Image
February 19, 2024

Major Data Breaches and Hacking News in February 2024


This month Bank of America’s deferred compensation plans are hacked, the US Department of Defense leaves government customer emails open to breach exposure, and a Fortune 500 company is hacked with the notorious ALPHAV/Blackcat group claiming responsibility.
Image
Image
Bank of America

Organization Description: Bank of America is one of the world’s leading financial institutions, offering a wide range of banking, investing, asset management, and other financial and risk management products and services.

Breach Size: 57,000 records exposed.

Data exposed: Addresses, names, Social Security numbers, dates of birth, banking information (account numbers, credit card information). In a notification letter filed with the Attorney General of Maine, Infosys McCamish stated, "it is unlikely that we will be able to determine with certainty what personal information was accessed because of this incident at IMS."

In early November 2023, a ransomware attack targeted Infosys McCamish Systems, a service provider for Bank of America, exposing tens of thousands of customers’ data. The incident only came to light in February 2024, raising concerns about the delay in notification, which may conflict with state laws on customer notification timelines. The LockBit ransomware gang claimed responsibility for the attack, saying that its operators encrypted over 2,000 systems during the breach.


Image
US Department of Defense

Organization Description: The Department of Defense is a federal agency responsible for coordinating and supervising all agencies and functions of the government relating directly to national security and the United States Armed Forces.

Breach Size: Around 20,600.

Data exposed: Sensitive but unclassified emails, including sensitive personnel information and questionnaires by prospective federal employees seeking security clearances.

The Defense Intelligence Agency reported that numerous email messages were inadvertently exposed to the Internet by a service provider between February 3 and February 20, 2023. The data spill was caused by an unsecured U.S. government cloud email server hosted on Microsoft’s cloud for government customers. The server was accessible from the internet without a password, likely due to misconfiguration. Security researcher Anurag Sen discovered the exposure. Breach notification letters were sent on February 1, 2024, following the year of the incident. The breach involved about three terabytes of internal military emails, some pertaining to U.S. Special Operations Command (SOCOM). The server was removed from public access on February 20, 2023, after being reported by TechCrunch.


Icon
Trello

Organization Description: Trello is a popular project management software platform owned by Atlassian that is commonly used by businesses to organize projects and tasks into boards, lists, and cards.

Breach Size: 15 million users affected.

Data exposed: Email addresses, names, and usernames.

In January 2024, a significant breach involving Trello’s project management platform resulted in 15 million users’ data being leaked on the dark web. Trello clarified that the data was scraped by an unidentified party going by the pseudonym “emo” and posted for sale on a popular hacking forum.

The data leak occurred when exposed Trello API was abused, linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information. Trello stated that no unauthorized access occurred, and that the information was leaked by scraping public data, rather than a breach by a hacking group.


Icon
Microsoft

Organization Description: Microsoft is a global technology company known for its software products, including Windows operating systems, Office productivity suite, and cloud services such as Azure. It also offers a variety of services for both consumer and enterprise customers, including cloud hosting for government customers. 

Breach Size: Not fully disclosed; leadership and cybersecurity teams affected.

Data exposed: Corporate email accounts of Microsoft’s leadership team and employees in the cybersecurity and legal departments, emails, and attachments. Microsoft revealed that Russian hackers, Midnight Blizzard (also known as Nobelium or APT29), breached its corporate emails, including leadership’s, by exploiting a non-production account in November 2023.

The month-long attack initiated through a password spray, led to stolen emails and attachments without impacting Microsoft’s operations significantly. The breach stemmed from inadequate security on the targeted account rather than a product flaw. Nobelium, notorious for the 2020 SolarWinds attack, aimed at information about its activities. Microsoft is notifying impacted employees and continues to investigate.


Icon
V12software.com

Organization Description: V12software.com is a technology company that provides software solutions tailored for car dealerships, including website development, inventory management, and marketing tools. It aims to streamline the operations of car dealerships with its comprehensive software suite. 

Breach Size: 5.6 million records exposed. 

Data exposed: Email addresses, passwords, Social Security numbers, card numbers, driver’s license numbers, phone numbers, names, and addresses.

v12software.com, a US-based car dealership management software provider, faced a significant breach exposing the data of 5.6 million individuals. The breach details do not specify the hacking group responsible. Still, given the nature of the data exposed, it was likely a targeted attack. This breach underlines the critical need for robust security measures in protecting sensitive customer information.


Icon
Integris Health

Organization Description: Integris Health is a not-for-profit, Oklahoma-owned healthcare system and one of the state’s largest systems with hospitals, rehabilitation centers, physician clinics, mental health facilities, independent living centers, and home health agencies. 

Breach Size: 2.4 million patients. 

Data exposed: Full names, dates of birth, contact information, demographic information, and Social Security numbers.

Integris Health, Oklahoma’s largest healthcare network, reported a November cyberattack exposing the personal data of nearly 2.4 million people. The responsible party was not specified by name, but the data was stolen by a threat actor and sold on a dark web marketplace. The breach didn’t disrupt services but led to patients receiving extortion emails. While financial details weren’t leaked, the data’s availability on the dark web raises identity theft and fraud risks. Integris is notifying impacted patients and providing guidance on protective measures.

Start protecting your identity today! Signing up is quick & easy

Remember, 1-in-4 Americans are the victim of identity theft. It's not a matter

of if you'll become a victim, it's when...

Get Protected