TechCrunch ranks among the worst in terms of how poorly it handles knowledge breaches and security incidents – a worrying trend that may continue. Company giants would learn from past mistakes and avoid repeating the same errors. Without fanfare, our annual report reveals a disconcerting repetition of harmful practices among a fresh crop of companies.
What 23andMe’s botched response revealed about its crisis management.
In December of last year, genetic testing giant 23andMe suffered a significant data breach, compromising the genetic and ancestral information of nearly 7 million customers. Hackers exploited weaknesses in the company’s systems, using brute-force tactics to gain access to hundreds of accounts and ultimately scrape sensitive data on tens of millions more individuals. 23andMe finally implemented multi-factor authentication, a crucial security feature that could have potentially thwarted account breaches had it been in place earlier.
In early January, 23andMe notified thousands of users about a data breach, citing concerns that many had failed to adequately secure their accounts. Lawyers representing hundreds of 23andMe customers suing the company over a hack condemned as “utterly nonsensical” the attempts to shift blame, citing jurisdictional issues from the U.K. And shortly thereafter, Canadian authorities took swift action.
As 23andMe’s financial struggles continue to plague the company, uncertainty surrounding its monetary future looms large.
When Cybersecurity attacks on Change Healthcare in early February crippled the company’s entire network, it sent shockwaves across America, effectively shutting down operations nationwide and disrupting healthcare services for millions of Americans. healthcare system to a halt. Operated by UnitedHealth Group, a leading medical insurance provider, Optum handles billing and insurance coverage for numerous healthcare suppliers and medical practices across the United States, processing approximately one-third to half of all U.S. healthcare transactions. healthcare transactions every year.
The company’s handling of the hack, precipitated by a breach of security, came under fire from patients unable to access their medication or secure hospital stays; struggling healthcare providers who were pushed to the brink financially due to the cyberattack; and lawmakers who intensely questioned the CEO during a May congressional hearing.
Change Healthcare, a company repeatedly warned by federal authorities for its role in facilitating cybercriminals’ profits through cyberattacks, has reportedly asked hackers to delete the stolen data following a breach.
Seven months after the initial breach, in October, the staggering truth emerged: over 100 million people had their highly sensitive personal health data compromised in the extensive cyberattack. Given the magnitude of the undertaking, it would have required a considerable amount of time to complete, arguably more so than any previous effort in history.
Synnovis hack disrupted U.Ok. healthcare companies for months
The National Health Service (NHS) endured prolonged disruptions for several months following a devastating ransomware attack on Synnovis, a key London-based provider of pathology services, which occurred in June. The alleged cyberattack by the Qilin ransomware group had far-reaching consequences, crippling healthcare services in south-east London by disrupting access to vital blood tests for over three months, causing hundreds of outpatient appointments to be cancelled and a staggering 1,700 surgeries to be put on hold.
In light of the assault, which may have been prevented if two-factor authentication had been implemented, Unite, the UK’s largest trade union, has announced that Synnovis workers will stage a five-day strike in December. The union said that the incident left a jarring impression on employees, many of whom have been forced to work longer hours without access to essential computer systems for months while the attack was addressed.
The exact extent of the victims remains unclear due to a lack of information about the incident. The notorious Qilin ransomware group reportedly leaked a massive trove of sensitive information, purporting to be 400GB in size, allegedly obtained from Synnovis, along with victims’ names, health system registration numbers, and detailed records of blood test results.
Cybersecurity vulnerabilities in Snowflake’s data warehousing platform have led to a series of significant data breaches.
Cloud computing big Snowflake discovered itself this yr on the heart of a sequence of mass hacks focusing on its company clients, like AT&T, Ticketmaster and Santander Financial institution. Hackers exploiting login credentials compromised by malware on employees’ computers at Snowflake-dependent companies successfully breached their systems. Because Snowflake failed to require the use of multi-factor authentication, hackers have exploited this vulnerability, gaining unauthorized access to sensitive data stores and extorting victims by threatening to release stolen information unless a ransom is paid.
