Cyber incidents around the world: Nuance, online stores, indonesian data centers
In the USA, a former employee of Nuance Communications accessed patient data. Other incidents include online stores.
(Image: KellySHUTSTOC / Shutterstock.com)
The Pennsylvania-based healthcare organization Geisinger reports that a former employee of Microsoft subsidiary Nuance Communications Inc. may have stolen patient data. Geisinger discovered the incident at the end of November 2023 and informed Nuance directly. The employee had gained access to patient data two days after his dismissal. Nuance then blocked access and launched an investigation.
The investigation revealed, writes Geisinger, "that the former employee may have accessed and taken information from more than one million Geisinger patients". The data in question could vary. It includes "date of birth, address, admission and discharge or transfer code, medical record number, ethnicity, gender, telephone number". Insurance and financial data were not affected.
Geisinger takes the incident very seriously and apologizes to its patients. A hotline is available for anyone who may have been affected. Patients are also urged to contact their health insurance company if they have been billed for services about which they have not been informed. According to Geisinger, patients have only now been informed so as not to hinder the investigations that have been launched. The former Nuance employee must therefore stand trial.
Credential stuffing at Levi Strauss
A data protection incident has occurred at Levi Strauss & Co. affecting around 70,000 people. Criminals tested various log-in data in the course of a credential stuffing attack and were successful. According to customer information from Levi Strauss, the leaked data includes order history, name, e-mail address, stored addresses and possibly also information on the payment method – such as credit card. This is according to a report from the US state of Maine, where 75 people are affected by the incident. According to the report, the incident occurred on June 13, 2024, and those affected were notified on June 21. The people's passwords were automatically reset.
Cyber incident at luxury department store chain
The luxury department store chain Neiman Marcus is currently informing customers about a cyberattack. According to a report from the US state of Maine, around 60,000 customers are affected. According to the report, names, contact details, dates of birth and gift card numbers were stolen. However, the PINs of the gift cards were not affected. According to the specialist blog Malwarebytes, a cybercriminal published the data leak in an underground forum after the company failed to pay. Malwarebytes also reports that Neiman Marcus was one of the victims of the Snowflake incident, in which third-party platforms were targeted by cybercriminals.
Indonesia's national data center attacked
According to Indonesian authorities, "Lockbit 3" has infiltrated the country's national data center and is now demanding a ransom of 8 million US dollars. This was reported by the Associated Press news agency. The government does not want to pay, which cybersecurity experts also advise against. Instead, they are working on decrypting the encrypted data with the help of domestic and foreign experts and restoring the systems. The Lockbit variant mentioned, "Lockbit 3.0", could be ransomware.
According to AP, the national data center hosts data from more than 200 government and regional agencies whose services were disrupted by the attack. Some services, such as those of the immigration authorities at airports, are now working again, while others are still offline, according to the report. It is the most serious in a series of ransomware attacks on Indonesian authorities and companies since 2017, AP quotes Pratama Persadha from the Cybersecurity Research Institute.
(mack)
