Data Breach Report: August 2024 Edition
The month of August 2024 was marked by a series of significant data breaches that impacted millions of individuals worldwide. From the massive data leak at Tencent to the security incidents at Oregon Zoo and Kootenai Health, these breaches highlighted the ongoing challenges of protecting personal information in the digital age. Additionally, the ransomware attack on Young Consulting (Connexure) and the data exposure at East Valley Institute of Technology (EVIT) further underscored the vulnerability of organizations, both large and small, to cyber threats.
Tencent
The Tencent data breach of August 2024 was a significant cybersecurity incident that exposed the personal information of 1.4 billion user accounts.
This massive leak, carried out by a hacker known as “Fenice,” involved sensitive data such as emails, phone numbers, and QQ IDs.
Scale of the Breach: The leaked data, shared in a 500GB file, was dubbed the “Mother of All Breaches” (MOAB) due to its sheer size and potential impact.
Type of Data Exposed: The Tencent data breach exposed a wide range of personal information, including Email addresses, Phone numbers, QQ IDs.
Cause of the Breach: The exact cause of the Tencent data breach has not been officially disclosed.
The breach raised serious concerns about the security of user information handled by major technology companies, emphasizing the need for enhanced data protection measures.
While the full extent of the damage caused by the Tencent data breach may take time to assess, it remains a significant cybersecurity event that highlights the ongoing challenges of protecting user data in the digital age.
300 Indian Banks
In August 2024, a significant ransomware attack disrupted the operations of numerous small banks across India. The attack targeted C-Edge Technologies, a provider of banking technology systems, leading to temporary shutdowns of payment systems at approximately 300 affected banks.
Unfortunately, as of August 2024, specific details about the scale, type of data exposed, and exact cause of the ransomware attack on Indian banks are still emerging. The investigation is ongoing, and more information may become available in the coming months.
Oregon Zoo
The Oregon Zoo data breach in August 2024 was a security incident that compromised the personal information of approximately 118,000 individuals. While the specific details of the breach were not fully disclosed, the zoo confirmed that the compromised data included sensitive information.
Scale of the Breach: Impacted approximately 118,000 individuals. While the exact scale of the breach in terms of the amount of data exposed was not disclosed publicly.
Type of Data Exposed: The breach exposed sensitive personal data such as names, addresses, phone numbers, and email addresses. This type of information can be used for various malicious activities, including identity theft, phishing scams, and targeted attacks.
Cause of the Breach: The Oregon Zoo did not disclose the specific cause of the breach.
Kootenai Health
Kootenai Health data breach in August 2024 was a security incident that compromised the personal and health information of over 460,000 individuals. The healthcare provider disclosed that the breach involved the unauthorized access and disclosure of sensitive data, including names, addresses, Social Security numbers, dates of birth, medical record numbers, and other personal information.
Scale of the Breach: The breach affected over 460,000 individuals, making it a major data security incident.
Type of Data Exposed: The compromised data included names, addresses, Social Security numbers, dates of birth, medical record numbers, and other personal information.
Cause of the Breach: Kootenai Health did not disclose the specific cause of the breach
Toyota
The Toyota data breach in August 2024 was a significant security incident that impacted an undisclosed number of individuals. While the automaker did not disclose the specific details of the breach, they confirmed that a data breach had occurred and that they were investigating the matter.
Iyuno (Netflix Partner)
While Netflix itself did not experience a direct data breach in August 2024, a significant security incident involving one of its production partners, Iyuno, had a substantial impact on the streaming giant.
Scale of the Breach: The media localization company Iyuno suffered a security breach that resulted in the unauthorized access and release of unreleased Netflix content.
Type of Data Exposed: The leaked content included episodes from highly anticipated shows like Arcane, Heartstopper, and Stranger Things.
Cause of the Breach: The specific cause of the Iyuno data breach in August 2024 has not been publicly disclosed
East Valley Institute of Technology
The East Valley Institute of Technology (EVIT) experienced a significant data breach in August 2024 that compromised the personal information of over 200,000 individuals. The breach was first detected in January 2024, but the full extent of the data exposure was not realized until August.
Scale of the Breach: The breach affected a large number of individuals, including current and former students, faculty, and parents.
Type of Data Exposed: The exposed data included highly sensitive information like Names, Social Security numbers, Medical information, Financial account information, Driver’s license numbers, Date of birth, Place of birth, Passport numbers, etc.
Cause of the Breach: EVIT is still processing an investigation to determine the cause of the breach.
EVIT notification: https://www.evit.edu/about-evit/district-departments/information-systems/notice-of-january-breach
Young Consulting (now Connexure)
Young Consulting has notified impacted individuals of the breach in August 2024. The company experienced a significant data breach in April 2024. The breach involved the theft of sensitive personal information, including names, Social Security numbers, dates of birth, and insurance policy/claim information.
Scale of the Breach: The breach impacted nearly 1 million individuals (approximately 954,177).
Type of Data Exposed: The information potentially affected varies by individual but may include a combination of: Names, Social Security numbers, Dates of birth, Insurance policy information, Claim information.
Cause of the Breach: The breach was the result of a ransomware attack by the BlackSuit group.