Patient Information Compromised in Data Breach at San Diego Healthcare Provider

patient-information-compromised-in-data-breach-at-san-diego-healthcare-provider

San Diego healthcare services provider Sharp HealthCare is informing patients that some of their information was compromised in a recent data breach.

A not-for-profit healthcare provider, Sharp operates multiple hospitals and facilities in San Diego County, has 19,000 employees and works with roughly 2,700 affiliated physicians.

The incident took place on January 12, when an unauthorized party gained access to a server running the Sharp.com website, the company says in a data breach notice.

According to the healthcare services provider, the unauthorized access lasted for a few hours only, but, during this time, the attackers accessed a file containing patient data.

The compromised information, the company says, includes names, payment amounts, which Sharp facilities received the payments, and Sharp identification numbers and/or invoice numbers.

Payment card data, Social Security numbers, contact information, health insurance details, birth dates, clinical information, or details about received services were not accessed.

“Additionally, this incident did not involve unauthorized access to Sharp’s medical record systems or the FollowMyHealth patient portal,” the healthcare provider says.

According to the organization, the incident only impacted Sharp patients who used the online bill payment service to pay a bill or invoice between August 12, 2021, and January 12, 2023. According to The San Diego Union Tribune, roughly 63,000 individuals were impacted.

“We have no indication that anyone’s information has been misused. However, as a precaution, we are mailing notification letters to individuals whose information was involved in this incident,” Sharp says.

Stolen personal and medical information is often shared or traded on underground hacker forums and later used by cybercriminals in phishing and other types of cyberattacks.

Related: Vulnerabilities in OpenEMR Healthcare Software Expose Patient Data

Related: Ransomware Hit 200 US Gov, Education and Healthcare Organizations in 2022

Related: Data Breach at Louisiana Healthcare Provider Impacts 270,000 Patients

The post Patient Information Compromised in Data Breach at San Diego Healthcare Provider appeared first on SecurityWeek.

20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder

20-million-users-impacted-by-data-breach-at-instant-checkmate,-truthfinder

PeopleConnect-owned background check services Instant Checkmate and TruthFinder have disclosed data breaches affecting a total of more than 20 million users.

In individual data breach notices published on February 3, the organizations informed users that the incident was discovered after cybercriminals started sharing databases stolen from the two companies on underground forums.

The databases – or ‘lists’, as the two companies call them – contain names, email addresses, phone numbers, encrypted passwords, and password reset tokens that are either expired or inactive.

“We have confirmed that the list was created several years ago and appears to include all customer accounts created between 2011 and 2019. The published list originated inside our company,” the announcements read.

The two organizations note that the leaked information does not include details on user activity or payment data.

While Instant Checkmate and TruthFinder also note that no “readable or usable passwords or other means to compromise user accounts” leaked either, it is not uncommon for cybercriminals to try to crack stolen encrypted passwords.

“As a best practice we would recommend that you not respond to suspicious communications. We will never ask you for your password, social security number or payment information via email or telephone,” the companies say.

Investigations were launched into both incidents, but no evidence of malicious activity has been found as of now on their networks. According to the two announcements, the data breach was the result of the “inadvertent leak or theft” of the impacted database.

While neither Instant Checkmate nor TruthFinder shared information on the number of affected individuals, the data has already been added to Troy Hunt’s breach notification service Have I been pwned.

The leaked databases include the information of more than 11.9 million Instant Checkmate accounts, and the details of over 8.1 million TruthFinder accounts.

Related: 820k Impacted by Data Breach at Zacks Investment Research

Related: 18k Nissan Customers Affected by Data Breach at Third-Party Software Developer

Related: 251k Impacted by Data Breach at Insurance Firm Bay Bridge Administrators

The post 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder appeared first on SecurityWeek.

Google Fi Data Breach Reportedly Led to SIM Swapping

google-fi-data-breach-reportedly-led-to-sim-swapping

The Google Fi telecommunications service has informed customers about a data breach that appears to be related to the recently disclosed T-Mobile cyberattack. 

Google Fi, which provides wireless phone and internet services, has told customers that the breach is related to its primary network provider, without naming it. 

However, T-Mobile is Google Fi’s primary network provider, which means the incident is likely related to the hacker attack disclosed by the wireless carrier in mid-January. 

Google Fi said there had been unauthorized access to a third-party customer support system containing a “limited amount” of customer data. This data includes phone number, account activation date, mobile service plan, SIM card serial number, and account status.

The company says names, dates of birth, email addresses, payment card details, social security numbers, financial account information, passwords or PINs were not exposed. Hackers also did not gain access to the content of calls or SMS messages. 

“There was no access to Google’s systems or any systems overseen by Google,” customers were told. 

Google Fi data breach
Google Fi data breach notification

Most of the impacted customers do not need to take any action — except be on the lookout for phishing attempts. However, one Google Fi user reported on Reddit that their notification also informed them that their mobile phone service had been transferred from their SIM card to another SIM card for nearly two hours on January 1. 

The notification from Google Fi, according to the impacted customer, read, “During the time of this temporary transfer, the unauthorized access could have involved the use of your phone number to send and receive phone calls and text messages. Despite the SIM transfer, your voicemail could not have been accessed. We have restored Google Fi service to your SIM card.”

The customer confirmed that their SIM card had been targeted in a SIM swapping attack on January 1, and claimed that the hacker used it to access three online accounts, including email, financial account, and the Authy authenticator app. 

“I tried reporting this repeatedly to Google Fi, including with detailed evidence, and their customer support reps didn’t believe me and didn’t follow up,” the customer said. “They thought this was a standard password compromise or something, even though I could clearly see from activity logs that the hacker reset my passwords rather than logging in and then changing them, and I could see in the Google Fi activity logs the SMSes I didn’t receive that they used to compromise my accounts.”

As for T-Mobile, the company said it detected a data breach on January 5. The threat actor, which has not been identified, apparently abused an API to access customer account data such as name, billing address, phone number, email, date of birth, and service information. Roughly 37 million current postpaid and prepaid customer accounts are impacted. 

Related: Hackers Accessed Information of T-Mobile Prepaid Customers

Related: T-Mobile Notifying Customers of Another Data Breach

Related: Lapsus$ Hackers Gained Access to T-Mobile Systems, Source Code 

The post Google Fi Data Breach Reportedly Led to SIM Swapping appeared first on SecurityWeek.

British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers

british-retailer-jd-sports-discloses-data-breach-affecting-10-million-customers

British sports fashion retail firm JD Sports on Monday revealed that it has discovered a data breach impacting roughly 10 million of its customers. 

According to the company, the cyber incident affects information provided by customers who placed online orders between November 2018 and October 2020. The JD, Size, Millets, Blacks, Scotts and MilletSport brands are impacted.

Based on the company’s brief description of the incident, it’s possible that hackers stole names, billing addresses, delivery addresses, phone numbers, email addresses, order details, and last four digits of the customers’ payment cards. 

There is no indication that full payment card data or account passwords were compromised. 

The company has called in external cybersecurity experts to investigate the incident and authorities in the UK have been notified. The investigation is ongoing. 

In its statement, JD Sports warned customers that they may be targeted in scams and phishing attacks.

Related: Fashion Retailer Guess Notifies Users of Data Breach

Related: German Privacy Watchdog Investigates Clothing Retailer H&M

Related: Clothing Retailer Fallas Hit by Payment Card Breach

The post British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers appeared first on SecurityWeek.