Caesars Entertainment (CE) oversees 58 gaming properties across the continental states. Their locations include world destinations, nightlife activities, a comprehensive concierge, and an industry-leading approach to draw millions of gamblers weekly. Those who gamble with a Caesars location often enough eventually consider a membership. CE’s loyalty program boasts more than 65 million members worldwide.

This is a cautionary tale of both how your data can legally end up in the hands of an organization you never intended and how victims can be largely left in the dark post-breach. Normally when there’s a press release from an organization hit by a data breach, there are at least a few details that let customers know the company has a handle on what transpired, that the breach has been mitigated, and what customers impacted should do to protect themselves.

Zeroed-In Technologies offers curated human resource solutions and analytics to organizations. Among those who use their services are the City of Detroit, Dollar Tree, Family Dollar, and the U.S. Department of Defense. Zeroed-In suffered a security incident in August, where the assailants obtained over 1.9 million consumer records.

Robeson Health Care Corporation (RHCC) is a healthcare network serving North Carolina residents. They offer behavioral, dental, general, and outreach services in nine locations across six counties. RHCC also hosts several rehabilitation and health programs aimed at improving and encouraging healthy lifestyles. In February, RHCC experienced malware within its network, resulting in the loss of 60k patient records.

Welltok operates an online wellness program various organizations use to encourage healthy lifestyles. They’ve been in our news frequently as the global MOVEit breach continues. Around nine million people have had their information exposed resulting from Welltok’s breach in the last few weeks; this week, Welltok’s breach returns with a double threat target—Premier Health and Graphic Packaging International.

Group 1001 is the parent company of Delaware Life, a long-term financial consultant for organizations. Delaware Life uses a third-party vendor, Pension Benefit Information (PBI), for analysis and research services. PBI, in turn, operates with software created by industry-standard developers; Progress Software’s MOVEit file transfer application is one of these.

NSC Technologies is a workforce management solution pairing perfect prospective candidates with companies desiring long-term employees. NSC has more than 30 locations nationwide, with the majority in Indiana. They are reportedly a 1% performing acquisition staffing firm; that may change following their recent data breach.

This week, the cybersecurity environment continued to be rocked by the global MOVEit data breach. Various Stanford Health groups had information taken in the MOVEit event, up to 1.6 million patient records. AutoZone also announced MOVEit’s involvement in a 185,000-person security incident. Delaware Life Insurance suffered a similar breach from MOVEit, although the number of records lost remains unknown.

AutoZone is a vehicle parts replacement provider and servicer. Hosting over 5,300 stores across North America alone, AutoZone is a recognizably local option for car owners stateside. AutoZone’s many locations require seamless system responses; they ensure efficient service by using applicable third-party services.

Based in Central New York, Systems East, Inc., is a finance, billing, and payment solution for commercial software products. Their software options differ from other finance payment options by their cross-system elements. The Systems East software provides one tool to manage multiple accounts and tasks. Systems East’s local success may be short-lived, however, because they’ve suffered a data breach—a big one.

Digital startup PostMeds Inc., operating as TruePill, is an online pharmacy service based in California. The company allows patients to compare copay pricing, get status notifications on pill orders, and request refills. However, all this may change soon; at the end of October, TruePill endured a severe data breach, landing them in hot water with patients and courts.

Perry Johnson & Associates (PJ&A) is a medical transcription service assisting providers like Cook County Health and Northwell Health. In mid-October, Chicago’s Cook County Health announced a data breach from PJ&A with a limited impact figure. However, the Department of Health and Human Services (DHS) has confirmed a more significant number than PJ&A initially determined.

Breaches were rampant this week, impacting as many as 15 million individuals. The State of Maine announced that it bled 1.3 million resident records due to the global MOVEit vulnerability. Meanwhile, in Ohio, the City of Huber Heights was targeted by a ransomware attack; potentially, 50,000 residents may have their data exposed. In Michigan, the McLaren Health Care network was allegedly attacked by the ransomware gang BlackCat—losing 2.2 million records to exposure.

Stanford Health Care Alliance encompasses children’s hospitals, care plans, medicine partners, scholars, and the Stanford University faculty. The breach allegedly includes information from Stanford Health Care, Stanford Tri-Valley, Stanford Medicine Partners, Lucile Packard Children’s Hospital, and Packard Children’s Health Alliance.

A data breach can wreak havoc on an organization and can also have long-term consequences for those who have their personal information exposed. In this article, we'll outline the biggest cybersecurity data breaches in history, as well as a rundown of some of the more recent notable cybersecurity breaches. Data is the new currency, and cybersecurity breaches are a major threat to individuals and businesses.

SecurityScorecard’s recent report with the Cyentia Institute found that 98% or organizations have a relationship with at least one third party that has experienced a breach within the last two years. This indicates that nearly every organization is at least indirectly exposed to risk through circumstances outside its control. With that in mind, it’s important for organizations to know how breaches can happen, how to detect them, and how they can respond effectively. Let’s explore.

Data breaches are a costly and time-consuming problem for businesses in today's digital age and no organization, regardless of industry or size, is immune. Cyberattacks can impact the security of proprietary information, halt operations, and compromise private customer data. This guide explains how to respond to data breaches and protect your reputation and discusses the costs of data breach reputation damage.

