Cybersecurity and Data Privacy in the USA: April 8 – 14, 2024

3,457,331 known records breached in 75 newly disclosed incidents

Welcome to this week’s round-up of the biggest and most interesting news stories in the USA.

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks.


Publicly disclosed data breaches and cyber attacks: in the spotlight

AT&T confirms more than 50 million customers affected by March data breach

On March 17, a threat actor known as Major Nelson listed more than 70 million data records on a dark web forum, claiming it to be data originally exfiltrated from AT&T by a threat actor known as ShinyHunters in 2021. AT&T said the data did not come from its systems.

Now, the company has confirmed that more than 50 million people’s data was in fact included in the March 17 data leak.

Compromised data included full names, email addresses, postal addresses, phone numbers, Social Security numbers, dates of birth, AT&T account numbers, and AT&T passcodes. According to AT&T’s investigation, the data appears to be from June 2019 or earlier.

Data breached: 51,226,382 people’s data.

Giant Tiger confirms data breach via third party

The Canadian retail chain Giant Tiger has reported that one of its vendors has suffered a cyber attack, affecting nearly 3 million Giant Tiger customer data records.

Compromised data included customers’ names, postal addresses, email addresses, phone numbers, and purchase data, all of which was leaked online.

The data breach notification website Have I Been Pwned added the data to its database on April 12, confirming that 46% of the records were already in its database.

Data breached: 2,842,669 records.


Publicly disclosed data breaches and cyber attacks in the USA: full list

This week, we found 3,457,331 records known to be compromised in the USA, and 75 U.S. organizations suffering a newly disclosed incident. 70 of them are known to have had data exfiltrated, exposed, or otherwise breached. None definitely haven’t had data breached.

We also found 21 U.S. organizations providing a significant update on a previously disclosed incident.

