HALOCK Breach Bulletin

More Corporate Giants are Victims to the MOVEit Vulnerability

Description

There is an adage that says, “Old habits die hard.” Exploitable vulnerabilities die equally hard as well. It was May 28, 2023, when the MOVEit vulnerability was first identified. MOVEit is a secure Managed File Transfer (MFT) software developed by Progress Software that securely transfers files and data between servers, systems, and applications. The vulnerability known as CVE-2023-34362 allows hackers to bypass authentication on unpatched (more…)

Toymaker Settles Data Breach Class Action Suit for $500,000

Description

Squishable, a New York based company that makes cute and cuddly companion toys for children, suffered what is referred to as a Magecart attack that affected nearly 16,000 customers back in 2022. These types of attacks are carried out by injecting malicious scripts into e-commerce sites to steal payment information. In Squishable’s case, the malicious code was present on their website from May 26 to (more…)

Dental Center Agrees to Settlement of $2.7 Million for Data Breach

Description

Great Expressions Dental Centers, a Michigan-based dental service organization with nearly 300 affiliated practices across the United States, experienced a significant data breach in February 2023. The incident affected approximately 1.9 million patients and employees. Over a six-day period, an unauthorized party potentially accessed personal information of both employees and patients. For employees, the compromised data included names, Social Security numbers (SSNs), driver’s license (more…)

Multi-Vendor Vulnerability Results in Data Breach at Rackspace

Description

Rackspace is a managed cloud computing provider based in San Antonio, Texas, that offers cloud hosting, dedicated servers, and multi-cloud solutions. The company servers than 300,000 customers across the world, including two-thirds of the world’s largest public traded companies. On the morning of September 24, 2024, Rackspace fell victim to a cyberattack that exploited a zero-day vulnerability in a monitoring application provided by ScienceLogic. (more…)

Data Breach Victims Eligible for Compensation in $3.25M Settlement

Description

See Tickets, a global ticketing services company, detected suspicious activity on several of its e-commerce platforms in May of 2023. A subsequent investigation revealed that cybercriminals had injected malicious code into the company’s checkout pages. This unauthorized code enabled the attackers to capture customer information transactions processed between February 28, 2023, and July 2, 2023. The compromised data included names, addresses, zip codes, payment card (more…)

$200,000 Fraudulent Scheme Forces Finance Director to Step Down

Description

The mayor of Plymouth, Connecticut reported on the mayor’s office Facebook page that the town had fallen victim to a sophisticated social engineering scam. Cybercriminals had compromised the accounts of one of the town’s vendors a month earlier, gaining access to information about an ongoing project for the town. Using this knowledge, the scammers sent fraudulent invoices to the town’s financial department. While the (more…)

Misconfigured Settings Exposes Social Security Numbers of Aviation Industry Users

Description

FlightAware, based in Houston, Texas, is renowned for delivering real-time, historical, and predictive flight insights to various segments of the aviation industry, including airlines, airports, and air traffic control. On July 25, the company identified a configuration error in its backend systems that had exposed personal user information for over three years, allowing unauthorized access. In response, the company’s President issued a letter to (more…)

City in Ohio Avoids Devastating Ransomware Attack

Description

The city of Columbus, Ohio, had its communication and digital services impacted for almost two weeks following a cybersecurity incident that was detected on July 18, 2024. City officials clarified that the incident is entirely unrelated to the CrowdStrike incident that occurred during the same period. Email services have been completely down, and some computer services affecting public safety, utilities, and public health were (more…)

Go to Top