Malware
Breaking News: Massive AP Stylebook Data Breach Sparks Sophisticated Phishing Attack
The Associated Press (AP) recently alerted users about a data breach in their AP Stylebook, which exposed personal information. This breach has now resulted in a targeted phishing attack on individuals who use the platform. AP advises users to remain cautious and vigilant against potential phishing attempts. Stay updated and protect your data from cyber threats.
Data Breach at AP Stylebook Exposes Customer Information
The Associated Press (AP) has issued a warning regarding a data breach that has affected customers of the AP Stylebook. Attackers were able to exploit the stolen data to carry out targeted phishing attacks.
About AP Stylebook
The AP Stylebook is a widely used reference guide for grammar, punctuation, and writing style. It is utilized by journalists, magazines, and newsrooms worldwide.
The Breach
This week, the AP reported that an old third-party-managed AP Stylebook site, which was no longer in use, was hacked between July 16 and July 22, 2023. As a result, the personal data of 224 customers was compromised.
The stolen information includes customers’ names, email addresses, street addresses, cities, states, zip codes, phone numbers, and User IDs. Additionally, tax-exempt IDs such as Social Security Numbers or Employer Identification Numbers were also taken.
Discovery and Response
The AP became aware of the potential data breach on July 20, 2023, when AP Stylebook customers reported receiving phishing emails requesting them to update their credit card information.
Upon discovering the phishing attack, the AP promptly took down the old site and removed the phishing content to prevent further incidents.
At the end of July, the company began notifying AP Stylebook customers about the phishing attacks. The AP warned that the emails were sent from the address ‘ su*****@ge******.my [.]id’ and had a subject line similar to “Regarding AP Stylebook Order no. 07/20/2023 06:48:20 am.”
How Did the Hackers Gain Unauthorized Access in the Massive Data Breach?
The massive data breach exposes 500,000 individuals, shedding light on how hackers gained unauthorized access. Through sophisticated techniques like phishing, exploiting software vulnerabilities, or weak passwords, these hackers infiltrated the system. Once inside, they harvested sensitive information, compromising the security and privacy of thousands. The incident underscores the urgent need for robust cybersecurity measures to prevent such breaches in the future.
Impact and Security Measures
In response to the breach, the Associated Press has mandated that all AP Stylebook customers reset their passwords during their next login session.
Although the breach only affected a relatively small number of customers (224), the login credentials of journalists and media organizations are highly valuable to cybercriminals.
Unauthorized access to a media company’s network can enable a range of attacks, including extortion, ransomware, data theft, and cyber espionage.
Similar incidents have occurred in the past, with both local and global media outlets falling victim to ransomware and cyberespionage attacks. Examples include News Corp, the Philadelphia Inquirer, and the German newspaper Heilbronn Stimme.
We reached out to the Associated Press for further information regarding the phishing attack and will update this article with any additional details we receive.
Malware
Free, France’s No. 2 ISP, Admits to Data Breach Following Shocking Leak
Free, France’s second-largest ISP, has confirmed a data breach impacting 700,000 customers. The exposed data includes names, addresses, emails, and phone numbers. The company has implemented additional security measures and is urging users to change their account passwords.
Imagine waking up one day to find out your personal information has been stolen by hackers. That’s precisely what happened to millions of customers of Free, a major internet service provider (ISP) in France. Over the weekend, the company confirmed that its systems were breached, and customer data was stolen.
Free is no small player in the telecommunications industry. With over 22.9 million mobile and fixed subscribers at the end of June, it’s the second-largest telecommunications company in France and a subsidiary of the Iliad Group, Europe’s sixth-largest mobile operator by the number of subscribers. That’s a lot of people potentially affected by this breach!
The company has taken action by filing a criminal complaint with the public prosecutor and notifying the French National Commission for Information Technology and Civil Liberties (CNIL) and the National Agency for the Security of Information Systems (ANSSI) of the incident.
What happened and who is affected?
According to a Free spokesperson, the hack targeted a management tool that exposed subscribers’ data. Thankfully, the attackers failed to access customer passwords, bank card information, and communications content (including “emails, SMS, voice messages, etc.”). However, the data that was stolen is now being auctioned on BreachForums to the highest bidder.
