Data Breach Report: November 2024 Edition

November 2024 marked a wave of significant data breaches across various industries, impacting millions of individuals worldwide. From mortgage brokers and law firms to popular apps and e-commerce platforms, sensitive personal and financial information was exposed due to cyberattacks and security lapses. These incidents underscore the increasing sophistication of cyber threats and the critical need for robust data protection measures. Here’s a closer look at some of the month’s most notable breaches and their far-reaching implications.

In November 2024, Australian mortgage broker Finsure confirmed a cyber incident that impacted the marketing data of a number of its brokers and customers. This data breach came to light after nearly 300,000 unique email addresses linked to Finsure were added to the Have I Been Pwned database.

Scale of the Breach: Approximately 300,000 unique email addresses linked to Finsure were exposed.

Type of Data Exposed: Names, phone numbers, and physical addresses of Finsure brokers and customers.

Cause of the Breach: The data breach originated from a third-party platform, ActivePipe, a real estate marketing platform. The exact vulnerability or method used by the attackers to access the data remains unclear.

According to the update, the incident occurred on 15 October, and Finsure has confirmed that some of its customer data has been impacted.

In November 2024, a significant data breach impacted the popular animation app, FlipaClip. This incident exposed the sensitive information of nearly 900,000 users.

Scale of the Breach: This incident exposed the sensitive information of nearly 900,000 users.

Type of Data Exposed: The exposed data included names, email addresses, dates of birth, and countries of residence.

Cause of the Breach: The breach was attributed to an improperly secured Google Firebase server.

Have I Been Pwned added the breach to its database: https://haveibeenpwned.com/PwnedWebsites#FlipaClip

In November 2024, Andrew Tate’s online platform, The Real World (formerly known as Hustler’s University), suffered a significant data breach. Hackers exploited vulnerabilities in the platform’s security to access and steal sensitive user data.

Scale of the Breach: Approximately 800,000 users were affected by the data breach.

Type of Data Exposed: The breach compromised a vast amount of user data, including usernames, potentially financial information, and private chat logs.

Cause of the Breach: The exact cause of the breach in The Real World (formerly Hustler’s University) has not been publicly disclosed. However, reports suggest that the hackers exploited a vulnerability in the platform’s security.

In November 2024, SelectBlinds experienced a data breach that exposed the personal information of approximately 200,000 customers.
The breach occurred due to malware that was embedded on the company’s website, allowing hackers to steal customer data.

Timeline:

January 7, 2024: Malware was embedded on the SelectBlinds website.
September 28, 2024: SelectBlinds became aware of the incident.
October 10, 2024: The investigation into the incident was completed.

Scale of the Breach: Approximately 200,000 customers were affected.

Type of Data Exposed: Names, Email addresses, Shipping and billing addresses, Phone numbers, Payment card numbers, expiration dates, and security codes

Cause of the Breach: Malware embedded on the company’s website.

Breach notification documents: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/7406b438-e3e1-4fdf-a240-ecea876d8ae4.html

On November 27, 2024, Keesal, Young & Logan posted a data breach notice on its website and reported the breach to the Attorney General of Maine. The breach affected over 316,350 individuals and exposed sensitive personal information.
The law firm discovered breach on June 13, 2024, and determined that unauthorized access to its network occurred between June 7 and 13, 2024.

Scale of the Breach: Over 316,350 individuals were affected.

Type of Data Exposed: Names, Social Security numbers, Driver’s license numbers, Financial account numbers, Individual taxpayer identification numbers, Date of birth, Medical information, Health insurance numbers

Cause of the Breach: Unauthorized access to the firm’s network between June 7th and 13th, 2024.

KYL Official Breach Notification: https://www.kyl.com/notice-of-data-event/

On November 26, 2024, OnePoint Patient Care (OPPC) filed a notice of data breach with the Attorney General of Maine. The breach exposed sensitive information of over 1.7 million individuals, including names, addresses, medical records, Social Security numbers, and prescription information. Unauthorized access to the company’s network occurred between August 6 and 8, 2024.

Scale of the Breach: Over 1.7 million individuals were affected.

Type of Data Exposed: Names, Addresses, Residence information, Medical record numbers Diagnoses, Social Security numbers, Prescription information.

Cause of the Breach: Unauthorized access to the company’s computer network between August 6, 2024 and August 8, 2024.

Notice of a Data Security Incident: https://www.oppc.com/data-security-incident/

AnnieMac Home Mortgage, a mortgage lender based in Mount Laurel, New Jersey, experienced a data breach on August 21, 2024. The breach affected over 171,000 individuals, exposing their names and Social Security numbers. The company discovered the unauthorized access on August 23, 2024, and filed a notice of data breach with the Attorney General of Maine on November 14, 2024.

Scale of the Breach: Over 1.7 million individuals were affected.

Type of Data Exposed: Names and Social Security numbers.

Cause of the Breach: Unauthorized access to the company’s network on August 21, 2024.