Major Data Breaches & Hacking News in April 2024

April 25, 2024

Recent data breaches across various industries highlight the ever-present risks in our digital world. Companies such as Nexperia, Hot Topic, SurveyLama, PandaBuy, Home Depot, and the City of Hope have all faced significant security incidents compromising user data and corporate information.

Read on to get the details about each incident.

City of Hope

Organization Description: The City of Hope Medical Center is a treatment center for cancer, diabetes, and other life-threatening diseases.

Breach Size: 820,000+

Data exposed: Between September and October 2023, the City of Hope Medical Center had a data breach that exposed the sensitive health information of more than 820,000 patients.

This incident is particularly alarming due to the sensitive nature of the exposed information, which could include full names, email address, phone number, date of birth, Social Security Number, driver’s license, government-issued ID, banking information, and medical records. It underscores the critical importance of securing health information, adhering to HIPAA standards in the U.S., and implementing strict access controls and data monitoring systems.

Nexperia

Organization Description: Nexperia is a Dutch semiconductor manufacturer that operates fabrication plants in Germany and the UK, producing essential components like transistors and diodes.

Breach Size: Unknown

Data exposed: Nexperia faced unauthorized access to its IT servers, leading to a potential leak of sensitive data, including employee passports, non-disclosure agreements, and technical specifications of its products.

The breach, publicized by the "Dunghill Leak" ransomware group, also involved extensive commercial and engineering data, affecting critical corporate information and potentially impacting major clients such as SpaceX and Apple. Nexperia has engaged with cybersecurity firm FoxIT to manage the aftermath and strengthen security measures.

Hot Topic

Organization Description: Hot Topic is an alternative apparel and accessory retailer in malls across North America.

Breach Size: Unknown

Data exposed: Hot Topic was hit by multiple credential stuffing attacks, in which attackers used previously breached usernames and passwords to gain unauthorized access.

In a data breach notice, the retailer said that the attackers targeted Hot Topic Rewards accounts in automated attacks using login information obtained from an unknown source on two occasions: November 18-19 and November 25, 2023. Customers may have their name, email address, order history, phone number, the last four digits of a payment card, date of birth and mailing addresses. Hot Topic said it has been working with cybersecurity experts in its investigation. The incident stresses the importance of implementing advanced security measures such as two-factor authentication and encouraging users to use unique passwords for each service.

SurveyLama

Organization Description: SurveyLama is an online platform that rewards registered users for completing surveys.

Breach Size: 4.4 Million

Data exposed: The breach at SurveyLama exposed the personal data of 4.4 million users, including names, addresses, phone numbers, dates of birth, and IP addresses that could be exploited for identity theft or further phishing scams.

The scale of this breach points to potential lapses in securing data at rest and in transit, raising questions about the company's data encryption practices and the robustness of its cybersecurity defenses. If you have a SurveyLama account, be sure to update your password immediately.

PandaBuy

Organization Description: PandaBuy is an online shopping platform that allows international users to purchase products from various e-commerce platforms in China, including Tmall, Taobao, and JD.com.

Breach Size: 1.3 Million

Data exposed: PandaBuy experienced a data leak in March 2024 that exposed 1.3 million unique email addresses, which were posted to a popular hacking forum. The data also included IP and physical addresses, names, phone numbers and order enquiries.

This breach highlights the risks of storing large volumes of personal data and the necessity of employing advanced encryption methods to protect data. It also underscores the importance of swift incident response and transparent communication with affected users to mitigate damage and rebuild trust.

The Home Depot

Organization Description: The Home Depot is one of the largest home improvement retailers with more than 2,300 stores in North America and over 475,000 employees.

Breach Size: 10,000

Data exposed: Home Depot has confirmed that it suffered a data breach after one of its SaaS vendors mistakenly exposed a small sample of limited employee data, which could potentially be used in targeted phishing attacks.

This breach illustrates the extended risk companies must manage to protect their employee and customer data. It brought to light the need for stringent security measures not only within a company but also across all its partnerships and third-party relationships. Regular audits and enforcing strict security standards for all partners are essential steps to prevent such breaches.

Hacking & Phishing News

The Subtleties of Smishing

Recent events underscore a disturbing trend in the rise of SMS phishing, or "smishing" attacks. Companies and individuals are increasingly targeted via mobile devices, receiving deceptive messages that lure them into divulging personal information or downloading malware.

This method was notably used in an Activision breach, where an employee was tricked into providing sensitive credentials via a simple SMS. The incident reveals the crucial need for continuous education on recognizing and responding to security threats that arrive through unconventional channels.

New Phishing Techniques in Cryptocurrency

The cryptocurrency sector is witnessing a surge in targeted phishing attacks as hackers develop sophisticated methods to exploit technical and human vulnerabilities.

These attacks often involve manipulating individuals into transferring cryptocurrency to fraudulent addresses or revealing keys to digital wallets. The rapid evolution of these phishing schemes is a stark reminder that staying informed about the latest security practices is vital for anyone active in the digital currency space.