The threat actor responsible for the breach, known as “drussellx,” claims that the breach impacts almost a third of France’s population. They say that the data breach affects 19.2 million customers and contains over 5.11 million International Bank Account Numbers (IBANs). It affects all Free Mobile and Freebox customers and includes the IBANs of all 5.11 million Freebox subscribers.
How can you protect yourself?
Free has assured its customers that the stolen IBANs are “not enough to make a direct debit from a bank.” However, it’s essential for subscribers to be vigilant against phishing attempts. Never communicate your access codes or bank card information, whether by email, SMS, or during a call. If you notice an unusual direct debit that doesn’t correspond to any known invoice amount or date, inform your bank, as they’re obliged to reimburse you for fraudulent charges.
So, what can we learn from this incident? Cybersecurity threats are real and can affect anyone, even major telecommunications companies. It’s crucial to stay informed about potential risks and take steps to protect our personal information.
Stay informed and stay protected
As your trusted IT Services provider, we’re here to help you stay informed about cybersecurity threats and keep your information safe. Our team of experts is always on the lookout for the latest cybersecurity news, trends, and best practices. So don’t hesitate to contact us for guidance and advice on how to keep your data secure. And remember, knowledge is power – the more you know about cybersecurity, the better equipped you’ll be to protect yourself and your information.
Malware
UnitedHealth Reveals Massive Data Breach: 100 Million Records Stolen from Change Healthcare
Discover how UnitedHealth Group suffered a data breach at Change Healthcare, impacting over 100 million individuals. Learn about the unauthorized access and possible consequences for those affected in this major healthcare cyberattack.
It’s official: over 100 million people had their personal information and healthcare data stolen in the Change Healthcare ransomware attack, making it the largest healthcare data breach in recent years. UnitedHealth, the parent company of Change Healthcare, has finally confirmed this staggering number.
Just imagine that: “maybe a third” of all Americans’ health data was exposed in this attack, as UnitedHealth CEO Andrew Witty warned during a congressional hearing in May. This is a massive breach that has affected a “substantial proportion of people in America.”
So, what exactly was stolen during this ransomware attack? According to data breach notifications sent by Change Healthcare, the sensitive information includes health insurance details, medical history, billing and payment info, and other personal data like Social Security numbers and driver’s license numbers. Not everyone’s complete medical history was exposed, but still, the sheer scale of this breach is alarming.
How did the Change Healthcare ransomware attack happen?
In February, the UnitedHealth subsidiary Change Healthcare fell victim to a ransomware attack that led to widespread outages in the U.S. healthcare system. The culprits? The BlackCat ransomware gang, aka ALPHV, who used stolen credentials to breach the company’s Citrix remote access service, which did not have multi-factor authentication enabled.
During the attack, the criminals stole a whopping 6 TB of data and encrypted computers on the network. This caused the company to shut down IT systems to prevent further damage. In the aftermath, doctors and pharmacies were unable to file claims, and patients were forced to pay full price for medications because pharmacies couldn’t accept discount prescription cards.
UnitedHealth Group ended up paying a ransom demand of allegedly $22 million to receive a decryptor and ensure the stolen data would be deleted. However, the ransomware gang pulled a fast one: they suddenly shut down and stole the entire payment for themselves, leaving Change Healthcare’s data in the hands of a rogue affiliate.
As if that wasn’t enough, the affiliate partnered with a new ransomware operation named RansomHub and began leaking some of the stolen data, demanding an additional payment for the data not to be released. It’s unclear whether United Health paid a second ransom demand, as the entry for Change Healthcare on RansomHub’s data leak site disappeared a few days later.
The financial toll of this attack has been enormous. UnitedHealth reported in April that the ransomware attack caused $872 million in losses, which increased to an expected $2.45 billion for the nine months to September 30, 2024, as part of their Q3 2024 earnings.
What can we learn from this massive breach?
This incident highlights the importance of strong cybersecurity measures, especially in the healthcare industry. We must prioritize the protection of sensitive data and invest in robust security systems to prevent future attacks. It’s time for all of us to take cybersecurity seriously.
Stay informed and keep coming back to learn more about the latest cybersecurity news, threats, and best practices. Together, we can work towards a safer digital landscape. If you have any questions or concerns about your organization’s security, don’t hesitate to reach out to us. We’re here to help.
