Major Data Breaches and Hacking News

February 28, 2024

This month Bank of America’s deferred compensation plans are hacked, the US Department of Defense leaves government customer emails open to breach exposure, and a Fortune 500 company is hacked with the notorious ALPHAV/Blackcat group claiming responsibility.

Bank of America

Organization Description: Bank of America is one of the world’s leading financial institutions, offering a wide range of banking, investing, asset management, and other financial and risk management products and services.

Breach Size: 57,000 records exposed.

Data exposed: Addresses, names, Social Security numbers, dates of birth, banking information (account numbers, credit card information). In a notification letter filed with the Attorney General of Maine, Infosys McCamish stated, "it is unlikely that we will be able to determine with certainty what personal information was accessed because of this incident at IMS."

In early November 2023, a ransomware attack targeted Infosys McCamish Systems, a service provider for Bank of America, exposing tens of thousands of customers’ data. The incident only came to light in February 2024, raising concerns about the delay in notification, which may conflict with state laws on customer notification timelines. The LockBit ransomware gang claimed responsibility for the attack, saying that its operators encrypted over 2,000 systems during the breach.

US Department of Defense

Organization Description: The Department of Defense is a federal agency responsible for coordinating and supervising all agencies and functions of the government relating directly to national security and the United States Armed Forces.

Breach Size: Around 20,600.

Data exposed: Sensitive but unclassified emails, including sensitive personnel information and questionnaires by prospective federal employees seeking security clearances.

The Defense Intelligence Agency reported that numerous email messages were inadvertently exposed to the Internet by a service provider between February 3 and February 20, 2023. The data spill was caused by an unsecured U.S. government cloud email server hosted on Microsoft’s cloud for government customers. The server was accessible from the internet without a password, likely due to misconfiguration. Security researcher Anurag Sen discovered the exposure. Breach notification letters were sent on February 1, 2024, following the year of the incident. The breach involved about three terabytes of internal military emails, some pertaining to U.S. Special Operations Command (SOCOM). The server was removed from public access on February 20, 2023, after being reported by TechCrunch.

Trello

Organization Description: Trello is a popular project management software platform owned by Atlassian that is commonly used by businesses to organize projects and tasks into boards, lists, and cards.

Breach Size: 15 million users affected.

Data exposed: Email addresses, names, and usernames.

In January 2024, a significant breach involving Trello’s project management platform resulted in 15 million users’ data being leaked on the dark web. Trello clarified that the data was scraped by an unidentified party going by the pseudonym “emo” and posted for sale on a popular hacking forum.

The data leak occurred when exposed Trello API was abused, linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information. Trello stated that no unauthorized access occurred, and that the information was leaked by scraping public data, rather than a breach by a hacking group.

Microsoft

Organization Description: The data leak occurred when exposed Trello API was abused, linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information. Trello stated that no unauthorized access occurred, and that the information was leaked by scraping public data, rather than a breach by a hacking group.

Breach Size: Not fully disclosed; leadership and cybersecurity teams affected.

Data exposed: Corporate email accounts of Microsoft’s leadership team and employees in the cybersecurity and legal departments, emails, and attachments. Microsoft revealed that Russian hackers, Midnight Blizzard (also known as Nobelium or APT29), breached its corporate emails, including leadership’s, by exploiting a non-production account in November 2023.

The month-long attack initiated through a password spray, led to stolen emails and attachments without impacting Microsoft’s operations significantly. The breach stemmed from inadequate security on the targeted account rather than a product flaw. Nobelium, notorious for the 2020 SolarWinds attack, aimed at information about its activities. Microsoft is notifying impacted employees and continues to investigate.

V12software.com

Organization Description: V12software.com is a technology company that provides software solutions tailored for car dealerships, including website development, inventory management, and marketing tools. It aims to streamline the operations of car dealerships with its comprehensive software suite.

Breach Size: 5.6 million records exposed.

Data exposed: Email addresses, passwords, Social Security numbers, card numbers, driver’s license numbers, phone numbers, names, and addresses.

v12software.com, a US-based car dealership management software provider, faced a significant breach exposing the data of 5.6 million individuals. The breach details do not specify the hacking group responsible. Still, given the nature of the data exposed, it was likely a targeted attack. This breach underlines the critical need for robust security measures in protecting sensitive customer information.

Integris Health

Organization Description: Integris Health is a not-for-profit, Oklahoma-owned healthcare system and one of the state’s largest systems with hospitals, rehabilitation centers, physician clinics, mental health facilities, independent living centers, and home health agencies.

Breach Size: 2.4 million patients.

Data exposed: Full names, dates of birth, contact information, demographic information, and Social Security numbers.

Integris Health, Oklahoma’s largest healthcare network, reported a November cyberattack exposing the personal data of nearly 2.4 million people. The responsible party was not specified by name, but the data was stolen by a threat actor and sold on a dark web marketplace. The breach didn’t disrupt services but led to patients receiving extortion emails. While financial details weren’t leaked, the data’s availability on the dark web raises identity theft and fraud risks. Integris is notifying impacted patients and providing guidance on protective measures.

Hacking News

U.S. Takes Action Against Russian Cyber Threats

On February 15, 2024, the U.S. made a significant move to disrupt a Russian hacking operation believed to be a collaborative effort between Russian intelligence and cybercriminals. This operation compromised over 1,000 home and small-business internet routers globally, aiming to spy on military, security, and private entities, particularly in the U.S. Through a court-ordered operation, the FBI managed to neutralize the threat by erasing the stolen data and malware from the affected routers, effectively crippling the Russian botnet without disrupting the routers’ functionality. This action is part of a wider strategy to counter Russia’s cyber activities against the U.S. and its allies. FBI Director Christopher A. Wray emphasized the continuous threat from Russia, particularly in targeting critical infrastructure, and highlighted the growing cyber capabilities of China, noting it as a substantial concern.

Insight into China’s Surveillance Tactics

A rare leak from I-Soon, a Chinese security contractor linked to the nation’s policing and government agencies, provides a glimpse into China’s extensive surveillance operations. The leaked documents outline hacking activities and tools used to monitor ethnic minorities and dissidents and to influence social media narratives both within China and internationally. Notably, the leaks show efforts targeting regions with significant anti-government sentiments, like Hong Kong and Xinjiang, and detail hacking operations across various countries to support China’s surveillance and pro-Beijing initiatives. The leak, which is under investigation by Chinese authorities and I-Soon, marks a significant exposure of China’s cyber espionage activities, underscoring the global scale of its surveillance and influence operations. This event sheds light on the pervasive state surveillance tactics employed by China, raising concerns about privacy, security, and the extent of state-backed cyber operations worldwide.

Major Data Breaches and Hacking News February 2024

Major Data Breaches and Hacking News