An Extra 381,000 New York City Students’ Data Breached From 2022 Incident

This brings the total to more than 1.2 million people’s data breached

Welcome to this week’s round-up of the biggest and most interesting news stories in the USA.

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks.


Publicly disclosed data breaches and cyber attacks: in the spotlight

A further 381,000 New York City public school students affected by 2022 data breach

In January 2022, personal data from around 820,000 New York City public school students, both current and former, was breached.

It emerged this week, according to the New York City Department of Education, that data from a further 381,000 students was also compromised in this incident.

Data breached: 1,201,000 people’s data.

Personal data from 377,119 individuals compromised in Continuum Health Alliance breach

In February, the New Jersey-based health care provider Continuum Health Alliance announced an ongoing investigation into a security incident. It initially detected suspicious activity within its network on October 19, 2023.

This week, Continuum Health Alliance notified the Office of the Maine Attorney General that 377,119 people’s data had been compromised. This included Social Security numbers.

Data breached: 377,119 people’s data.


Publicly disclosed data breaches and cyber attacks in the USA: full list

This week, we found 1,296,578 records known to be compromised in the USA, and 41 U.S. organizations suffering a newly disclosed incident. All of them are known to have had data exfiltrated, exposed, or otherwise breached.

We also found 9 U.S. organizations providing a significant update on a previously disclosed incident.

Organization(s)SectorData breached?Known data breached
New York City public school
Source 1; source 2
(Update)
EducationYes1,201,000
Continuum Health Alliance, LLC
Source 1; source 2
(Update)
Health careYes377,119
MedStar Health
Source
(New)
Health careYes183,079
OrthoConnecticut
Source
(New)
Health careYes118,141
Bluebonnet Trails Community Services
Source
(New)
Health careYes76,165
Enstar (US) Inc.
Source 1; source 2
(Update)
InsuranceYes75,101
Airsoftc3.com
Source
(New)
SoftwareYes75,000
Associated Wholesale Grocers
Source
(New)
RetailYes26,579
The Philadelphia Inquirer
Source 1; source 2
(Update)
MediaYes25,549
Bay Oral Surgery & Implant Center
Source
(New)
Health careYes13,055
Bousquet Holstein PLLC
Source
(New)
LegalYes12,690
Lamont, Hanley & Associates, Inc.
Source
(New)
FinanceYes11,484
Inteplast Group
Source
(New)
ManufacturingYes7,717
Dental Health Services
Source
(New)
InsuranceYes6,340
Los Angeles County Department of Health Services
Source
(New)
PublicYes6,085
Empath Health
Source
(New)
HealthcareYes5,545
Liberty University
Source
(New)
EducationYes5,434
West Idaho Orthopedics
Source 1; source 2
(Update)
Health careYes5,000
Health First Urgent Care
Source
(New)
Health careYes4,538
Dohman Akerlund & Eddy
Source
(New)
FinanceYes3,687
Illinois State Credit Union
Source
(New)
FinanceYes3,084
Mana Products
Source
(New)
ManufacturingYes2,470
Bluegrass Care Navigators
Source
(New)
Health careYes2,282
Directive Communication Systems
Source
(New)
FinanceYes1,546
VeriSource Services, Inc.
Source
(New)
IT servicesYes1,382
Worthen Industries
Source 1; source 2
(Update)
ManufacturingYes1,277
R.J. Grondin & Sons
Source
(New)
ConstructionYes741
WELBRO Building Corporation
Source 1; source 2
(Update)
ConstructionYes693
American Renal Management LLC
Source
(New)
Health careYes501
Rebound Orthopedics & Neurosurgery
Source 1; source 2
(Update)
Health careYes500
Chambers Construction Co.
Source
(New)
ConstructionYes489
ClearVision Optical
Source
(New)
RetailYes261
Symphony Financial, LLC.
Source
(New)
FinanceYes151
City of Pensacola Government
Source 1; source 2
(Update)
PublicYes22
io.net
Source
(New)
BlockchainYesUnknown
Virginia Union University
Source
(New)
EducationYesUnknown
George F. Young, Inc.
Source
(New)
EngineeringYesUnknown
OE Federal Credit Union
Source
(New)
FinanceYesUnknown
Harlowe
Source
(New)
Health careYesUnknown
Northern California Behavioral Health System
Source
(New)
Health careYesUnknown
Primary Care Health Partners
Source
(New)
Health careYesUnknown
Panda Restaurant Group
Source
(New)
HospitalityYesUnknown
CAI Technologies
Source
(New)
IT servicesYesUnknown
SUN SSC
Source
(New)
IT servicesYesUnknown
Formosa Plastics Corporation, U.S.A.
Source
(New)
ManufacturingYesUnknown
Human Events.
Source
(New)
MediaYesUnknown
GDI Services, Inc.
Source
(New)
Professional servicesYesUnknown
Sterling Plumbing Inc.
Source
(New)
Professional servicesYesUnknown
City of Wichita Kansas
Source
(New)
PublicYesUnknown
Dropbox
Source
(New)
SoftwareYesUnknown

Note 1: ‘New’/‘Update’ in the first column refers to whether this breach was first publicly disclosed this week, or whether a significant update was released this week. The updated data point is italicized in the table.

Note 2: For incidents where we only know the file size of the data breached, we use the formula 1 MB = 1 record. Given that we can’t know the exact numbers, as it depends on the types of records included (e.g. pictures and medical histories are considerably larger files than just names and addresses), we err on the side of caution by using this formula. We believe that this underestimates the records breached in most cases, but it is more accurate than not providing a number at all. To learn more about our research methodology, click here.


AI

New publications by DHS and NIST to help ensure safety and security of AI systems, as instructed by EO 14110

The U.S. Department of Homeland Security has developed safety and security guidelines for critical infrastructure operators, as tasked by Executive Order 14110: “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.”

Also this week, NIST released four draft publications “intended to help improve the safety, security and trustworthiness of [AI] systems.”

noyb files complaint against OpenAI for not correcting inaccurate information

The non-profit noyb filed a complaint against OpenAI with the Austrian data watchdog for failing to meet a key GDPR requirement: That personal data is accurate, and that data subjects have full access to that data along with source information.

noyb says: “OpenAI openly admits that it is unable to correct incorrect information on ChatGPT. Furthermore, the company cannot say where the data comes from or what data ChatGPT stores about individual people. The company is well aware of this problem, but doesn’t seem to care.”

Also this week, a group of U.S. newspapers sued OpenAI and Microsoft for misusing their reporters’ writing to train their AI systems.


Enforcement

FCC fines four wireless carriers $196 million

The U.S. Federal Communications Commission has fined four large U.S. wireless carriers – AT&T, Sprint, T-Mobile, and Verizon – $196 million for illegally sharing access to customers’ location data.

Unrelated, AT&T also recently suffered a large data breach, affecting more than 51 million customers’ data.


Other news

Security research team finds nearly 3 million Docker Hub repositories host malicious content

JFrog and Docker partnered for security research, finding that nearly 3 million Docker Hub repositories – almost 20% of all public repositories – host malicious content.


Recently published reports


That’s it for this week’s round-up. We hope you found it useful.

We’ll be back next week with the biggest and most interesting news stories, all rounded up in one place.

In the meantime, if you missed it, check out last week’s round-up. Alternatively, you can view our full archive.


Security Spotlight

To get news of the latest data breaches and cyber attacks straight to your inbox, subscribe to our weekly newsletter: the Security Spotlight.

Every Tuesday, you’ll get a short email with:

  • Industry news, including this weekly round-up
  • Our latest research and statistics
  • Free useful resources
  • Upcoming webinars
  • Other ways we can help