Malware
Henry Schein’s Wake-Up Call: Uncovering the Data Breach One Year Later
Can you imagine discovering that your personal information was exposed in a data breach one whole year after the fact? That’s exactly what happened to thousands of customers of Henry Schein, a leading provider of medical and dental supplies. This isn’t just an unfortunate incident; it’s a sobering reminder of the importance of cybersecurity in today’s digital age. And it’s a wake-up call for businesses of all sizes to step up their security game.
A Shocking Discovery: The Ransomware Attack That Rocked Henry Schein
Picture yourself walking into your office on a typical Monday morning. You grab a cup of coffee, sit down at your desk, and power up your computer. Suddenly, you’re greeted by a chilling message: “Your files have been encrypted. Pay up or lose everything.”
That’s what happened to Henry Schein in February 2020 when they fell victim to a ransomware attack. The company was forced to shut down its systems to contain the damage. While they managed to recover from the attack, the incident left a lasting impression. But the real shocker came one year later when the company discovered that sensitive customer data had also been compromised during the attack.
Playing Catch-Up: The Long-Term Impact of a Data Breach
A data breach can have far-reaching consequences for both consumers and businesses. For consumers, the risks are clear: identity theft, financial fraud, and a host of other potential problems. But businesses like Henry Schein also face serious fallout from a data breach. The financial burden of incident response, customer notifications, and potential lawsuits can be staggering. And then there’s the damage to a company’s reputation, which can take years to repair.
According to a 2020 IBM study, the average cost of a data breach in the United States is $8.64 million. That’s a hefty price tag for any business to bear.
Learning from Henry Schein’s Mistake: The Importance of Proactive Cybersecurity
It’s easy to look at the Henry Schein incident and think, “That couldn’t happen to me.” But, as a cybersecurity expert, I can tell you that no business is immune to cyber threats. In fact, 43% of cyberattacks are aimed at small businesses, and 60% of those targeted go out of business within six months.
The key takeaway from the Henry Schein debacle is the importance of proactive cybersecurity. It’s not enough to react to threats as they arise; businesses need to be constantly monitoring and updating their security practices to stay ahead of the game.
Don’t Be a Victim: Take Action to Protect Your Business Today
It’s time to take a stand against cyber threats. Whether you’re a small business owner or part of a major corporation, investing in cybersecurity measures is essential to protect your company’s sensitive data and maintain customer trust.
Get started by conducting a thorough security audit of your systems and processes. Identify potential weaknesses and work to address them. Regularly update software and hardware to ensure your systems are up-to-date. Provide comprehensive cybersecurity training for your employees to help prevent human error and promote a culture of security awareness.
And most importantly, don’t hesitate to seek professional help when needed. As your cybersecurity partner, we can help you navigate the complex world of digital security and ensure your business is protected against ever-evolving threats.
Don’t wait for a wake-up call like Henry Schein’s. Take action to protect your business today. Contact us to learn more about our comprehensive cybersecurity solutions and keep coming back for the latest information on how to stay secure in an increasingly connected world.
Why Cybersecurity Matters: A Personal Perspective
Imagine this: you’re planning a surprise birthday party for your best friend. You’ve spent weeks organizing the event, and the big day is almost here. The last thing you need is someone spoiling the surprise, right? Now, imagine if that someone was a hacker who got their hands on your personal information and ruined everything. That’s what can happen when you don’t take cybersecurity seriously. And that’s just a small-scale example.
The Growing Impact of Cybercrime
Let me give you some staggering statistics: In 2020, cybercrime damages amounted to $6 trillion globally. By 2025, that number is expected to rise to $10.5 trillion. That’s a lot of money! But it’s not just about the financial impact. Cybercrime can lead to identity theft, ruined reputations, and even physical harm. So, how can you protect yourself and your loved ones from this growing threat?
Understanding the Basics of Cybersecurity
Think of cybersecurity as a shield that protects your digital life. It’s like locking your doors and windows at night to keep intruders out. There are several ways to improve your cybersecurity, and it all starts with understanding the basics:
- Passwords: Use strong, unique passwords for each account and change them regularly. A good rule of thumb is to create passwords with at least 12 characters, including uppercase and lowercase letters, numbers, and symbols.
