York County School of Technology
The York County School of Technology Friday notified more than 30,000 students and staff of a data breach that allowed cybercriminals to steal Social Security numbers and other personal information. The breach was first discovered more than a year ago in March 2023, and claimed by the Karakurt ransomware group in May 2023.
In today’s data incident notice, the school explained that it launched an investigation that lasted from April 26, 2023 to March 15, 2024. In total, more than a year passed between the initial intrusion and Friday’s notice.
Lewis & Clark College
The extent of a data breach at Lewis and Clark College in March 2023 is becoming more clear as state reporting agencies disclose the number of affected residents. Based on the available figures, at least 11,000 records were compromised, and the total figure is likely much higher.
Jackson County, MO
Jackson County, Missouri officials on Tuesday said it was responding to a potential ransomware attack affecting its IT systems. Tax payments, marriage licenses, inmate searches as some online property services have been impacted. The Assessment, Collection, and recorder of Deeds offices at all county locations are closed. No group claimed responsibility for the attack as of time of writing.
East Baton Rouge, LA Sheriff’s Office
The East Baton Rouge sheriff’s office in Louisiana says it detected a “small breach in the agency’s network” on Friday. Although the sheriff’s office says intrusion detection software stopped the attack before it got too far, ransomware group Medusa claimed to have stolen 92.2 GB of data. Medusa demanded $300,000 in ransom.
Birmingham, AL
New details have emerged about a March 6 cyber security incident in Birmingham, Alabama. Some city officials have confirmed it was a ransomware attack, whereas they initially attributed service outages to a “network disruption.” City payroll systems are still unavailable a month later, forcing staff to use paper time sheets and manual processes. Reports indicate the attack affected both online and in-person services such as taxing, permitting, licensing, and the 311 call center. Police were unable to check for warrants or reports of stolen vehicles.
Prudential Insurance
Prudential Insurance has confirmed a data breach affecting more than 36,000 Prudential Insurance customers. Prudential Insurance Company of America on Friday notified the public about the security breach that lasted two days from February 4 to February 5, 2024.
The stolen data included names, addresses, and driver’s license numbers or non-driver ID card numbers. Ransomware group ALPHV/BlackCat claimed responsibility on February 16, 2024.
The Chattanooga Heart Institute
The Chattanooga Heart Institute Saturday revised the estimated number of victims from 413,236 to 547,434 following a March 2023 cyber attack. The stolen records contain sensitive patient data including Social Security numbers, financial account numbers, diagnoses, health insurance info, and more, putting victims at risk of identity theft and health benefits fraud.
Radiant Logistics Canada
Ransomware group Akira claims to have stolen 25 GB of personal and financial data from Radiant Logistics Canada in March. Radiant Logistics submitted an SEC filing confirming the attack disrupted its operations in Canada.
Tri-City Medical Center
The Tri-City Healthcare District in Oceanside, California notified patients of a data breach that occurred on November 9, 2023 and was discovered on March 7, 2024. The stolen data contained names and Social Security numbers, among other data. Inc Ransom claimed the attack.
Sanford, Pierson, Thone & Strean, PLC
The law firm confirmed a February 2024 attack that affected 3,100 people. BlackBasta claimed the attack. The stolen data included names and ID card numbers.
George & George Attorneys at Law, LLC
The law firm confirmed a November 2023 ransomware attack that affected 1,455 people. No one has claimed it as of time of writing. The stolen data included names and ID card numbers.
Clackamas Community College
The Oregon college confirmed 8,797 people were affected in a January 2024 ransomware attack. LockBit claimed the attack. The data included names and Social Security numbes.
Palau Ministry of Finance
An unclaimed April 2 cyber attack forced Palau’s finance ministry to revert to manual payroll processing. Authorities confirmed the financial system was still down as of Wednesday.
Keenan & Associates
Insurance broker Keenan & Associates raised the number of records affected in an August 2023 data breach from 1,509,616 to 1,573,844. The data included names and ID card numbers.
Want to know more? Check out our ransomware report on the first quarter of 2024.