Urban Strategies
The community development association on June 13, 2024 notified 3,230 Texans about a February 2024 data breach that compromised names, Social Security numbers, addresses, driver’s license info, government-issued Id numbers, bank account and credit card numbers, medical info, health insurance info, passport info, and dates of birth. We expect more victims from other states to be disclosed soon.
Ransomware group Medusa claimed responsibility for the attack and demanded $100,000.
Hesperia Unified School District
Hesperia Unified School District in San Bernardino County, California on June 13, 2024 notified an undisclosed number of people about a May 2024 data breach that compromised names, Social Security numbers, and driver’s license numbers.
Ransomware group LockBit claimed responsibility for the attack and gave the school district until June 3, 2024 to pay an undisclosed sum of money.
The schools’ notification specifically states employee information might have been accessed by an unauthorized party, so student data might not be impacted. In addition to the data mentioned above, some files contained health insurance and medical information.
Grand Traverse County and Traverse City
County officials confirmed a ransomware attack shut down its network on Wednesday. County ad city employees were forced to work off their personal mobile wifi hotspots using their own phones. Essential services were not disrupted, but payment systems were.
No group has claimed responsibility for the attack as of time of writing.
In April, Traverse City Schools also suffered a ransomware attack.
Newburgh, NY
As of June 13, city hall and 123 Grand Street in Newburgh, New York are still closed to the public while the city restores its systems following a cybersecurity incident that occurred on June 10, 2024. Essential services were not disrupted, but other city departments’ phone and email systems might have been impacted.
No group has claimed responsibility as of time of writing.
Cleveland, OH
Cleveland officials shut down city hall for two days this week following a cybersecurity incident. Authorities are still investigating the incident.
Montgomery County Board of Developmental Disabilities (MCBDDS)
MCBDDS in Dayton, Ohio this week notified an undisclosed number of people about a February 19, 2024 data breach that compromised names, Social Security numbers, and driver’s license numbers.
Ransomware group BlackSuit in May claimed responsibility for the attack. The group said it stole business data including contracts, contacts, planning data, and presentations; employee data including passports, contracts, contacts, family details, and medical examinations; and financial data including audits, reports, payments, and contracts.
A stakeholder meeting further mentioned (PDF) birth certificates, addresses, phone numbers, email addresses, medical records, banking info, insurance info, and photos.
Exela Technologies
Business process automation company Exela Technologies on June 12 notified (PDF) an undisclosed number of people about a June 2022 data breach that compromised names and Social Security numbers.
Ransomware group Hive claimed responsibility for the attack in 2022, but another group, Hunters International, claimed it this week. Rumors suggest Hunters International took over Hive’s code, so Hunter’s might be claiming attacks previously claimed by Hive.
First American Financial
Home title and insurance company First American Financial on June 11 confirmed it notified 41,638 people about a December 18, 2023 data breach that compromised names and state-issued ID card numbers (e.g. driver’s license numbers).
FAF on May 21, 2024 disclosed the breach to the SEC. That report stated approximately 44,000 individuals’ personal data might have been accessed without authorization. The notification was later posted to the Maine Attorney General website, which says 41,638 people were affected.
Special Health Resources for Texas
The website for the chain of clinics, as of time of writing, states, “We are currently experiencing a network incident that has caused a temporary disruption to our phones and computer systems.” It states some services, including dental, are unavailable. Appointments and messages are being diverted from the website to phone calls, texts, and social media.
Ransomware group BlackSuit claimed responsibility for the attack.
Concord Public Schools and the Concord-Carlisle Regional School District
Maryland’s Concord Public Schools and the Concord-Carlisle Regional School District last weekend notified an additional 1,485 employees of an April 2024 data breach that compromised names, Social Security numbers, credit card details, addresses, and bank account information.
No ransomware group has claimed responsibility for the attack as of time of writing.
The school originally disclosed the breach on May 14, notifying 10,006 people according to the Maine Attorney General. We don’t yet know whether the 1,485 people notified today were part of the original 10,006 people notified in May. Only the latest notification mentioned credit card details.
Christie’s
The auction house this week issued data breach notifications to 45,798 people in the US following the a May 9 ransomware attack.
Ransomware group RansomHub claimed responsibility for the attack, saying it stole “at least 500,000 of their private clients from all over the world.” Part of the data set is said to include names, dates of birth, ID numbers, and more.
Intrepid Museum Foundation
The New York military and maritime museum on June 10 notified (PDF) an undisclosed number of people about a December data breach. The foundation did not publicly state what data was impacted.
Ransomware group Play claimed responsibility for the attack on December 12, 2024.
Santoro Whitmire
The defunct California law firm on June 11 notified (PDF) at least 1,000 people of a December 2023 data breach that compromised names and Social Security numbers. The firm had already ceased operations when the breach occurred.
No ransomware group has claimed responsibility for the attack.
Parksite
Construction distributor Parksite last weekend confirmed 7,886 people were notified about a December 2023 data breach that compromised financial information, such as bank account and credit card details.
Ransomware group Cactus claimed responsibility for the attack, saying it stole 170 GB of data.
Mariposa Landscapes
The landscaping company last weekend notified an undisclosed number of people about an October 2023 data breach. The company has not publicly disclosed what types of data were compromised.
Ransomware group ALPHV/BlackCat claimed responsibility for the attack, saying it stole 218 GB of data.
Dordt University (unconfirmed)
Ransomware group BianLian this week claimed responsibility for an attack on Dordt University in Iowa.
Want to know more? Head over to our ransomware tracker, updated daily!