Top Data Breaches and Cyber Attacks of Q3 2022
Technology’s rapid advancement has altered the nature of business, and the global efforts to strengthen cybersecurity
Data breaches are becoming more prevalent, affecting organizations across all industries without exception. In this post, we'll discuss some of the most significant data breaches that happened in 2022.
In July 2022, a cybercriminal using the pseudonym 'devil' made a post on the hacking forum BreachForums claiming to possess the information of 5.4 million Twitter accounts, which they intended to sell.
The stolen data included email addresses and phone numbers of various entities such as celebrities, companies, and general Twitter users known as "OGs". OGs are Twitter handles that are short, consisting of one or two letters, or a desirable word as a screen name, such as a first name with no misspelling, numbers, or punctuation. The hacker 'devil' stated that they would not accept offers below $30,000 for the database.
Source: Massive Twitter data breach affects over 5.4 million accounts
The internal servers of Uber were breached on September 15, following an incident in which a contractor's device was infected with malware, and their login credentials were sold on the dark web. The hacker was able to gain access to multiple employee accounts, which granted them entry to various internal tools. The cybercriminal then sent a message on a company-wide Slack channel and altered Uber's Open DNS, displaying a graphic image on certain internal sites to employees.
Source: IOTW: Hacker allegedly hits Uber
A cybercriminal uploaded a dataset to BreachForums on November 16, 2022, claiming that it contained current personal information of 487 million WhatsApp users from 84 different countries. The hacker announced that buyers of the dataset would receive the most recent mobile numbers of WhatsApp users. According to the fraud, the dataset comprises of data for 32 million US users, 11 million UK users, and six million German users, among others.
However, the hacker did not provide any details on how they acquired such a vast amount of user data, only stating that they had employed their tactics to obtain it.
Source: WhatsApp data leaked - 500 million user records for sale online
OneTouchPoint, a Wisconsin-based company that offers marketing, mailing, and other services to healthcare organizations, experienced a data breach that affected over 4.1 million individuals.
The breach was first discovered on April 27, and on June 1, OneTouchPoint confirmed that they were unable to identify the specific files that had been accessed. The personal information potentially compromised in the breach included names and information provided during health assessments.
The breach impacted numerous companies, including Anthem Affiliated Covered Entities, Blue Cross Blue Shield of Arizona, Blue Cross Blue Shield of Massachusetts, Clover Health, Geisinger, UPMC Health Plan, and others, as per OneTouchPoint's statement.
Source: Cybersecurity in healthcare: Even with progress, many vulnerabilities remain
Advocate Aurora, a non-profit health system that runs hospitals in Illinois and Wisconsin, experienced a data breach that affected 3 million patients.
According to the health system, certain patient information was shared with other companies due to the use of tracking technologies such as pixels from Facebook and Google on its websites.
The pixels were used to monitor patient trends and preferences but were disabled after the breach. The health system stated that patient information was transmitted through pixels and other technologies on its patient portals, MyChart and LiveWell websites, and scheduling widgets. As a precautionary measure, Advocate Aurora is assuming that all users of the affected accounts and widgets may have been impacted, although it has not found any evidence of fraudulent activity. The health system also mentioned that the use of pixels would be unlikely to result in identity theft or financial harm.
Source: Advocate Aurora completed its planned merger with Atrium Health.
In a high-profile cyberattack, the Conti ransomware gang breached the Costa Rican government. The threat group accessed the government’s systems, stole highly valuable data and demanded $20 million, forcing the Central American government to declare a state of emergency. A total of 670GB of data — or 90% of data accessed — was posted to a leak site weeks after.
Source: Costa Rica in crisis: Russian ransomware raises its head
Russian-speaking hacking group Vice Society leaked 500GB of information from The Los Angeles Unified School District (LAUSD) after the U.S.’s second-largest school district failed to pay an unspecified ransom by October 4th. The data contains personal identifying information, including passport details, Social Security numbers and tax forms, contact and legal documents, financial reports with bank account details, health information, conviction reports and psychological assessments of students.
Source: Hackers leak 500GB trove of data stolen during LAUSD ransomware attack
Optus, an Australian telecommunication company, experienced a severe data breach on September 22, 2022, which resulted in the exposure of 11 million customers' details.
The accessed data contained customers' names, dates of birth, phone numbers, email and home addresses, driver's license and/or passport numbers, and Medicare ID numbers.
Files containing this confidential data were shared on a hacking forum after Optus declined to pay a ransom demanded by the attacker. Additionally, victims of the breach reported receiving demands from the supposed hacker, requiring them to pay AU$2,000 (US$1,300) or face the sale of their data to other malicious actors.
Source: IOTW: Everything we know about the Optus data breach
T-Mobile has disclosed its second major security breach in under two years, acknowledging that a hacker was able to acquire customer information, such as names, birth dates, and phone numbers, from 37 million accounts. In a regulatory filing on Thursday, the telecom company stated that it believes the perpetrator initially obtained data through one of its APIs around November 25th, 2022.
According to T-Mobile, it detected illicit activity on January 5th and confirmed that the attacker had access to the compromised API for over a month. The company reported that it traced the origin of the illicit activity and fixed the API vulnerability within 24 hours of discovering it. T-Mobile has stated that the API used by the hacker did not grant access to any data containing social security numbers, credit card information, government ID numbers, passwords, PINs, or financial details.
Source: T-Mobile announces another data breach, impacting 37 million accounts.
On October 13, 2022, the healthcare and insurance provider Medibank in Australia identified some "unusual activity" on their internal systems. Four days later, on October 17, the malevolent party contacted the company and demanded "negotiations with Medibank company regarding the removal of customer data" they allegedly obtained. Nonetheless, Medibank publicly refused to meet the hacker's demands.
On November 7, Medibank disclosed the full scope of the security breach and announced that the hacker had unlawfully accessed and stolen data from 9.7 million of its current and former customers. The compromised information included confidential and personally identifying data on medical procedures, such as codes linked to diagnosis and procedures given.
Source: IOTW: Everything we know about the Medibank data leak
Dark web platforms called carding marketplaces facilitate the exchange of stolen credit card information among users who seek to commit financial fraud, typically involving substantial amounts of money. On October 12, 2022, the carding marketplace named BidenCash made public the information of 1.2 million credit cards at no cost. The posted file contained data on credit cards that will expire between 2023 and 2026, as well as other details required for online transactions.
BidenCash had previously disclosed the details of several thousand credit cards in June 2022 to promote the platform. However, after experiencing a series of DDoS attacks, the carding marketplace was compelled to establish new URLs in September, and some cybersecurity experts suggested that this latest release of information could be another attempt at an advertisement.
Source: Over 1.2 million credit card numbers leaked on hacking forum