Over 4.3 million records breached worldwide in April 2023.

May 8, 2023 |

Itgovernance has published the list of reported or otherwise discovered data breaches in April 2023 and found that there were 120 publicly disclosed breaches which resulted in 4,353,257 records being compromised. Fortunately Australian entities did not feature April’s tally. They made up a significant part of the tallies in late 2022 and earlier this year.

Some of the prominent breaches involved:

Itgovernance highlight the the following data breaches in April:

1. Shields Health Care Group

The largest data breach of April 2023 was at the Shields Health Care Group, a Massachusetts-based medical services provider. Reports emerged near the end of the month that a cyber criminal had gained unauthorised access to the organisation’s systems and had stolen the personal data of 2.3 million people.

In a letter sent to affected individuals, Shields said that the incident dates back to March 2022, when it first identified suspicious activity on its internal network.

The breach had been speculated about at the time, but the firm’s investigation concluded last month and revealed that the scale of the damage.

The crooks reportedly had access to sensitive data for two weeks and that information included patients’ Social Security numbers, dates of birth, home addresses, healthcare provider information and healthcare history.

Additionally, billing information, insurance numbers and other financial details were stolen in the attack.

In a statement, Shields said that it “takes the confidentiality, privacy, and security of information in our care seriously. Upon discovery, we took steps to secure our systems, including rebuilding certain systems, and conducted a thorough investigation to confirm the nature and scope of the activity and to determine who may be affected.

“Additionally, while we have safeguards in place to protect data in our care, we continue to review and further enhance these protections as part of our ongoing commitment to data security.”

2. NCB Management

NCB Management learned last month that a cyber criminal infiltrated its systems and stole almost one million financial records.

An internal investigation from the debt collection services provider found that criminal hacker first accessed NCB Management’s systems on 1 February 2023, but it’s unclear how long they remained in its systems.

What is apparent is that the crook accessed credit card data for consumers’ Bank of America past-due accounts.

The accounts were already closed, but the attacker would have had access to a gamut of information, including people’s first and last names, address, phone number, email address, date of birth, employment position, pay amount, driver’s licence number, Social Security number, account number, credit card number, routing number, account balance and/or account status.

When combined with the knowledge that these people had been pursued by a debt collection agency, it creates the possibility for a variety of scams.

The incident was reported to the relevant authorities by Bank of America, but it’s unclear what part the bank had to play in the breach beyond the fact that its customers were affected.

3. Kodi

The open source media player Kodi reported last month that an unauthorised actor compromised its MyBB forum database and stole personal data belonging to 400,635 users.

“MyBB admin logs show the account of a trusted but currently inactive member of the forum admin team was used to access the web-based MyBB admin console twice: on 16 February and again on 21 February,” Kodi said in a statement.

The crooks were able to download nightly backups of the complete database, which contained all public forum posts, team forum posts and direct messages. More worryingly, the same database contained usernames, email addresses and encrypted passwords.

Fortunately for Kodi, its team said that there was no evidence that the criminal hackers gained access to the underlying server hosting the MyBB software.




Leave a Reply

Verified by MonsterInsights