Cybersecurity and Data Privacy in the USA: February 12 – 18, 2024

397,047,198 known records breached in 86 publicly disclosed incidents

Welcome to this week’s round-up of the biggest and most interesting news stories in the USA.

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks.


Publicly disclosed data breaches and cyber attacks: in the spotlight

Unsecured Zenlayer database exposes over 380 million records

The cyber security researcher Jeremiah Fowler has discovered an unprotected database that exposed over 380 million data records, including customer information and internal data relating to the network services provider Zenlayer.

Fowler sent a responsible disclosure notice when he discovered the database and it was secured the following day. It is not known how long the database was publicly available, nor whether anyone else accessed it.

Date breached: 384,658,212 records.

ALPHV/BlackCat ransomware gang adds 2.7 TB of ASA Electronics data to its leak site

The ALPHV/BlackCat ransomware gang is attempting to extort a ransom from ASA Electronics for 2.7 TB of data, including engineering drawings, prints, schematics, patents, source code, supplier and vendor information, accounting data, and more.

In response to ASA’s apparent refusal to negotiate, ALPHV is threatening to “contact clients, business partners, and competitors” next week.

Data breached: 2.7 TB.


Publicly disclosed data breaches and cyber attacks in the USA: full list

This week, we found 397,047,198 records known to be compromised in the USA, and 86 U.S. organizations suffering a newly disclosed incident. 71 of them are known to have had data exfiltrated, exposed, or otherwise breached.

We also found 6 U.S. organizations providing a significant update on a previously disclosed incident.

