Tuesday 6th September 2022

BLOG: Data Breaches Rising Throughout 2022

Threat actors will stop at nothing to infiltrate networks and unfortunately cyberattacks and data breaches are still on the rise. Data breaches in the first quarter were up 14% vs over a year ago, according to research.

A data breach occurs when a threat actor breaches a company, organization, or entity’s system and intentionally steals sensitive, private, or personally identifiable data from the system. As a result of this, companies can be coerced into paying ransoms or have their information stolen ad posted online on the dark web. In 2020, more than over 50% of data breaches were caused by financially motivated threat actors, costing an average of 4.23 million U.S. dollars per breach. In contrast, nation states only caused 13 percent of malicious data breaches but was the most costly.

A few days ago, it was announced that 2.5 million people were affected by a student loan breach that could lead to more disorder eventually. EdFinancial and the Oklahoma Student Loan Authority (OSLA) are notifying over 2.5 million loanees that their personal data was exposed in a data breach. The target of the breach was Nelnet Servicing, the Lincoln, Neb.-based servicing system and web portal provider for OSLA and EdFinancial, according to a breach disclosure letter.

On August 17th, the investigation determined that personal user information was accessed by an unauthorized party. That exposed information such as names, home addresses, email addresses, phone numbers, and social security numbers for a total of 2,501,324 student loan account holders. Users’ financial information was not exposed.

According to a breach disclosure filing submitted by Nelnet’s general counsel to the state of Maine the breach occurred sometime between June 1, 2022, and July 22, 2022. However, a letter to affected customers pinpoints the breach as occurring on July 21, 2022. The breach was discovered on August 17, 2022.

 Nelnet notified that notified us that they had discovered a vulnerability that we believe led to this incident on July 21, 2022, but it is unclear what the vulnerability was that was accessed by the unknown party beginning in June 2022 and ending on July 22, 2022, according to the letter.

Although users’ sensitive financial data was protected, the personal information that was accessed in the Nelnet breach reportedly has the potential to be leveraged in future social engineering and phishing campaigns.

It is thought that the latest news of student loan forgiveness, is the reason for threat actors to have a gateway for criminal activity. Last week, the Biden administration announced a plan to cancel $10,000 of student loan debt for low- and middle-income loanees.

According to the breach disclosure, Nelnet Servicing informed Edfinancial and OSLA that Nelnet Servicing’s cybersecurity team “took immediate action to secure the information system, block the suspicious activity, fix the issue, and launched an investigation with third-party forensic experts to determine the nature and scope of the activity.” Remediation also included two years of free credit monitoring, credit reports, and up to $1 million in identity theft insurance.

Another catastrophic data breach seen this year was the Comic reading platform Mangatoon data breach that exposed information belonging to 23 million user accounts after a hacker stole it from an unsecured Elasticsearch database. Mangatoon is also a very popular iOS and Android app used by millions of users to read online Manga comics. We discuss this further in one of our latest Orpheus Talks episodes.

Threat actors have no limits when it pertains to whom they attack, Child & Family Services in Massachusetts were also the target of a data breach in November 2021. CFS stated “On November 18, 2021, CFS discovered suspicious activity within our environment. We immediately launched an investigation to determine the full nature and scope of the incident and to secure our network. Through this investigation, we determined that an unauthorized actor accessed certain systems on our network between November 16 and November 18, 2021, and acquired certain files from those systems. On May 27, 2022, we completed a review of the affected files and determined that information related to you was contained in certain files acquired from our systems. Since this discovery, we have worked diligently to identify all impacted individuals and provide an accurate notification. Although we cannot confirm whether your personal information was accessed or viewed without permission, we are providing you this notification because we are unable to rule out this possibility”

Early July of this year found that VCU Health (Virginia Commonwealth University Health System) disclosed that they had recently learned that beginning as early as January 4, 2006, information about transplant donors had accidentally been included in files for their transplant recipients and vice versa. The information was not available to the general public but could be viewed by transplant recipients, donors, and/or their representatives when they logged into the recipient’s and/or donor’s patient portal.

“Additionally, this information may have been released in response to a release of information request made at the request of, or on behalf of, the recipient and/or donor,” VCU Health explained in a notice on their website.

According to the notification, it was on February 7, 2022, that VCU Health learned that a “limited amount of protected health information” (PHI) may have been viewable. Their discoveries were not over, however. VCU subsequently learned that from March 29 to May 27, some donors’ or recipients’ records that were potentially viewable contained additional PHI: names, Social Security numbers, lab results, medical record number, date(s) of service, and/or dates of birth.

“The total number of donors and recipients involved in this incident is 4,441,” VCU Health stated in their notification. It is the same number that they reported to HHS for the breach. VCU confirmed to data breaches that the 4,441 number includes all patients or donors whose files disclosed protected health information of others and where the files had been accessed going back to January 2006. VCU Health reports that it has found no evidence to suggest that any information has been misused, a long-running breach of this kind raises several questions. 

This is not the first long-winded incident that VCU Health has faced, in July 2018, the center disclosed that an employee had been inappropriately accessing the health information of about 4,700 people or their children. The inappropriate access occurred between Jan. 3, 2003, and May 10, 2018.

Inappropriate access to patient records represents a different challenge to privacy and security than auditing or ensuring that only the appropriate information is included in any file, but to have two such problems go undetected for so many years is something that merits some serious problem-solving.

Even the City of Detroit retirees were not safe from such breaches. There is a new warning about an alleged data breach affecting some City of Detroit retirees as their personal information including Social Security Numbers appear to have been exposed online.

This was found after a Detroit retiree, Weldon discovered this after setting up her account on the City of Detroit retirement system’s new online program. She explained that she saw several links, titled “lists, and when she clicked on one it was eight pages of names (including hers and several other people) with Social Security Numbers.

Social security numbers are one of the most dangerous types of information to be leaked as the ability to link an individual’s name with their Social Security Number, means you are essentially able to commit identity fraud.

The General Retirement System released a statement regarding the incident and stated that a forensic analysis concluded that Weldon was the only person to click on the information, the person responsible for the mistake was identified, and “corrective action” was taken.

“No one else has clicked on the information (according to forensic analysis),” the statement said. “(There were) multiple duplicates of same individuals (on the list), many of whom are deceased.” Identity theft monitoring will be provided to the retirees, it added.

The data breaches listed above are nowhere near the true number of data breaches that have occurred this year. This then poses the question, why are data breaches on the rise?

According to cybersecurity researchers, there were 1,862 (a 68% increase) data breaches last year, surpassing both 2020’s total of 1,108 and the previous record of 1,506 set in 2017. These numbers do reflect the high-profile cyberattacks that targeted almost every industry. Organizations whether small or large are warned to tighten up their cybersecurity systems and processes to prevent being among the data breaches on the rise.

To protect your organisation against data breaches and more, request a demo to see how Orpheus Cyber has developed the Orpheus Vulnerability Severity Score (OVSS) which uses our cyber threat intelligence, machine learning, and other features to give every CVE a score. This allows organisations to filter vulnerabilities on their network by those that are the most serious. Request a demo

Without this approach to risk-based CVE management vulnerabilities that threat actors are actively exploiting may be missed.

Our OVSS allows you to:

– Understand which vulnerabilities are the most critical
– See which vulnerabilities are not yet being exploited by hackers are the most likely to in the future
– Accurately prioritise which vulnerabilities need to be patched immediately
– Have confidence in your prioritisation as our prediction has been shown to be over 94% accurate.



Get our latest cyber intelligence insights straight into your inbox

Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.