Data Breach

A major security flaw in the Indian Post Office portal exposed thousands of KYC records, including Aadhaar numbers, PAN details, and personal data. The vulnerability, known as an IDOR attack, allowed unauthorized users to access sensitive data simply by altering numbers in the website’s URL. This incident highlights the urgent need for stronger cybersecurity in government platforms.

The BASHE ransomware group claims to have hacked ICICI Bank, threatening to release sensitive customer data if their demands are not met. This incident raises serious concerns for the banking industry and its cybersecurity measures.

Wolf Haldenstein Adler Freeman & Herz LLP has confirmed a data breach that affected nearly 3.5 million individuals. The breach occurred on December 13, 2023, but the investigation and notifications have been delayed. Sensitive personal data like Social Security numbers and medical information have been exposed, increasing the risk of scams and fraud.

OneBlood, a major blood-donation organization in the U.S., experienced a ransomware attack in July 2024. The breach exposed sensitive data, including names and Social Security numbers, affecting donors.

BayMark Health Services, a leading provider of addiction treatment in North America, faced a data breach where attackers stole personal and health information of patients. The breach, attributed to the RansomHub ransomware gang, affected systems between September 24 and October 14, 2024.

Cybercriminals injected malicious code into the Packers Pro Shop's online checkout page, stealing sensitive payment and personal data. The breach occurred between September 23-24 and October 3-23, 2024. Customers using certain payment methods are affected, and the Packers are offering identity theft protection services to those impacted.

PowerSchool, a leading education software provider, experienced a cyberattack that exposed sensitive data about students and teachers. This incident emphasizes the urgent need for robust cybersecurity measures in educational institutions.

A large-scale phishing attack has compromised 16 popular Chrome browser extensions, exposing over 600,000 users to data theft and credential breaches. The campaign exploited legitimate extension publishers, injecting malicious code into their products to steal sensitive information such as cookies and access tokens.

Ascension, a leading healthcare network, experienced a devastating ransomware breach in May. The attack, linked to the Black Basta group, compromised sensitive data of nearly 5.6 million patients and employees, revealing critical vulnerabilities in the healthcare sector.

Artivion, a global leader in heart surgery medical devices, faced a disruptive ransomware attack on November 21. The attack encrypted systems, stole data, and impacted corporate operations, order processing, and shipping. This incident highlights the rising threat of ransomware in the healthcare sector.