Organization(s)SectorData breached?Known records breached
Zenlayer
Source
New
TelecomsYes384,658,212
ASA Electronics
Source
New
EngineeringYes2.7 TB
Harvard Pilgrim Health Care
Source
New
Health careYes2,632,275
INTEGRIS Health
Source
Update
Health careYes2,385,646
Universal Services
Source
New
EngineeringYes470 GB
Leonard’s Syrups
Source
New
ManufacturingYes453 GB
The Chattanooga Heart Institute
Source
New
Health careYes413,236
Sanford Person Thone & Strean
Source
New
LegalYes401 GB
Barber Emerson
Source
New
LegalYes351 GB
Van Wingerden Greenhouses
Source
New
AgriculturalYes337 GB
CGM, Inc.
Source
Update
ManufacturingYes315,346
Virginia Farm Bureau
Source
New
FinanceYes261,187
Arcis Golf
Source
New
Hospitality and LeisureYes250 GB
Antunovich Associates
Source
New
Construction and real estateYes208 GB
Golden Corral Corporation
Source
New
Hospitality and leisureYes183,272
Schuster Trucking Company
Source
New
TransportYes161 GB
Global Rescue
Source
New
Health careYes155 GB
MMI Culinary
Source
New
ManufacturingYes100 GB
Prince George’s County Public Schools
Source
New
EducationYes99,543
New-Indy Containerboard
Source
New
ManufacturingYes82 GB
Griffin Dewatering
Source
New
Construction and real estateYes65,580
Infosys McCamish Systems LLC/Bank of America
Source
New
FinanceYes57,028
Coleman Professional Services Inc.
Source
New
Health careYes51,889
Core Engineering
Source
New
EngineeringYes43 GB
United Regional Health Care System
Source 1; source 2
New
Health careYes36,900
CUSO Financial Services, LP
Source
New
FinanceYes25,698
The Northwestern Mutual Life Insurance Company
Source
Update
FinanceYes24,518
Unidentified contractors and employees of, and applicants to the Department of Defense
Source
Update
PublicYes20,601
AGC America, Inc.
Source
New
ManufacturingYes20,415
AGC Flat Glass North America, Inc. Welfare Benefits Plan
Source 1; source 2
New
Health careYes13,079
Insurance ACE/Humana Inc.
Source 1; source 2
New
Health careYes12,539
Tax Favored Benefits
Source
New
FinanceYes10,974  
GAO (Government Accountability Office)
Source
New
PublicYes6,600
Dobson Technologies, Inc.
Source
New
TelecomsYes6,158
Nabholz Construction Company Employee Welfare Health Plan
Source 1; source 2
New
Health careYes5,326
Dawson James Securities, Inc.
Source
Update
FinanceYes4,673
North Hill (North Hill Communities, Inc., North Hill Home Health Care, Inc., North Hill Needham, Inc., Connected for Life, Inc., and the North Hill Employee Dental Plan)
Source
New
Health careYes4,798
Advarra, Inc.
Source
New
Health careYes4,656
Forward Health care, LLC
Source 1; source 2
New
Health careYes3,999
Cardiothoracic and Vascular Surgeons, P.A.
Source
New
Health careYes2,345
CareFirst BlueCross BlueShield Community Health Plan – District of Columbia
Source 1; source 2
New
Health careYes2,189
County of Cumberland
Source
New
PublicYes1,948
Cumberland Advisors, Inc.
Source
New
FinanceYes1,637
The Bengtson Center for Aesthetics and Plastic Surgery
Source 1; source 2
New
Health careYes935
Kentucky Cabinet for Health and Family Services
Source 1; source 2
New
Health careYes857
Liberty Hospital
Source 1; source 2
Update
Health careYes501
Crescent Community Health Center
Source 1; source 2
New
Health careYes501
Spectrum Vision Partners
Source 1; source 2
New
Health careYes500
Orbus Visual Communications, LLC
Source
New
ManufacturingYes458
USCC Services, LLC d/b/a UScellular
Source
New
TelecomsYes100
Aramark Correctional Services, LLC
Source
New
MultipleYes67
Jeff Wyler Automotive Family, Inc.
Source
New
RetailYes12
Prudential Financial
Source
New
FinanceYesUnknown
Securence (a subsidiary of U.S. Internet Corp)
Source
New
TelecomsYesUnknown
Washington County
Source
New
PublicYesUnknown
Robert Half
Source
New
Professional servicesYesUnknown
Communication Federal Credit Union
Source
New
Charity and non-profitYesUnknown
School District of Nekoosa
Source
New
EducationYesUnknown
Institutional Casework
Source
New
ManufacturingYesUnknown
Bronstein & Carmona
Source
New
LegalYesUnknown
Waldemar S. Nelson & Company
Source
New
Professional servicesYesUnknown
Silverlining
Source
New
Construction and real estateYesUnknown
Dubose Strapping
Source
New
ManufacturingYesUnknown
Onclusive
Source
New
Professional servicesYesUnknown
Mechanical Reps
Source
New
ManufacturingYesUnknown
H.R.Ewell
Source
New
TransportYesUnknown
Hy-Tec
Source
New
TelecomsYesUnknown
Norman. Fox & Co
Source
New
ManufacturingYesUnknown
Von Hagen Design
Source
New
ManufacturingYesUnknown
LD Davis
Source
New
ManufacturingYesUnknown
Advantage Orthopedic & Sports Medicine Clinic
Source
New
Health careYesUnknown
Dobrowski Stafford & Pierce
Source
New
LegalYesUnknown
The Closing Agent
Source
New
Construction and real estateYesUnknown
Office of the Colorado State Public Defender
Source
New
PublicUnknownUnknown
Jacksonville Beach
Source
New
PublicUnknownUnknown
River Oaks Baptist School
Source
New
EducationUnknownUnknown
Disaronno International
Source
New
ManufacturingUnknownUnknown
Allmetal Inc.
Source
New
ManufacturingUnknownUnknown
Freedom Munitions
Source
New
ManufacturingUnknownUnknown
Arlington Perinatal Associates
Source
New
Health careUnknownUnknown
Plexus Teleradiology
Source
New
Health careUnknownUnknown
Silver Airways
Source
New
TransportUnknownUnknown
Lower Valley Energy
Source
New
Energy and utilitiesUnknownUnknown
Forge Precision
Source
New
ManufacturingUnknownUnknown
Garon Products
Source
New
ManufacturingUnknownUnknown
Kevin Leeds
Source
New
FinanceUnknownUnknown
Hawbaker Engineering
Source
New
EngineeringUnknownUnknown
Caribbean Radiation Oncology Center
Source
New
Health careUnknownUnknown

Note 1: ‘New’/‘Update’ in the first column refers to whether this breach was first publicly disclosed this week, or whether a significant update was released this week. The updated data point is italicized in the table.

