Healthcare organizations and mobile applications were big targets for cybercriminals, leaving emails, passwords, and other personal information vulnerable to being sold on the dark web. A recent study by Carnegie Mellon University’s Security and Privacy Institute found only a third of victims update their passwords following a data breach announcement. Once login credentials are in the hands of hackers, they can be used to take over other accounts through credential stuffing attacks and further perpetuating identity fraud.
Here are the recent data breaches that made headlines in May 2020:
The web hosting site, GoDaddy, announced to its users that an unauthorized third party was granted access to login credentials. The site is said to have 19 million users and possibly 24,000 users had their usernames and passwords exposed. The company has reset passwords to prevent further access.
A reported ransomware attack on the Fresenius Group, a global healthcare company and one of the largest dialysis equipment providers in the U.S., impacted the company’s operations around the world. The organization claims their system was affected by a computer virus, but a source confirmed the hacker held the healthcare’s IT systems and data hostage in exchange for payment in bitcoin.
The personal information of 387,000 former and current inmates was access by a hacker who exploited a server vulnerability in a U.S. Marshals Service database. The information exposed includes names, dates of birth, social security numbers, and home addresses.
Magellan Health, a Fortune 500 healthcare company, has sent a notice to its patients that it had fallen victim to a phishing scam and ransomware attack. The information held for ransom includes names, contact information, employee ID numbers, W-2 or 1099 information, including Social Security numbers or taxpayer identification numbers, as well as login credentials and passwords for employees.
The information belonging to 8 million users of the home meal delivery service, Home Chef, was found for sale on the dark web after a data breach. The data found for sale includes names, email addresses, phone numbers, addresses, scrambled passwords, and last four digits of credit card numbers.
Over 40 million users of the mobile app, Wishbone, had their personal information up for sale on the dark web. Usernames, emails, phone numbers, location information and hashed passwords were exposed in a data breach before being advertised in a hacking forum.
At least 25 million Mathway app users, a top-rated mobile app calculator, had their email address and password exposed to data thieves, and the leaked database was quickly found for sale on the dark web. The breached data also included “back-end system data,” which wasn’t identified specifically, but is typically the type of data that runs behind the scenes on a server, powering the application for the end-user but is not visible to the user.