McLaren Health Care is a network of 13 hospitals and three clinics serving the residents of north and central Michigan. They care for more than 732k lives by providing various services and network solutions, including a national cancer institute. Around August 2023, McLaren suffered a cyberattack—exposing the data of 2.2 million people.

The City of Huber Heights is in east Ohio, north of Dayton. The suburban area has a population of around 50,000, but other populated areas are nearby. Sunday morning, November 12th, 2023, the City of Huber Heights was subject to a ransomware attack; the investigation is ongoing, as the attack disrupted many City divisions.

Maine hosts over 1.3 million people within a granite and forest landscape. The state government employs under 100,000 individuals but does not contain fewer departments than more populous states like California. Maine’s state departments coordinate with each other by using backend file transfer systems; a globally utilized file transfer tool, Progress Software’s MOVEit application, has put nearly all Maine resident information at risk.

On October 20, 2023, Okta Security confirmed malicious activity that exploits stolen credentials, allowing unauthorized access to the company’s support case management system. Several other vendors such as BeyondTrust were also affected by the incident and have since shared their own disclosures. Overall, the incident has ignited substantial concerns over its capacity to trigger a supply chain compromise.

Sumo Logic reported a security breach on November 3, 2023, due to a compromised credential that allowed unauthorized AWS account access.

OpenAI has suffered a successful DDoS attack following the first-ever DevDay—where OpenAI announced ChatGPT-4 Turbo and the GPT Store. OpenAI’s ChatGPT launch was nearly a year ago and has since become the mainstream solution for AI tasks. The software hosts a hearty 180.5 million users, many of whom use the software for professional tasks. The DDoS attack is alarming, not because it happened, but because of who claims the event—Russian-backed Anonymous Sudan.

This week, a variety of cyberattacks and victims have appeared. The pilot union Allied Pilots Association (APA), representing American Airlines pilots, disclosed a ransomware attack early in the week. An active ransomware attack unfolded by Tuesday, targeting LEGO fanatic website BrickLink. Sand LifeStyle members also had exposed data following a breach in Singapore’s Marina Bay Sands resort network.

Cloud-native and analytic solutions provider Sumo Logic has announced a cybersecurity incident stemming from a compromised AWS account. Sumo’s clients come from various industries, including airlines and video game franchises. On November 7th, they posted a breach notice to their website; they stopped the attack before the data could be unencrypted.

The heat has just been turned up for companies hoping to “hide out” a data breach. Announced October 27th, all non-banking financial institutions are now required to report data breach incidents within 30 days. The amendment to the Safeguards Rule was made by the U.S. Federal Trade Commission (FTC). It will go into effect 180 days after publication of the law in the Federal Register, or around April of next year.

In Singapore, there is a massive luxury resort named the Marina Bay Sands (MBS); its owner is state-side, known as the Las Vegas Sands (LVS). LVS hosts 11 properties in Asia and the US—MBS hosts more than 2,500 rooms. MBS is a vast resort with more than a million feet of entertainment options and 50+ on-campus restaurants. Sand’s knows a lot about their clients, and following a recent data breach, so do hackers.

The ever-changing universe of LEGO dominates the toy industry; LEGO is one of the most recognizable toy brands in the world, a perk of which is die-hard fans. LEGO fanatics flock to BrickLink, a privately owned website where individuals can design, sell, and buy block sets. LEGO also features some designs following community voting. An estimated 1.4 million people have registered accounts with the platform, including sellers and consumers.

Mr. Cooper provides over 4 million people with mortgage lending options. They are the nation’s most prominent leading estate loan servicer, with over $900 billion in active service. The loan servicing giant recently experienced a technical outage; the culprit may have been a cybersecurity attack, potentially exposing the sensitive information of thousands.

This week, hackers targeted various industries for cyberattacks, including nationally-recognized organizations. Five Guys suffered a breach involving two employee email accounts and potentially losing employee and consumer credentials. Another national organization, Deer Oaks Behavioral Health, announced a data breach resulting in more than 170,000 patient records falling at risk for misuse. Mr.

The Allied Pilots Association (APA) is the collective pilot agent for American Airlines; it provides a range of services to 15,000 members, including acting as a bargaining entity. On October 30th, the APA experienced a network disturbance—a ransomware cyberattack potentially exposing members.

In South Texas, United Medical Centers (UMC) offer reliable, high-quality healthcare services. They host nine locations in the region, servicing patients from the surrounding communities; their services include options for family planning, WIC, and a broad selection of care to assist chronic illnesses. The clinics provide care to more than 34,184 patients in the area, where many use public insurance to receive services.

LiveAction Incorporated is a software company specializing in analytics, network monitoring, and application management tools. They’ve reported a revenue of over $5 million and provide services to companies in various industries; technical manufacturers, hospitals, biotechnology, and transportation professionals all use LiveAction services. Earlier this year, LiveAction suffered a ransomware attack where hackers took significant consumer information.

Deer Oaks Behavioral Health is a national provider of mental health based in San Antonio, Texas. They offer the nation long-term care focused on psychiatry and psychology. Deer Oaks hosts more than 1,500 facilities nationwide. Their services include medication and medical treatment planning while spearheading new techniques for rural tele-behavioral health.

In this Trust Issues episode, host David Puner welcomes back Andy Thompson, CyberArk Labs’ Offensive Security Research Evangelist for a discussion focused on two recent high-profile breaches: one targeting MGM Resorts International and the other involving Okta’s support unit.