Image
November 21, 2024

Major Data Breaches & Hacking News in November 2024


November 22, 2024
While many are celebrating a season of gratitude with family and friends this month, millions of people recently fell victim to cyberattacks, reminding us that there’s no off-season for threats to our online security. Recently, companies and organizations like Wayne County, Michigan; Henry Schein; Internet Archive; Fidelity Investments; Hot Topic; Casio; and Landmark Admin have experienced significant data breaches compromising user data. Read on to learn more about each incident:

Icon
Wayne County, Michigan

Organization Description: Wayne County is the largest county in Michigan with over 1.7 million residents.

Breach Size: County-wide

Data Exposed: This fall, Wayne County, Michigan, experienced a cyberattack that shut down all government websites. A spokesperson confirmed that the ransomware attack targeted some internal systems, leading to operational challenges at the local sheriff’s office and treasurer’s office. This follows ransomware incidents at multiple Michigan-based government bodies, including Flint and Traverse City, as well as two hospitals. Wayne County is working with the FBI and the Michigan State Police to investigate the incident. 


Icon
Henry Schein  

Organization Description: Henry Schein is a global distributor of medical supplies and health care products.

Breach Size: 165,000 people

Data Exposed: In October, Henry Schein announced that more than 165,000 people were impacted by two cyberattacks in 2023 by a gang known as BlackCat Ransomware. The type of data stolen has not been shared. The company is investigating the incident, which also affected manufacturing and distribution.


Icon
Internet Archive

Organization Description: Internet Archive is a nonprofit digital library offering free access to digitized resources.

Breach Size: 31 million records

Data Exposed: Hackers recently compromised the Internet Archive website and stole 31 million unique records from its user authentication database. The leaked database totals 6.4GB and contains registered members’ email addresses, screen names, hashed passwords, password change timestamps, and more. It’s not known how the cybercriminals accessed the archive, which remained down for over two weeks before some functions were restored. Internet Archive is taking measures to upgrade its security and prevent future attacks.


Icon
Fidelity Investments

Organization Description: Fidelity Investments is a financial services corporation known for wealth management and financial planning services.

Breach Size: 77,000 people

Data Exposed: Fidelity Investments recently announced that its systems were breached this August when an unknown cybercriminal stole personal information from over 77,000 customers. The type of data was not revealed, but Fidelity says it did not involve access to users’ accounts. Fidelity is working with security experts to investigate further.


Icon
Hot Topic

Organization Description: Hot Topic is an American retail chain specializing in counterculture-related clothing, accessories, and licensed music merchandise.

Breach Size: 350 million records

Data Exposed: A recent breach exposed sensitive customer data from Hot Topic, Box Lunch, and Torrid, including full names, email addresses, dates of birth, phone numbers, addresses, purchase history, and partial credit card details. On October 21, 2024, a threat actor known as "Satanic" claimed responsibility, stating they had stolen 350 million user records. They attempted to sell the database for $20,000 while also demanding a $100,000 ransom from Hot Topic to remove the data from BreachForums.


Icon
Casio

Organization Description: Casio is a Japanese electronics manufacturing company specializing in watches, digital cameras, musical instruments, phones, and calculators.

Breach Size: Unknown

Data Exposed: Casio fell victim to a ransomware attack that exposed the confidential information of employees and some customers. The company says compromised information likely includes the personal details of business partners, financial data regarding transactions and invoices, and other internal documents, but does not include customer payment information. Casio has notified the relevant authorities and is investigating the breach.


Icon
Landmark Admin

Organization Description: Landmark Admin is a third-party insurance administrator based in Texas.

Breach Size: 800,000 customers

Data Exposed: After first detecting suspicious activity in May, Landmark Admin has shared that a threat actor has stolen files containing the personal information of over 800,000 people. Compromised information includes names, addresses, Social Security numbers, passport numbers, tax identification numbers, medical information, insurance policy information, and more. Affected individuals are being notified as Landmark continues to investigate the incident.


Hacking & Phishing News
Pharming

Pharming is a type of social engineering attack where cybercriminals redirect users from legitimate websites to fraudulent ones without their knowledge. These look-alike sites are designed to steal sensitive information such as login credentials, credit card numbers, or personal data. Unlike phishing, where users are tricked into clicking on malicious links, pharming happens invisibly in the background, making it a particularly dangerous threat. To help prevent pharming, always ensure you're visiting secure websites by checking for "https" in the URL and use a trustworthy internet service provider.

Credential Stuffing

Credential stuffing is a hacking technique where attackers use stolen usernames and passwords from one website to gain access to accounts on other platforms. Since many people reuse passwords across multiple sites, credential stuffing relies on the likelihood that login details from a breached account will also work on other accounts. Automated tools allow hackers to quickly test these credentials across thousands of websites, and if successful, they can gain unauthorized access to personal, financial, or business accounts, leading to data theft and fraud. To protect against credential stuffing, use unique, strong passwords for each account and enable multi-factor authentication wherever possible.

GET PROTECTED
The latest data breaches highlight the data security challenges ever-present at both the individual and corporate level. As cybercriminals continue to target sensitive information, safeguarding your personal data has never been more essential. You can significantly lower your risk of identity theft through simple steps like staying vigilant against phishing attempts, using strong passwords, and enabling multi-factor authentication. When combined with a robust identity protection service like IDSeal, which goes beyond basic monitoring by offering white-glove identity restoration and 24/7 dedicated support, you can enjoy greater peace of mind in an increasingly digital world.
Related Articles

Start protecting your identity today! Signing up is quick & easy

Remember, 1-in-4 Americans are the victim of identity theft. It's not a matter

of if you'll become a victim, it's when...

Get Protected