Malware
WebTPA Data Breach: 2.4 Million Insurance Policyholders’ Confidential Information Exposed
WebTPA, a Texas-based health insurance company, has suffered a data breach that exposed the personal information of 248,000 policyholders. The attackers gained access to a single email account containing sensitive data, including Social Security numbers, dates of birth, and health information. WebTPA has since taken steps to secure its email systems and is offering free credit monitoring to affected individuals.
WebTPA Data Breach Affects Millions of Insurance Customers
Do you have insurance with companies like The Hartford, Transamerica, or Gerber Life Insurance? If so, you might be one of the nearly 2.5 million individuals affected by the WebTPA Employer Services (WebTPA) data breach, as reported by the U.S. Department of Health and Human Services.
What is WebTPA, and what happened?
WebTPA is a subsidiary of GuideWell Mutual Holding Corporation and a third-party administrator (TPA) that offers customized administrative services to health plans and insurance companies. With 18,000 employees and $103 million in annual revenue, WebTPA is a significant player in the industry.
Although the breach occurred last year, the company only discovered evidence of suspicious activity on its network in December. After an investigation, WebTPA found that a threat actor had access to personal data for five days between April 18 and April 23, 2023. However, the breach wasn’t discovered until late December, prompting an immediate response.
What kind of information was exposed?
According to WebTPA’s notification, the exposed data includes:
- Full name
- Contact information
- Date of birth (and death where applicable)
- Social Security Number (SSN)
- Insurance information
Thankfully, financial account information, credit card numbers, medical treatment, and diagnostic information were not exposed in the breach.
How are insurance companies responding?
WebTPA informed benefit plan providers and insurance companies of the data breach on March 25, 2024. Companies like Dean Health Plan, APA Voluntary Supplemental Medical Plan, The Hartford, Transamerica, and Gerber Life Insurance have issued notifications to their affected customers.
WebTPA also provided instructions on how to enroll in two years of credit monitoring, identity theft protection, and fraud consultation services through Kroll, available until August 1st.
What should you do if you’re affected?
While WebTPA isn’t aware of any misuse of the exposed data, it’s essential for those affected to remain vigilant. Be cautious of communications from potential scammers and avoid sharing any personal or financial information. It’s also a good idea to review your credit reports carefully and consider placing a security freeze on your credit files to minimize fraud risks.
Stay Informed and Protected
As cybersecurity experts, we understand the importance of staying informed and taking proactive steps to protect your personal information. Keep coming back to learn more about the latest cybersecurity news and tips to help you secure your digital life.
Malware
Avis Reveals Massive Data Breach: Customer Information Compromised in Car Rental Empire
Car rental company Avis recently disclosed a data breach affecting customer data. The breach exposed sensitive information such as names, addresses, and phone numbers. Protect your personal information by staying vigilant and monitoring your accounts for any suspicious activity.
Image removed
Did you hear the news? American car rental giant Avis recently informed customers that cybercriminals breached one of its business applications last month and stole some of their personal information.
According to data breach notification letters sent to impacted customers and filed with California’s Office of the Attorney General, Avis took action to stop the unauthorized access and launched an investigation with the help of external cybersecurity experts after learning of the breach on August 5th.
What did the investigation uncover?
The investigation revealed that the attacker had access to Avis’s business application from August 3rd to 6th. The company managed to evict the malicious actor from its systems and blocked its access on August 6th. On August 14th, it also discovered that the attacker stole some customers’ personal information, including their names and other undisclosed sensitive data.
Since the breach, Avis says it has worked with outside experts to strengthen security measures for the affected application and implemented additional safeguards across its systems.
What has Avis done to protect its customers?
Avis has been actively reviewing security monitoring and controls to bolster security defenses and warned customers of identity theft and fraud risks following the data breach. The company advised those whose personal information was stolen to remain vigilant against threats of identity theft or fraud. They suggested customers do this by regularly reviewing and monitoring their account statements and credit history for any signs of unauthorized transactions or activity and contacting credit reporting agencies if they suspect any unauthorized activity.
Moreover, Avis offered those affected a free one-year membership to Equifax’s credit monitoring service, which provides assistance with identity theft detection and resolution.
About Avis and its global presence
Avis is a subsidiary of Avis Budget Group, a leading global mobility solutions provider that also owns Zipcar, the world’s leading car-sharing network. Its Avis and Budget car rental brands operate over 10,000 rental locations in 180 countries across North America, Europe, and Australasia. Avis Budget Group has reported more than $3.0 billion in revenues for the second quarter of 2024.
We reached out to Avis for more information about the attack’s nature, the number of affected customers, and the other personal information stolen in the breach, but the company has not responded yet.
Stay informed and protected
Cybersecurity is more important than ever, and we at IT Services are dedicated to helping you stay informed and protected. We encourage you to keep coming back to learn more about the latest cybersecurity news and trends. Together, we can make the digital world a safer place for everyone. If you have any questions or concerns, don’t hesitate to contact us!
Malware
Massive Data Breach Exposed: Business Powerhouse CBIZ Reveals Customer Information Compromised
CBIZ, a leading provider of business services, has disclosed a data breach affecting customer information. The breach occurred when an unauthorized third party accessed an employee’s email account, potentially compromising clients’ names, addresses, and Social Security numbers. CBIZ is offering free credit monitoring services to affected clients and has implemented additional security measures.
Imagine waking up one day to find out that your personal information has been stolen by hackers. Your name, contact details, social security number, date of birth, and even your health information are now in the hands of cybercriminals. This nightmare scenario recently became a reality for thousands of people when a major U.S. company fell victim to a data breach.
