Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.
The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.
The Partnership HealthPlan of California (PHC)
The Partnership HealthPlan of California (PHC): Health Insurer
Risk to Small Business: The Hive ransomware group says that they’re responsible for a ransomware attack on The Partnership HealthPlan of California (PHC), claiming to have snatched 400 GB of data including 850,000 unique records. PHC has been experiencing computer system disruptions and the organization said that it is working to investigate and recover from the attacks with support from third-party forensic specialists. The stolen data is known to include names, Social Security numbers, and addresses of current and past PHC members.
How it Could Affect Your Business: Healthcare data is an especially popular commodity for bad actors and incidents like this are expensive disasters for the institutions that have them.
The New York City Department of Education
Exploit: Supply Chain Risk
The New York City Department of Education: Government Agency
Risk to Small Business: The New York City Department of Education has discovered that the personal information of an estimated 850,000 students was exposed in a supply chain service provider data breach in January. That incident occurred at Illuminate Education, a California-based company that provides software to track grades and attendance. An agreement that the vendor had with NYC Schools called for the data to be encrypted, but it was discovered to not have occurred at the time of the breach. The incident is under investigation by New York state officials.
How it Could Affect Your Business: A security failure at a supplier can lead to a headache like a data breach for any organization.
United States – Shutterfly
Shutterfly: Photography Retail Platform
Risk to Small Business: Shutterfly has disclosed a data breach that exposed employee information in a ransomware attack by the Conti group. Shutterfly disclosed that its network was breached on December 3rd, 2021, and threat actors gained access to employee information. The company went on to disclose that documents stolen during the attack may have contained employees’ personal information, including names, salary and compensation information and FMLA leave or workers’ compensation claims. Shutterfly is offering two years of free credit monitoring from Equifax for those affected.
How it Could Affect Your Business: Personal data is a hot ticket item, and big companies often have a storehouse of it in their employee records.