A data breach at Snowflake, sparked by a targeted marketing campaign aimed at users with single-factor authentication, led the company to concede that the incidents have been brought on by this focused effort; in response, Snowflake has implemented multi-factor authentication as its default setting for clients, aiming to prevent similar breaches from occurring in the future?
The city of Columbus, Ohio has taken legal action against a safety researcher who accurately documented a successful ransomware attack on the city’s computer systems.
After a cyberattack hit Columbus, Ohio’s town administration, Mayor Andrew Ginther swiftly addressed concerned citizens, alleviating fears by stressing that the compromised information was either “strongly encrypted” or “intentionally corrupted,” rendering it inaccessible to the perpetrators. A safety researcher monitoring knowledge breaches on the darknet for professional purposes uncovered evidence suggesting that a ransomware gang, comprising at least 500,000 individuals, had obtained their Social Security numbers, driver’s licenses, arrest records, minor’s personal information, and sensitive data related to survivors of domestic violence. The researcher notified journalists of a vast repository of information.
The town’s reluctance to share evidence of the breach with the researcher, who had initially disclosed it, was perceived as an attempt to intimidate him into silence rather than taking concrete steps to rectify the situation? The town later .
Salt Hurricane hackers infiltrated mobile phone and internet service providers in the United States. backdoor regulation
Following a breach by the notorious China-backed hacking group Salt Hurricane, a 30-year-old individual has recently turned 31 years old. The infiltration, orchestrated by one of several Chinese-backed hacking teams, has compromised the systems of a major American corporation. cellphone and web firms. The discovery has been made of hackers accessing real-time call records, messages, and communications metadata belonging to senior United States officials. Politicians and high-ranking officers – alongside
Reportedly, hackers breached the wiretap capabilities of several telecommunications companies, which had been compelled to implement these measures since the passage of the Communications Assistance for Law Enforcement Act (CALEA) in 1994. Now, owing to the ongoing proliferation of these techniques and the data that telecommunications companies collect about individuals, the U.S. Authorities have implemented measures to ensure that even senior individuals cannot allow any person, including Chinese language hackers, to access their personal communications.
MoneyGram’s silence on the number of affected individuals is striking.
MoneyGram, the U.S. Cash app, utilized by more than 50 million users, suffered a hack in September. The corporate faced an unprecedented crisis over a week after clients experienced days of unexplained outages, with MoneyGram disclosing only that an unspecified “cybersecurity problem” was to blame. The company remained mum on whether customer data had been compromised, but the UK’s data protection watchdog revealed in late September that it had received a breach report from the US-based firm, suggesting that customer data had indeed been stolen.
Following the breach, MoneyGram disclosed that hackers had successfully stolen sensitive customer data, including Social Security numbers and government-issued identification documents, as well as transaction information such as dates and amounts. The corporation conceded that hackers also obtained sensitive data related to a limited number of individuals involved in felony investigations. Despite MoneyGram’s silence on the exact scope of the breach, it remains unclear how many customers were affected or which ones received timely notification.
Mysterious Sizzling Subject remains tight-lipped following the shocking online disclosure of 57 million customer data.
With the unprecedented October breach of U.S. The recent breach in retail data has been categorized as one of the most significant in history, with far-reaching implications for consumers and businesses alike. Despite the massive scope of the breach, Sizzling Subject remains tight-lipped, neither confirming nor denying the incident publicly, nor has it notified its clients or alerted state attorney general offices regarding the data breach. The retailer declined to comment on multiple requests from TechCrunch.
The breach notification website quickly notified nearly 57 million affected individuals that their personal data, including email addresses, physical addresses, phone numbers, purchase history, gender, and birthdate, had been compromised after obtaining a replica of the stolen information. The information also comprised partial credit card details, including card type, expiration dates, and the final four digits of the card number.