Note 2: For incidents where we only know the file size of the data breached, we use the formula 1 MB = 1 record. Given that we can’t know the exact numbers, as it depends on the types of records included (e.g. pictures and medical histories are considerably larger files than just names and addresses), we err on the side of caution by using this formula. We believe that this underestimates the records breached in most cases, but it is more accurate than not providing a number at all.


AI

Open AI removes accounts used by state-sponsored hackers

ChatGPT’s parent company, Open AI, has closed accounts used by state-sponsored attackers from China, Iran, North Korea and Russia that were misusing its large language model to enhance their capabilities. Following information from Microsoft, Open AI closed accounts associated with the Forest Blizzard (Strontium), Emerald Sleet (Thallium), Crimson Sandstorm (Curium), Charcoal Typhoon (Chromium) and Salmon Typhoon (Sodium) threat groups.

Tech giants agree to combat AI-enhanced election fraud

At the Munich Security Conference last Friday, executives from Adobe, Amazon, Google, IBM, Meta, Microsoft, OpenAI and TikTok announced a new framework for responding to AI-generated deepfakes designed to trick voters. Twelve other companies will also sign the accord.

Enforcement

Joint operation disrupts LockBit ransomware

Operation Cronos, an international operation involving the FBI, the UK National Crime Agency, and law enforcement partners from nine other countries, has disrupted the LockBit ransomware group, seizing numerous servers and public-facing websites. Two LockBit actors have been arrested in Poland and Ukraine, and over 200 cryptocurrency accounts linked to the group have been frozen.

FBI dismantles Warzone RAT malware operation

The FBI has seized the infrastructure of the Warzone RAT (remote access trojan) and two individuals associated with the cyber crime operation have been arrested. Daniel Meli, 27, was arrested by Maltese police and Prince Onyeoziri Odinakachi, 31, was arrested in Nigeria at the request of the US law enforcement agencies.

Head of JabberZeus cyber crime gang pleads guilty

Vyacheslav Igorevich Penchukov, one of the leaders of the JabberZeus cyber criminal group, has pleaded guilty to two charges related to his role in the Zeus and IcedID malware groups. He faces a maximum of 40 years’ imprisonment.


Other news

South Korean researchers release Rhysida ransomware decryption tool

Researchers from Kookmin University and KISA (the Korea Internet & Security Agency) have released a free decryption tool for the Rhysida malware. It is available on the KISA website. Recent victims of Rhysida include the British Library and Sony’s Insomniac Games.

NIST publishes guidelines for securing software supply chains

NIST (the National Institute of Standards and Technology) has now issued the final version of SP 800-204D, Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines. The guidance describes NIST’s SSDF (Secure Software Development Framework), and sets out ways to integrate elements of software supply chain security assurance into continuous integration/continuous delivery pipelines to demonstrate SSDF compliance.

Patch Tuesday: Microsoft patches two zero-day vulnerabilities

In February’s Patch Tuesday release, Microsoft addressed 73 vulnerabilities, including two zero-day and five critical vulnerabilities.


Key dates

31 March 2024 – PCI DSS v4.0 transitioning deadline 

Version 3.2.1 of the PCI DSS (Payment Card Industry Data Security Standard) is being retired on 31 March, to be replaced by version 4.0 of the Standard. There are more than 50 new requirements in PCI DSS v4.0. You can find out more about them on the PCI Security Standards Council’s website.


That’s it for this week’s round-up. We hope you found it useful.

We’ll be back next week with the biggest and most interesting news stories, all rounded up in one place.

In the meantime, if you missed it, check out last week’s round-up. Alternatively, you can view our full archive.


Security Spotlight

To get news of the latest data breaches and cyber attacks straight to your inbox, subscribe to our weekly newsletter: the Security Spotlight.

Every Tuesday, you’ll get a short email with: