Frontier Communications
US telco Frontier Communications on June 6 notified 751,895 people of a data breach following unauthorized access to its systems on April 14, 2024. The notification comes after ransomware group RansomHub posted the company to its data leak site over the weekend.
RansomHub claims to have stolen more than 2 million customer records and suggested it had given Frontier Communications two months to negotiate but that it had failed to do so.
In its data breach notification, Frontier Communications confirmed the compromised data included Social Security numbers.
My Daily Choice
The personal care product retailer My Daily Choice notified 89,188 people about a February 2024 data breach. Behind MLM posted screenshots and details of My Daily Choice’s website in the wake of the attack. The screenshots show an announcement by My Daily Choice acknowledging a ransomware attack, though the announcement was removed shortly after being posted.
My Daily Choice has not publicly disclosed what types of data were compromised. No ransomware group has claimed responsibility for the attack as of time of writing.
Mālama I Ke Ola Health Center
Ransomware LockBit claimed responsibility for a May cyber attack that shut down the clinic in Wailuku, Hawaii.
Mālama I Ke Ola Health Center suffered more than two weeks of system downtime as a result of the attack. It has not stated whether personal data was compromised as of time of writing.
STS Aviation Group
The aircraft maintenance company notified 2,810 people about a November 2023 data breach. STS did not publicly disclose exactly what information was compromised, but it contained names and driver’s licenses according to the Maine attorney general.
Ransomware group LockBit claimed responsibility for the attack shortly after the breach occurred.
College Park Industries
The prosthetics manufacturer notified 521 people about a January 2024 data breach that compromised names, Social Security Numbers, email addresses, home addresses, dates of birth, and opt-in status of health, dental, and vision insurance.
Ransomware group Danon claimed responsibility for the attack, saying it stole 4.97 TB of data.
McKim & Creed, Inc.
Engineering and surveying firm McKim & Creed notified 7,079 people about a February 2024 data breach that compromised names, Social Security numbers, and driver’s license numbers.
Two ransomware gangs claimed responsibility for the attack: LockBit in April, and RansomHub in March.
Bimbo Bakeries
Bread manufacturer Bimbo Bakeries on June 6 notified 560 people about a February 2024 data breach that compromised the names, Social Security numbers, and dates of birth of vendors and employees.
Ransomware group Medusa claimed responsibility for the attack and demanded a $6.5 million ransom in exchange for not selling or publicly releasing stolen data.
Tulane University
The New Orleans, Louisiana university notified an undisclosed number of people about a December 2023 data breach that compromised names and payment card information.
Ransomware group Meow claimed responsibility for the attack at the time.
Panorama Eyecare
The eyecare clinic network on June 5 notified 377,911 people about a July 2023 data breach that compromised names, Social Security numbers, dates of birth, driver’s licenses, state IDs, financial account numbers, dates of service, and medical provider.
Ransomware group LockBit claimed responsibility for the attack, saying it stole 798 GB of data.
Family Health Center
The Michigan chain of medical clinics notified 34,926 people about a January 2024 data breach that compromised names, addresses, health insurance information of employees, and names and medical information of patients.
Ransomware group ALPHV/BlackCat claimed responsibility for the attack, saying it stole 327 GB of data. According to ALPHV’s claim on February 23, 2024, negotiations broke down and the ALPHV said it would release 10 percent of the data every three days.
Bayonne Board of Education
New Jersey’s Bayonne Board of Education on June 4 notified students and staff about a November 2023 data breach that compromised Social Security numbers and other personal information.
Ransomware group LockBit first claimed responsibility for the attack on December 3, 2023. That claim was posted with a “timer stopped” message, indicating the ransom might have been paid. However, the claim reappeared on December 12, 2023 with a ransom deadline of December 15, 2023.
Assist System (Medjet)
Air-medical transport and travel security membership program Medjet revised the number of victims affected by an October 2023 data breach to 14,400, according to the Maine Attorney General’s breach disclosure site. Names, addresses, and Social Security numbers from W-9 tax forms were among the compromised data.
Ransomware group Hunters International claimed responsibility for the attack, saying it stole 79.5 GB of data (32,913 files).
NEI General Contracting
The construction contractor notified 689 people about a March 2024 data breach that compromised names, Social Security numbers, addresses, and dates of birth.
Ransomware group Abyss claimed responsibility for the attack, and posted a March 18, 2024 deadline to meet its ransom demands.
Visionary Integration Professionals
The managed IT services company confirmed 3,433 people’s names, Social Security numbers, dates of birth, and driver’s license numbers were compromised in a September 2023 data breach.
Ransomware group Akira claimed responsibility for the attack, but VIP said it didn’t pay the ransom.
St. Helena, CA
Ransomware group Medusa last weekend claimed responsibility for a May 2024 cyber attack against the city of St. Helena, California. Medusa demanded the city pay $200,000 in ransom by the end of this week.
A cyber attack on May 13 forced St. Helena officials to shut down their computer systems and the city library. The city hired a private computer forensic company to investigate the attack.
PruittHealth
Southeast US medical provider PruittHealth last weekend notified 5,217 people about a November 2023 data breach that compromised Social Security numbers, financial data, and health information.
Ransomware group NoEscape claimed responsibility for the attack at the time. It posted a sample of allegedly stolen documents on its website and says it stole 1.5 TB of data in total.
The compromised data includes names, dates of birth, government ID numbers, demographic info, contact info, addresses, financial information, Social Security numbers, bank account numbers, health insurance information, and health information.
Greylock McKinnon Associates
The Boston economic consultant confirmed it has notified 341,650 people about a May 2023 data breach that compromised names, dates of birth, addresses, Medicare claim numbers, Social Security numbers, medical information, and health insurance information. The notification comes after a class action was filed against Greylock at the end of May, which argues the firm’s deficient data security practices led to the attack, and that the attack was more than 60 times larger than Greylock’s original estimate.
Formosa Plastics Corporation
The manufacturer on May 29 notified (PDF) 1,348 people of a March 2024 data breach that compromised names, Social Security numbers, and medical vaccine records.
Ransomware group Hunters International claimed responsibility for the attack.
Viridi Parente
The battery manufacturer notified (PDF) an undisclosed number of people about a December 2023 data breach that compromised names, Social Security numbers, addresses, dates of birth, financial account info, driver’s licenses, passport numbers, tax ID numbers, and email addresses.
Ransomware group Akira claimed responsibility for the attack.
Access Intelligence
The marketing company last weekend notified 373 people about an April 2024 data breach that compromised 1099 tax forms, including names and Social Security numbers.
Ransomware group Play claimed responsibility for the attack, saying it stole private and personal confidential data, client documents, budget, payroll, accounting, taxes, IDs, and finance information.
TPG Architecture
The New York architecture firm last weekend notified 728 people about a December 2023 data breach that compromised names, Social Security numbers, financial account numbers, and dates of birth.
Ransomware group Play claimed responsibility for the attack, saying it stole private and personal confidential data, client documents, budget, payroll, accounting, taxes, IDs, and finance information. Notably, that’s the same list Play claimed on the Access Intelligence breach above.