Third-party data breaches, phishing attacks, ransomware, and unsecured databases exposed hundreds of thousands of individuals’ Personally Identifiable Information (PII) in March. The attack on Microsoft Exchange server alone put both businesses and their employees at increased risk of ongoing cyberattacks.
Download Sontiq’s tips that can help protect your identity from theft and fraud: 7 TIPS FOR PROTECTING YOUR IDENTITY
Here are the recent data breaches that made headlines in March 2021:
Cybercriminals have targeted four security flaws in Microsoft Exchange Server email software. The attackers used the bugs on the Exchange servers to access email accounts of at least 30,000 organizations across the United States, including small businesses, towns, cities and local governments. The cyberattack gives the hackers total remote control over affected systems, allowing for potential data theft and further compromise. Microsoft has released security patches for these bugs and urges customers to apply the updates as soon as possible.
The global IT company, SITA, which supports 90% of the world’s airlines confirmed it fell victim to a cyberattack, exposing the PII belonging to an undisclosed number of airline passengers. The stolen information includes names, traveler’s service card numbers, and status level.
A third-party ransomware attack exposed the personal information of over 200,000 patients, providers and staff of MultiCare Health System, a non-profit health care organization. The attack allowed access to personal information including names, insurance policy numbers, Social Security numbers, dates of birth, bank account numbers, and more.
California State Controller’s Office (SCO)
A phishing attack targeting the California State Controller’s Office (SCO) Unclaimed Property Division led to an employee clicking on a malicious link, logging into a fake website, and granting a hacker access to their email account. The criminal had access to the account for 24 hours, allowing permission to view Personally Identifying Information (PII) contained in Unclaimed Property Holder Reports and to send more phishing emails to the hacked SCO employee’s contacts. The number of employees affected and the types of personal information impacted have not been disclosed.
A database containing records of over 300,000 customers of the arts and crafts chain store, Hobby Lobby, was exposed after the company suffered a cloud-bucket misconfiguration. The disclosed information included customer names, phone numbers, physical and email addresses, and the last four digits of their payment card, as well as the source code for the company’s app.
Cancer Treatment Centers of America
The Cancer Treatment Centers of America sent out notifications to 104,808 patients, alerting them a compromised email account led to medical information being accessed by an unknown third-party. The compromised account contained patient names, health insurance information, medical record numbers, CTCA account numbers, and limited medical information.