Organization(s)SectorData breached?Known data breached
AT&T Inc.
Source 1; source 2
(Update)
TelecomsYes51,226,382
Traverse City Area Public Schools
Source 1; source 2
(Update)
EducationYes1.2 TB
Inszone Insurance Services
Source
(New)
InsuranceYes615,672
Roku
Source
(New)
SoftwareYes576,000
Group Health Cooperative of South Central Wisconsin
Source
(New)
Health careYes533,809
Houser LLP
Source 1; source 2
(Update)
LegalYes370,001
DISB (District of Columbia Department of Insurance, Securities and Banking)
Source 1
(New)
PublicYes“few hundred” GBs
Paducah Dermatology
Source
(New)
Health careYes80,161
Gaia Software
Source 1; source 2
(New)
SoftwareYes56,676
Bradford-Scott Data, Massachusetts Family Credit Union, Methuen Federal Credit Union, Priority Plus Federal Credit Union, StagePoint Federal Credit Union,  Wellness Federal Credit Union, Community Credit Union of New Milford, and The Andovers Federal Credit Union
Source 1; source 2
(Update)
Software and financeYes43,435
St. Lucie County Tax Collector’s Office
Source 1; source 2
(Update)
PublicYes25,202
Canopy Children’s Solutions
Source
(New)
Non-profitYes19,190
Cattaraugus-Allegany BOCES
Source 1; source 2
(New)
EducationYes15,203
SinglePoint Outsourcing, Inc.
Source 1; source 2
(Update)
Professional servicesYes11,096
Trustpoint Rehabilitation Hospital of Lubbock
Source 1; source 2; source 3
(Update)
Health careYes9,014
Mountain Valley Regional Rehabilitation Hospital
Source 1; source 2; source 3
(Update)
Health careYes5,963
Greenwood Regional Rehabilitation Hospital
Source 1; source 2; source 3
(Update)
Health careYes5,823
Northern Idaho Advanced Care Hospital
Source 1; source 2
(New)
Health careYes5,606
Rehabilitation Hospital of Southern New Mexico
Source 1; source 2; source 3
(Update)
Health careYes5,466
New Braunfels Regional Rehabilitation Hospital
Source 1; source 2
(New)
Health careYes5,384
Highmark Inc.
Source 1; source 2
(New)
InsuranceYes5,356
Spartanburg Rehabilitation Institute
Source 1; source 2; source 3
(Update)
Health careYes4,506
MolenTax
Source
(New)
FinanceYes4,323
PRATT MRI LLC
Source 1; source 2
(New)
Health careYes4,265
South Texas Rehabilitation Hospital
Source 1; source 2
(New)
Health careYes4,130
Epilepsy Foundation of Metro New York
Source
(New)
Health careYes3,852
Rehabilitation Hospital of the Northwest
Source 1; source 2; source 3
(Update)
Health careYes3,821
Rehabilitation Hospital of Northwest Ohio
Source 1; source 2
(New)
Health careYes3,671
Elkhorn Valley Rehabilitation Hospital
Source 1; source 2
(New)
Health careYes3,636
Corpus Christi Rehabilitation Hospital
Source 1; source 2
(New)
Health careYes3,581
Northern Utah Rehabilitation Hospital
Source 1; source 2; source 3
(Update)
Health careYes3,477
Mesquite Rehabilitation Institute
Source 1; source 2
(New)
Health careYes3,317
Rehabilitation Hospital of Northern Arizona
Source 1; source 2
(New)
Health careYes3,287
Summa Rehabilitation Hospital
Source 1; source 2
(New)
Health careYes2,986
Lafayette Regional Rehabilitation Hospital
Source 1; source 2; source 3
(Update)
Health careYes2,861
Weslaco Regional Rehabilitation Hospital
Source 1; source 2
(New)
Health careYes2,781
Lakewood Medical Center
Source 1; source 2
(New)
Health careYes2,500
Builders Equipment & Tool Company
Source 1; source 2
(New)
ConstructionYes2,463
Advanced Care Hospital of Montana
Source 1; source 2
(New)
Health careYes2,331
Delphinus Engineering, Inc.
Source 1; source 2
(Update)
EngineeringYes2,232
The Goddard School
Source
(New)
EducationYes2,041
Midlands Regional Rehabilitation Hospital
Source 1; source 2; source 3
(Update)
Health careYes2,018
EBlock
Source
(New)
SoftwareYes1,997
UT Southwestern Medical Center
Source 1; source 2
(New)
Health careYes1,956
Butler University and Athletic Trainer System
Source
(New)
Education and softwareYes1,871
Laredo Rehabilitation Hospital
Source 1; source 2
(New)
Health careYes1,785
Oceaneering
Source
(New)
EngineeringYes1,776
Rehabilitation Hospital of Northern Indiana
Source 1; source 2
(New)
Health careYes1,643
Utah Valley Rehabilitation Hospital
Source 1; source 2
(New)
Health careYes1,642
Baytown Medical Center, Inc.
Source 1; source 2
(New)
Health careYes1,500
Continuum Health Alliance, LLC
Source 1; source 2
(New)
Health careYes1,328
Mesquite Specialty Hospital
Source 1; source 2
(New)
Health careYes1,244
Laredo Specialty Hospital
Source 1; source 2
(New)
Health careYes1,242
Bloomington Regional Rehabilitation Hospital
Source 1; source 2
(New)
Health careYes1,191
Advanced Care Hospital of Southern New Mexico
Source 1; source 2; source 3
(Update)
Health careYes1,162
Florida Pediatric Associates
Source 1; source 2
(New)
Health careYes1,104
Frank Olean Center
Source
(New)
Non-profitYes1,050
Rehabilitation Hospital of Southern California
Source 1; source 2; source 3
(Update)
Health careYes925
Randolph Health
Source
(New)
Health careYes899
Northern Colorado Rehabilitation Hospital
Source 1; source 2; source 3
(Update)
Health careYes885
Bakersfield Rehabilitation Hospital
Source 1; source 2
(New)
Health careYes852
Denver Regional Rehabilitation Hospital
Source 1; source 2; source 3
(Update)
Health careYes848
Zuckerberg San Francisco General Hospital and Trauma Center
Source 1; source 2
(New)
Health careYes755
Rutgers Robert Wood Johnson Medical School
Source 1; source 2
(New)
EducationYes543
Strive Holdco, LLC
Source 1; source 2
(New)
Health careYes501
Sleep Management Institute
Source 1; source 2
(New)
Health careYes500
TransAxle LLC
Source
(New)
TransportYes401
Brown, Paindiris & Scott, LLP
Source
(New)
LegalYes235
Bristol Bay Construction Holdings LLC
Source
(New)
ConstructionYes27
CVS
Source
(New)
Non-profitYes10
Wells Fargo
Source 1; source 2
(New)
FinanceYes2
East Central University
Source
(New)
EducationYesUnknown
The University of Alabama
Source
(New)
EducationYesUnknown
Community Alliance
Source
(New)
Health careYesUnknown
Hapy Bear Surgery Center
Source 1; source 2
(New)
Health careYesUnknown
Kenneth Young Center
Source
(New)
Health careYesUnknown
WebTPA
Source
(New)
InsuranceYesUnknown
Henningson & Snoxell, Ltd.
Source
(New)
LegalYesUnknown
Thunderbird Country Club
Source
(New)
LeisureYesUnknown
Winterfest Boat Parade
Source
(New)
LeisureYesUnknown
OraSure Technologies
Source
(New)
ManufacturingYesUnknown
Rawlings Sporting Goods
Source
(New)
ManufacturingYesUnknown
Targus
Source
(New)
ManufacturingYesUnknown
Tandym Group
Source 1; source 2
(New)
Professional servicesYesUnknown
Hernando County Government
Source 1; source 2
(Update)
PublicYesUnknown
The Bernstein Companies
Source 1; source 2
(New)
Real estateYesUnknown
PME Babbitt Bearings
Source
(New)
RetailYesUnknown
Microsoft
Source
(New)
SoftwareYesUnknown
Sisense
Source
(New)
SoftwareYesUnknown
Alan Ritchey, Inc.
Source 1; source 2
(New)
TransportYesUnknown
Robertson Cheatham Co-Op
Source
(New)
AgriculturalUnknownUnknown
New Mexico Highlands University and other New Mexico institutions
Source 1; source 2
(New)
EducationUnknownUnknown
Swinomish Casino & Lodge
Source
(New)
LeisureUnknownUnknown
The Heritage Foundation
Source
(New)
Non-profitUnknownUnknown