- Software Updates: Keep your devices and software up-to-date. Hackers often exploit vulnerabilities in outdated software, so make sure you’re always using the latest versions.
- Phishing Scams: Be cautious when opening emails or clicking on links from unknown sources. Phishing scams often use deceptive messages to trick you into revealing sensitive information.
Empower Yourself Through Knowledge
Knowledge is power, and in the world of cybersecurity, it’s your best defense against cybercriminals. Stay informed about the latest threats, learn about new technologies, and be proactive in safeguarding your digital life. Remember, cybersecurity isn’t a one-time task – it’s an ongoing process that requires your constant attention.
Take Action Today
Now that you have a better understanding of why cybersecurity matters, I encourage you to take action. Start by implementing the basic security measures I mentioned earlier, and then continue to educate yourself and stay informed. If you’re looking for more resources and guidance, reach out to us. We’re here to help you navigate the complex world of cybersecurity and protect your digital life.
So, don’t wait until your surprise party is ruined. Take action now and ensure that your digital life remains secure and private.
Imagine this: you’re a hugely successful healthcare solutions provider, with operations in 32 countries and a revenue of over $12 billion in 2022. You’ve earned your place as a Fortune 500 company. But then, out of nowhere, you’re hit by not one, but two cyberattacks in a row. Sounds like a nightmare, right? Well, that’s precisely what happened to Henry Schein in 2023.
The Double Whammy of Cyberattacks
On October 15, 2023, Henry Schein was forced to take some systems offline due to a cyberattack that impacted their manufacturing and distribution operations. The culprits? The notorious BlackCat Ransomware gang, who claimed responsibility and boasted about stealing 35 TB of sensitive files.
But the trouble didn’t end there. On November 22, the company disclosed that they were hit by the same gang yet again. This time, the ransomware gang encrypted Henry Schein’s network after negotiations failed and even threatened a third attack if a ransom was not paid.
While it’s unclear if the attackers followed through with their threats, they did release some of the stolen data on their leak site.
The Aftermath: Over 160,000 People Affected
Fast forward to over a year later, and Henry Schein has finally confirmed the extent of the damage. In a data breach notification to the Maine Attorney General, the company revealed that the ransomware gang managed to steal the personal data of 166,432 people during these attacks.
It took a considerable amount of time and resources to review the affected files and identify the information that was obtained by the unauthorized third party. The investigation determined that personal information, along with other sensitive data, was impacted during the incident.
We reached out to Henry Schein to ask about the type of data stolen but did not receive a response. However, the company is now offering impacted users a free 24-month membership to Experian’s IdentityWorksSM to help monitor their credit history and detect signs of fraud.
What Can You Learn from This?
As a US reader, you might be thinking, “Why should I care about a healthcare solutions provider halfway across the world?” Well, the truth is, cyberattacks can happen to anyone, anywhere. And as we’ve seen with Henry Schein, even the biggest and most successful companies aren’t immune.
So, what can you do to protect yourself and your business? The best way is to stay informed and be proactive about your cybersecurity practices. That’s where we come in. Our IT Services team is dedicated to helping you stay ahead of the curve and ensure that you’re well-equipped to handle any cyber threats that come your way.
Don’t wait until it’s too late. Contact us today to learn more about our cybersecurity services and how we can help you safeguard your valuable data. And remember, keep coming back to stay informed and up-to-date on the latest cybersecurity news and trends.
-
Malware1 year ago
Flagstar Bank’s Latest Data Breach: 800,000 Customers Impacted, Marking the Third Incident of 2021
-
Malware1 year ago
Blackbaud: Taking Responsibility with a Landmark $49.5 Million Settlement for Devastating Ransomware Data Breach
-
Data Protection Regulations12 months ago
Top Data Protection Officer Certification Courses Reviewed
-
Data Protection Regulations12 months ago
Top 11 Data Protection Training Programs for Compliance
-
Security Audits and Assessments12 months ago
Mastering Healthcare Data Security: 5 Essential Audit Tips
-
Data Protection Regulations12 months ago
Navigating Data Protection Laws for Nonprofits
-
Data Protection Regulations12 months ago
9 Best Insights: CCPA’s Influence on Data Security
-
Security Audits and Assessments12 months ago
HIPAA Security Risk Assessment: Essential Steps Checklist