Data Breach Report: September 2024 Edition
PKWARE’s September 2024 Data Breach Report highlights several significant breaches affecting millions of individuals globally. The MC2 Data leak exposed the sensitive information of over 100 million Americans, including names, addresses, and Social Security numbers. Security breaches at CBIZ and Stillwater Mining Company underscored ongoing challenges in protecting personal data. The Microchip Technology incident, attributed to the Play Ransomware group, was a significant attack on a semiconductor supplier, disrupting operations and exposing employee information.
Other notable breaches included a Disney Slack leak exposing 1.1 terabytes of confidential data and a Slim CD Inc. breach affecting approximately 1.7 million people. Additionally, Avis Car Rental experienced a cybersecurity incident impacting around 300,000 customers. A ransomware attack on Kawasaki Motors Europe and a sensitive information breach affecting 30,000 Franklin County, Kansas residents further highlighted vulnerabilities across various sectors. These events underscore the urgent need for robust cybersecurity measures across industries.
Microchip Technology’s Ransomware Attack
The Microchip Technology data breach of August 2024 was a significant incident that exposed employee information and disrupted operations at the semiconductor manufacturer. This attack, carried out by the Play Ransomware group, involved the theft of sensitive employee data and temporarily impacted the company’s ability to fulfill orders.
Scale of the Breach: The full extent of the breach is still under investigation. The breach affected multiple manufacturing facilities. It compromised employee data stored in specific company IT systems.
Type of Data Exposed: The breach exposed employee contact information and some encrypted and hashed passwords. Currently, there’s no evidence of customer or supplier data being compromised.
Cause of the Breach: The breach was attributed to a ransomware attack. The attackers gained unauthorized access to Microchip’s systems. They encrypted data, demanding a ransom payment to avoid releasing the stolen data or disrupting operations further.
The Microchip Technology data breach underscores the need for enhanced cybersecurity measures in manufacturing environments, especially in the semiconductor industry. The company’s swift response in isolating affected systems and engaging external cybersecurity experts was crucial. It demonstrates the importance of rapid incident response in mitigating potential damages.
MC2 Data Breach Exposes 100 Million Records
The MC2 data breach of 2024 was a significant cybersecurity incident that exposed the personal information of 100 million Americans, potentially impacting a large portion of the general public. This massive leak involved sensitive data, including names, addresses, Social Security numbers, and financial details. The breach highlighted vulnerabilities in supply chains and the potential for widespread data exposure.
Scale of the Breach: The leaked data affected approximately 100 million Americans, making it one of the most significant breaches in recent history.
Type of Data Exposed: The breach exposed personal information, including names, addresses, Social Security numbers, dates of birth, and financial details.
Cause of the Breach: The breach is attributed to a misconfigured database left unprotected and easily accessible online.
This incident underscores the immediate need for stronger data protection measures throughout the supply chain. Safeguarding sensitive information is a significant challenge, and this breach serves as a stark reminder for companies to strengthen cybersecurity strategies.
Disney’s Major Data Breach
The Disney Slack data breach of July 2024 was a significant incident that exposed over 1.1 terabytes of confidential information. This massive leak, carried out by the hacktivist group “NullBulge,” involved sensitive data from nearly 10,000 internal Slack channels.
Scale of the Breach: The leaked data, totaling 1.1 terabytes, was one of the most significant corporate breaches in recent years. It affected a wide range of Disney’s operations.
Type of Data Exposed: The breach exposed confidential information, including unreleased project details and financial data. IT data, internal communications, source code, login credentials, and personal information of employees and customers were also compromised.
Cause of the Breach: The breach was reportedly caused by a compromised endpoint of a Disney developer. The developer installed a malicious video game mod, allowing hackers to access the network.
Following Disney’s data breach, the company transitioned away from Slack across the organization. The migration will be completed by the end of the next fiscal quarter. This incident is a stark reminder of the urgent need for robust cybersecurity measures and the risks of insider threats. The breach involved the hacktivist group NullBulge, which gained access to Disney’s Slack platform and stole 1.1 terabytes of confidential data. It underscores the immediate need for organizations to evaluate internal systems and implement strong security measures to protect sensitive information.
CBIZ Breach Exposes Personal Information of Thousands
The June 2024 CBIZ data breach was a significant cybersecurity incident that exposed the personal information of 36,000 individuals. This breach, caused by a vulnerability on one of CBIZ’s web pages, involved sensitive data. The exposed data included names, Social Security numbers, and retiree health information.