Note 1: ‘New’/‘Update’ in the first column refers to whether this breach was first publicly disclosed this week, or whether a significant update was released this week. The updated data point is italicized in the table.

Note 2: For incidents where we only know the file size of the data breached, we use the formula 1 MB = 1 record. Given that we can’t know the exact numbers, as it depends on the types of records included (e.g. pictures and medical histories are considerably larger files than just names and addresses), we err on the side of caution by using this formula. We believe that this underestimates the records breached in most cases, but it is more accurate than not providing a number at all. To learn more about our research methodology, click here.


AI

AI-written PowerShell script used in malicious email campaigns

Bleeping Computer reports that a threat actor is using a PowerShell script “likely” created with ChatGPT or a similar AI model to spread the Rhadamanthys information stealer via email.

The security company Proofpoint attributed the attack to a threat actor tracked as TA547, also known as Scully Spider.


Enforcement

Police investigating LockBit ransomware gang seek 200 suspected criminals

Police have matched some 200 LockBit affiliates’ pseudonyms to their real identities. A police spokesperson, who asked to remain anonymous, told Bloomberg that they “now have a clear idea of LockBit’s hierarchy and its most influential members, who they plan to pursue.”

Law firm Orrick, Herrington & Sutcliffe agrees to pay $8 million settlement

The law firm Orrick, Herrington & Sutcliffe has agreed to pay $8 million to settle a class action brought by people who claim their personal information was compromised in a data breach discovered last March.

Attackers accessed the names, addresses, dates of birth, and Social Security numbers of more than 600,000 people from files held by the firm.


Other news

Browser security updates from Google Chrome and DuckDuckGo

Google has announced a more secure – and paid – version of its enterprise browser: Chrome Enterprise Core. It offers threat and data protection, more control options, and reporting capabilities.

Meanwhile, DuckDuckGo launched a new paid subscription service: Privacy Pro. This includes a VPN (virtual private network), a personal data removal service, and a solution in case of identity theft.

NIST releases online courses for SP 800-53, SP 800-53A, and SP 800-53B

NIST (National Institute of Standards and Technology) has released self-guided online courses on three of its standards: SP (Special Publication) 800-53, SP 800-53A, and SP 800-53B.

All three courses are introductory, offering a “high-level overview of foundational security and privacy risk management concepts” based on these standards.

CISA releases new malware analysis system

The CISA (Cybersecurity and Infrastructure Security Agency) has released Malware Next-Gen, a new malware analysis system. This allows organizations to submit malware samples and “other suspicious artifacts” for more automated analysis and enhanced cyber defenses.

NSA issues guidance on maturing data security and protecting access to data at rest and in transit

The National Security Agency has issued a new cybersecurity information sheet, Advancing Zero Trust Maturity Throughout the Data Pillar, designed to integrate into its Zero Trust Framework.

USDoD attempting to sell 2.9 billion data records from USA, Canada, and UK

A threat actor known as USDoD has listed a 4 TB database apparently containing 2.9 billion rows of data on a dark web forum. Given the scale of the database, we await verification before adding it to our listings.


Recently published reports


Key date

April 30, 2024 – ISO/IEC 27001:2013 certification unavailable

Certification bodies must stop offering (re)certification to ISO 27001:2013 by April 30. The new iteration of the Standard, ISO 27001:2022, isn’t significantly different from ISO 27001:2013, but there are some notable changes. Learn more about complying with ISO 27001:2022.


That’s it for this week’s round-up. We hope you found it useful.

We’ll be back next week with the biggest and most interesting news stories, all rounded up in one place.

In the meantime, if you missed it, check out last week’s round-up. Alternatively, you can view our full archive.


Security Spotlight

To get news of the latest data breaches and cyber attacks straight to your inbox, subscribe to our weekly newsletter: the Security Spotlight.

Every Tuesday, you’ll get a short email with:

  • Industry news, including this weekly round-up
  • Our latest research and statistics
  • Free useful resources
  • Upcoming webinars
  • Other ways we can help