoring and identity theft protection services. Currently, 99% of the impacted services are operational, medical claims flow at near-normal levels, and payment processing stands at approximately 86%.

A call for action: Protect yourself and your organization

UnitedHealth’s experience is a sobering reminder of the ever-present threat of cyberattacks and the importance of taking cybersecurity seriously. Don’t let your organization become the next victim. Reach out to us, and together, we’ll help you stay one step ahead of cybercriminals. Keep coming back to learn more about the latest cybersecurity trends and best practices to safeguard your valuable data.

Continue Reading

Trending

Copyright © 2023 IT Services Network.