Scale of the Breach: The compromised data affected approximately 36,000 individuals linked to various CBIZ clients. It primarily involved information related to retiree health and welfare plans.
Type of Data Exposed: The CBIZ data breach exposed a wide range of personal information, including names, contact details, Social Security numbers, dates of birth, and sometimes death dates.
Cause of the Breach: An unauthorized party exploited a vulnerability on one of CBIZ’s web pages, gaining access to databases. The breach occurred between June 2 and June 21, 2024.
Upon discovering the breach on June 24, 2024, CBIZ promptly launched an investigation with cybersecurity experts. The company fixed the vulnerability and implemented additional security measures to protect its systems. This incident highlights the ongoing challenges of safeguarding sensitive information in the digital age. It’s especially concerning for companies handling large amounts of personal and financial data. CBIZ’s response offered affected individuals two years of complimentary credit monitoring and identity theft protection services.
Port of Seattle
A central transportation hub in the United States experienced a data breach in August 2024. In September 2024, it provided an update confirming that the ransomware attack had compromised the personal information of some employees and customers.
Scope of the Breach: The exact number of individuals affected by the breach is not publicly available, but it is believed to have impacted a significant number.
Type of Data Exposed: The data compromised in the breach included personal information such as names, addresses, and Social Security numbers, as well as potentially financial information related to employment.
Cause of the Breach: The Rhysida cybercriminal group confirmed the incident as a ransomware attack. The attackers accessed certain parts of the Port’s computer systems and encrypted some data.
“Our investigation of what data the actor took is ongoing, but it does appear that the actor obtained some Port data in mid-to-late August,” the Port said, adding that it will notify employees or passengers if it learns that any of their information was stolen.”
Stillwater Mining Company
The Stillwater Mining Company data breach of June 2024 was a significant cybersecurity incident that exposed the personal information of 7,258 employees. This substantial leak, discovered on July 8, 2024, involved sensitive data from the only platinum and palladium mines in the United States.
Scale of the Breach: The leaked data affected 7,258 employees, compromising their personal and potentially financial information.
Type of Data Exposed: The Stillwater Mining Company data breach exposed a wide range of personal information, including names, contact details, government IDs, passport numbers, Social Security numbers, tax IDs, birth certificates, financial data like bank account numbers, and medical information such as health plan numbers
Cause of the Breach: The breach resulted from a cyberattack in mid-June 2024. The RansomHub hacking operation claimed responsibility for the attack on July 22 and allegedly leaked all stolen information on August 15.
Stillwater Mining Company took over a month to confirm the data breach, officially announcing it on August 19, 2024. The company has engaged external cybersecurity experts to investigate the incident and works closely with law enforcement to identify those responsible for the attack. In response to the breach, Stillwater Mining Company has offered affected employees 24 months of free identity and credit monitoring services through Experian’s IdentityWorks. The company has also implemented additional cybersecurity measures, including real-time monitoring and endpoint detection systems.
This incident underscores companies’ ongoing challenges in protecting sensitive employee data and highlights the importance of robust cybersecurity measures in the mining industry.
Franklin County, Kansas Data Breach Exposes Sensitive Information of Nearly 30,000 Residents
In May 2024, Franklin County, Kansas, suffered a significant cybersecurity incident that compromised the personal data of thousands of residents. The County Clerk’s Office breach exposed a wide range of sensitive information, raising concerns about data security in local government systems.
Scale of the Breach: The data breach affected 29,690 individuals, primarily residents of Franklin County.
Type of Data Exposed: The compromised information included names, addresses, Social Security numbers, driver’s license numbers, financial account details, and medical information. Additionally, the breach exposed data related to county services, such as medical record numbers, vaccination information, COVID-related data, and insurance details.
Cause of the Breach: The incident was attributed to a ransomware attack that targeted the county’s computer network.
Franklin County officials discovered the unauthorized access on May 20, 2024, and immediately initiated a response. They engaged a digital forensics team to secure the network and investigate the extent of the breach. The county also notified federal law enforcement agencies and cooperated with their inquiries. As part of their mitigation efforts, Franklin County implemented several security measures. These included deactivating inactive user accounts and evaluating their IT security protocols to protect sensitive data better. The county also thoroughly reviewed the compromised data to identify affected individuals and provide appropriate notifications.
Slim CD Data Breach Exposes 1.7 Million Customers’ Information
Slim CD Inc., a payment gateway provider, recently disclosed a significant cybersecurity incident that compromised the personal and financial information of approximately 1.7 million individuals. This extensive data breach, lasting nearly ten months, has raised alarms in the financial technology sector.