CBIZ: A Cybersecurity Wake-up Call
CBIZ Benefits & Insurance Services (CBIZ), one of the largest professional services companies in the United States, recently disclosed a significant data breach involving unauthorized access to client information stored in specific databases. This management consulting company, which provides financial and benefits and insurance services to various organizations and individual customers, reported that a threat actor exploited a vulnerability in one of its web pages and stole customer data between June 2 and June 21.
Upon discovering the intrusion on June 24, CBIZ launched an investigation with the help of cybersecurity professionals. They found that an unauthorized party was able to exploit a vulnerability associated with one of its web pages and acquire information from certain databases during the three-week period. To put things in perspective, CBIZ operates 120 offices across the country, employs 6,700 people, and recorded a revenue of $1.59 billion in 2023.
What Was Stolen?
Hackers managed to steal information belonging to nearly 36,000 individuals. The compromised data includes:
- Name
- Contact details
- Social Security number
- Date of birth/death
- Retiree health information
- Welfare plan information
Protecting Yourself and Your Data
CBIZ began sending personalized notifications to impacted clients on August 28, informing them of the breach. While the company has no evidence that the stolen data has been misused, they are offering guidance on how to enroll in a two-year credit monitoring and identity theft protection service to reduce potential risk. Additionally, impacted clients are advised to consider placing a credit/security freeze and adding a fraud alert to their credit report.
This incident serves as a stark reminder of the importance of cybersecurity and the need to protect our personal information. Cyberattacks are becoming more frequent and sophisticated, and businesses of all sizes must take the necessary precautions to safeguard their customers’ data. As individuals, we must also stay informed and vigilant to protect ourselves from the consequences of data breaches.
Don’t Be a Victim: Stay Informed and Take Action
Here at IT Services, our mission is to help you stay ahead of cyber threats. We provide the latest news, updates, and resources on cybersecurity to help you protect your digital footprint. Whether you’re a business owner or an individual user, knowledge is power when it comes to defending against cyberattacks. So don’t wait for a wake-up call like CBIZ – take action now to secure your digital life.
Stay informed and keep coming back to learn more. And remember, if you have any concerns or questions about cybersecurity, we’re here to help. Don’t hesitate to contact us for expert advice and support.
Malware
DICK’S Sporting Goods Halts Email & Locks Employee Accounts Following Intense Cyberattack
US retailer Dick’s Sporting Goods suffered a cyberattack, prompting the company to shut down employee email accounts and reset passwords. Discover how the attack unfolded and what measures the company is taking to prevent future incidents.
Last Wednesday, DICK’S Sporting Goods, the largest chain of sporting goods retail stores in the United States, discovered a cyberattack that exposed confidential information. With $12.98 billion in revenue in 2023 and over 857 stores across the country, this breach impacts a significant number of people.
Responding to the Cyberattack
In a filing with the U.S. Securities and Exchange Commission (SEC), DICK’S has hired outside cybersecurity experts to help contain the security breach and assess the impact. The company stated, “On August 21, 2024, the Company discovered unauthorized third-party access to its information systems, including portions of its systems containing certain confidential information.”
As soon as the incident was detected, DICK’S activated its cybersecurity response plan and engaged external cybersecurity experts to investigate, isolate, and contain the threat.
Keeping Information Under Wraps
According to an anonymous source, the company has been tight-lipped about the breach and has instructed employees not to discuss it publicly or put any information in writing. The same source revealed that email systems had been shut down, likely to isolate the attack, and all employees were locked out of their accounts. IT staff is now manually validating employees’ identities on camera before granting access to internal systems.
In an internal memo, DICK’S informed employees that most of them no longer have access to their systems due to a “planned activity” and that team leaders will contact them via personal email or text for further instructions.
Business Operations Unaffected
Phone lines at local stores are currently down due to the incident, but the company has reported no disruption to their business operations to date. In their SEC filing, DICK’S stated, “The Company has also notified federal law enforcement. The Company has no knowledge that this incident has disrupted business operations. The Company’s investigation of the incident remains ongoing.”
Although the company believes the incident is not material at this point, the investigation is still in progress, and the full impact remains to be seen.
What You Can Do
Cybersecurity is a critical concern for businesses and individuals alike. We at IT Services are committed to keeping you informed and protected. Stay tuned for updates on this situation, and don’t hesitate to reach out to us for advice and assistance in safeguarding your personal and professional information. Let’s work together to stay one step ahead of cyber threats.
Avis Reveals Massive Data Breach: Customer Information Compromised in Car Rental Empire
Massive Data Breach Exposed: Business Powerhouse CBIZ Reveals Customer Information Compromised
DICK’S Sporting Goods Halts Email & Locks Employee Accounts Following Intense Cyberattack
Flagstar Bank’s Latest Data Breach: 800,000 Customers Impacted, Marking the Third Incident of 2021
Blackbaud: Taking Responsibility with a Landmark $49.5 Million Settlement for Devastating Ransomware Data Breach
Top Data Protection Officer Certification Courses Reviewed
-
Malware11 months agoFlagstar Bank’s Latest Data Breach: 800,000 Customers Impacted, Marking the Third Incident of 2021
-
Malware11 months ago
Blackbaud: Taking Responsibility with a Landmark $49.5 Million Settlement for Devastating Ransomware Data Breach
-
Data Protection Regulations10 months ago
Top Data Protection Officer Certification Courses Reviewed
-
Security Audits and Assessments10 months ago
Mastering Healthcare Data Security: 5 Essential Audit Tips
-
Data Protection Regulations10 months ago
Top 11 Data Protection Training Programs for Compliance
-
Data Protection Regulations10 months ago
Navigating Data Protection Laws for Nonprofits
-
Data Protection Regulations10 months ago
9 Best Insights: CCPA’s Influence on Data Security
-
Security Audits and Assessments10 months ago
HIPAA Security Risk Assessment: Essential Steps Checklist
