Compromise of employee device, credentials led to CircleCI breach
Source: SC Media
CircleCI’s chief technology officer said malicious hackers infected one of their engineer’s laptops and stole elevated account privileges to breach the company’s systems and data late last year.
In an incident report published late Friday, CTO Ron Zuber said evidence of the breach, first disclosed Jan. 4, 2023, dates back to at least Dec. 16, 2022, when an unauthorized actor compromised the laptop and stole a set of privileged, two-factor authentication-backed credentials.
Hive Claims Responsibility for Attack on Nursing Home Chain
Source: Data Breach Today
Consulate Health Care Says Breach Originated at an Unnamed Third-Party Vendor. A Florida-based nursing home chain with a checkered past says an unnamed third-party vendor is responsible for a data breach incident. Ransomware-as-a-service group Hive says it directly targeted Consulate Health Care and posted online data including patient records, employee data and internal documents.
Third-party administrator hack leads to theft of patient data for over 251K
Source: SC Media
Austin, Texas-based Bay Bridge Administrators, a third-party administrator of insurance products, recently began notifying more than 251,000 patients that their data was stolen after a network hack in September 2022. The “network disruption” was first detected on Sept. 5, which prompted BAA to secure the network and engage with an outside cybersecurity firm to investigate. Forensics showed that the attacker had gained access more than a week before being discovered, which enabled them to exfiltrate “certain data” from the network on Sept. 3.
Privacy Fines: GDPR Sanctions Last Year Surged to $3 Billion
Source: infoRisk Today
Study Finds 'Highly Inflationary Impact' of European Data Protection Board Rulings. The cost of violating Europe's General Data Protection Regulation skyrocketed last year, and Big Tech companies took the brunt of the 2.9 billion euros in fines levied by regulatory agencies. The amount, equal to about $3.1 billion, is more than double the value of fines issued during 2021, finds analysis from law firm DLA Piper.
Ransomware Attack Affects 1,000 Vessels Worldwide
Source: Data Breach Today
Norway's DNV Shuts Down IT Servers, Investigates Attack. A ransomware attack shut down servers hosting software used to manage the crewing and maintenance schedules of about 1,000 vessels across the globe. Norwegian classification society DNV, maker of ShipManager software, says it took the servers offline after detecting a cyber incident on Jan. 7.