Scale of the Breach: The breach affected roughly 1.7 million Slim CD customers, exposing their sensitive personal and financial data.
Type of Data Exposed: The compromised information included names, addresses, credit card numbers, and expiration dates.
Cause of the Breach: Unauthorized access to Slim CD’s systems occurred between August 17, 2023, and June 15, 2024.
Slim CD discovered the breach on June 15, 2024, but the attackers had been lurking in their systems since August 17, 2023. This extended period of unauthorized access highlights the sophisticated nature of the attack and the challenges in detecting such intrusions. The company has taken steps to address the situation, including notifying affected individuals, engaging third-party cybersecurity experts, and implementing additional safeguards. However, the incident underscores the ongoing vulnerabilities in payment processing systems and the critical need for robust cybersecurity measures.
Customers affected by this breach should remain vigilant, monitoring their credit reports and financial statements for suspicious activity. It’s also advisable to consider changing passwords and enabling two-factor authentication where possible to enhance account security.
Avis Car Rental Data Breach Exposes Nearly 300,000 Customers’ Information
In August 2024, Avis Car Rental, a prominent player in the car rental industry, fell victim to a significant cybersecurity incident. This breach compromised the personal information of approximately 300,000 customers, sending ripples through the automotive and travel sectors.
Scale of the Breach: The data breach impacted 299,006 individuals, exposing their sensitive personal information to unauthorized access.
Type of Data Exposed: The compromised data included names, addresses, driver’s license numbers, and other personal information. Financial account information and credit card details were also exposed in some cases.
Cause of the Breach: Unauthorized access to one of Avis’ business applications occurred between August 3 and August 6, 2024, leading to the data breach.
Avis discovered the breach on August 5, 2024, when suspicious activity was detected within its computer network. The company promptly initiated containment measures and engaged cybersecurity experts to investigate the incident’s scope and impact.
The breach highlights the ongoing vulnerabilities in large corporations’ data security systems, particularly those handling extensive customer information. It underscores the critical need for robust cybersecurity measures and constant vigilance in the face of evolving cyber threats.
In response to the breach, Avis has begun notifying affected individuals and is offering one year of free credit monitoring services. The company also works closely with law enforcement agencies and cybersecurity professionals to strengthen its security protocols and prevent future incidents.
Popular French retailers
Truffaut, Boulanger, and Cultura experienced a significant data breach in September 2024 that compromised the personal information of many customers. The incident involved the unauthorized access and theft of customer data, including sensitive information such as names, addresses, email addresses, and credit card details.
Scope of the Breach: The breach affected many customers across all three retailers, compromising their personal and financial information. While the exact number of individuals impacted has not been disclosed publicly, it is believed to be significant.
Type of Data Exposed: The stolen data included customer names, email addresses, phone numbers, mailing addresses, and credit card details. Credit card information is susceptible and can be used for fraudulent activities.
Cause of the Breach: The exact cause of the breach is still under investigation. However, it is believed to have resulted from a cyberattack, possibly involving social engineering techniques or vulnerabilities in the retailers’ security systems.
All three retailers have acknowledged the breach and are working closely with law enforcement and cybersecurity experts to investigate the incident and mitigate its impact.
Kawasaki Motors Europe Hit by Massive Data Breach
In September 2024, Kawasaki Motors Europe (KME), a subsidiary of the Japanese conglomerate Kawasaki Heavy Industries, was the victim of a significant cybersecurity incident. This breach exposed sensitive customer information, sending shockwaves through the automotive industry and raising concerns about data protection in the digital age.
Scale of the Breach: The RansomHub ransomware group claimed to have exfiltrated 487 gigabytes of data from KME’s systems, potentially affecting many customers across Europe.
Type of Data Exposed: The compromised information reportedly included names, addresses, contact details, and potentially financial data related to purchases or warranties. Business documents, dealership information, and internal communications were also among the leaked files.
Cause of the Breach: While the exact cause remains undisclosed, unauthorized access to KME’s business applications occurred between August 3 and August 6, 2024. The company detected the intrusion on August 5 and immediately initiated containment measures.
KME promptly responded to the attack by isolating its servers and implementing a thorough “cleansing process” to detect and remove potential infections. The company’s IT department and external cybersecurity experts spent the following week checking and restoring server interconnectivity.
Despite KME’s efforts to downplay the attack’s success, the RansomHub group released the allegedly stolen data on the dark web on September 5, 2024. This action suggests that KME may have chosen not to negotiate with the attackers, prioritizing system restoration over ransom payment.