In February, cybercriminals focused their efforts on cyberattacks with long-lasting rewards, such as ransomware, malware, and social engineering exploitation. Third-party data breaches have also been a favorite mode of attack, as hackers target smaller companies that contain the user’s Personally Identifiable Information (PII) for large companies worldwide, leaving victims unaware of the cyberattack for longer periods of time while their information roams on the Dark Web.
Here are the recent data breaches that made headlines in February 2021:
A malware attack allowed a hacker to access and copy files containing the personal and medical information of 219,000 patients of Nebraska Medicine. The health network notified affected individuals that the accessed information includes names, addresses, dates of birth, medical record numbers, health insurance information, physician notes, laboratory results, imaging, diagnosis information, treatment information, and/or prescription information, and a limited number of Social Security numbers and driver’s license numbers.
The California Department of Motor Vehicles (DMV) alerted drivers they suffered a data breach after billing contractor, Automatic Funds Transfer Services, was hit by a ransomware attack. The attack exposed drivers’ personal information from the last 20 months of California vehicle registration records, including names, addresses, license plate numbers and vehicle identification numbers (VINs).
A third-party data breach at cloud solutions company, Accellion, allowed hackers to steal human resources data and pharmacy records belonging to the supermarket giant, Kroger. The records disclosed could include names, email addresses, phone numbers, home addresses, dates of birth, Social Security numbers as well as information on health insurance, prescriptions and medical history.
An undisclosed number of T-Mobile customers were affected by SIM swap attacks, or SIM hijacking, where scammers take control of and switch phone numbers over to a SIM card they own using social engineering. With access to customer phone numbers, scammers receive messages and calls which allows them to log into the victims’ bank accounts to steal money, change account passwords, and even locking the victims out of their own accounts that use two-factor authentication. The attack also exposed customer information including names, addresses, email addresses, account numbers, social security numbers (SSNs), account personal identification numbers (PIN), account security questions and answers, date of birth, plan information, and the number of lines subscribed to their accounts.