The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

402,437,094 known records breached in 240 publicly disclosed incidents

Welcome to this week’s global round-up of the biggest and most interesting news stories.

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks


Publicly disclosed data breaches and cyber attacks: in the spotlight

Unsecured Zenlayer database exposes over 380 million records

The cyber security researcher Jeremiah Fowler has discovered an unprotected database that exposed over 380 million data records, including customer information and internal data relating to the network services provider Zenlayer.

Fowler sent a responsible disclosure notice when he discovered the database and it was secured the following day. It is not known how long the database was publicly available, nor whether anyone else accessed it.

Date breached: 384,658,212 records.

ALPHV/BlackCat ransomware gang adds 2.7 TB of ASA Electronics data to its leak site

The ALPHV/BlackCat ransomware gang is attempting to extort a ransom from ASA Electronics for 2.7 TB of data, including engineering drawings, prints, schematics, patents, source code, supplier and vendor information, accounting data, and more.

In response to ASA’s apparent refusal to negotiate, ALPHV is threatening to “contact clients, business partners, and competitors” next week.

Data breached: 2.7 TB.

Further victims of Harvard Pilgrim Health Care ransomware attack identified

Harvard Pilgrim Health Care suffered a ransomware attack in April 2023, which it has been investigating since then. In January 2024, it identified more potential victims, and has now written to inform them that their personal data may have been compromised in the incident.

The total number of victims is now more than 5 million.

Data breached: 2,632,275 people’s data.


Publicly disclosed data breaches and cyber attacks: full list

This week, we found 402,437,094 records known to be compromised, and 240 organisations suffering a newly disclosed incident. 204 of them are known to have had data exfiltrated, exposed or otherwise breached.

We also found 6 organisations providing a significant update on a previously disclosed incident.

Organisation(s)SectorLocationData breached?Known records breached
Zenlayer
Source
New
TelecomsUSAYes384,658,212
ASA Electronics
Source
New
EngineeringUSAYes2.7 TB
Harvard Pilgrim Health Care
Source
New
HealthcareUSAYes2,632,275
INTEGRIS Health
Source
Update
HealthcareUSAYes2,385,646
Kreyenhop & Kluge
Source
New
OtherGermanyYes1,241,127
Constantia FFP
Source
New
ManufacturingUKYes756 GB
Rajawali Corpora
Source
New
FinanceIndonesiaYes715 GB
BTL Veranstaltungstechnik
Source
New
OtherGermanyYes585 GB
Patrizia Pepe
Source
New
RetailItalyYes577 GB
Universal Services
Source
New
EngineeringUSAYes470 GB
Leonard’s Syrups
Source
New
ManufacturingUSAYes453 GB
The Chattanooga Heart Institute
Source
New
HealthcareUSAYes413,236
Sanford Person Thone & Strean
Source
New
LegalUSAYes401 GB
Centrale Paysanne Luxembourgeoisie
Source
New
AgriculturalLuxembourgYes375 GB
Barber Emerson
Source
New
LegalUSAYes351 GB
Van Wingerden Greenhouses
Source
New
AgriculturalUSAYes337 GB
CGM, Inc.
Source
Update
ManufacturingUSAYes315,346
Virginia Farm Bureau
Source
New
FinanceUSAYes261,187
Arcis Golf
Source
New
Hospitality and LeisureUSAYes250 GB
Antunovich Associates
Source
New
Construction and real estateUSAYes208 GB
Satse
Source
New
Charity and non-profitSpainYes195,086
Golden Corral Corporation
Source
New
Hospitality and leisureUSAYes183,272
Trans-Northern Pipelines
Source 1; source 2
New
Energy and utilitiesCanadaYes183 GB
Schuster Trucking Company
Source
New
TransportUSAYes161 GB
Global Rescue
Source
New
HealthcareUSAYes155 GB
YKP
Source
New
Professional servicesBrazilYes150 GB
BM Catalysts
Source
New
ManufacturingUKYes100 GB
MMI Culinary
Source
New
ManufacturingUSAYes100 GB
Prince George’s County Public Schools
Source
New
EducationUSAYes99,543
Pacifica
Source
New
OtherUKYes85 GB
New-Indy Containerboard
Source
New
ManufacturingUSAYes82 GB
Champion
Source
New
TransportColumbiaYes81 GB
Sercide
Source
New
Energy and utilitiesSpainYes69 GB
Concello de Teo
Source
New
PublicSpainYes65,979
Griffin Dewatering
Source
New
Construction and real estateUSAYes65,580
Sitrack
Source
New
FinanceArgentinaYes63 GB
The Source
Source
New
RetailCanadaYes60 GB
Hats Interior Decoration
Source
New
OtherUAEYes60 GB
Infosys McCamish Systems LLC/Bank of America
Source
New
FinanceUSAYes57,028
Coleman Professional Services Inc.
Source
New
HealthcareUSAYes51,889
Core Engineering
Source
New
EngineeringUSAYes43 GB
United Regional Health Care System
Source 1; source 2
New
HealthcareUSAYes36,900
CUSO Financial Services, LP
Source
New
FinanceUSAYes25,698
The Northwestern Mutual Life Insurance Company
Source
Update
FinanceUSAYes24,518
Unidentified contractors and employees of, and applicants to the US Department of Defense
Source
Update
PublicUSAYes20,601
AGC America, Inc.
Source
New
ManufacturingUSAYes20,415
TECA Srl
Source
New
TransportItalyYes16.7 GB
AGC Flat Glass North America, Inc. Welfare Benefits Plan
Source 1; source 2
New
HealthcareUSAYes13,079
Insurance ACE/Humana Inc.
Source 1; source 2
New
HealthcareUSAYes12,539
Cal-Comp Electronics
Source
New
ManufacturingThailandYes12,000
Tax Favored Benefits
Source
New
FinanceUSAYes10,974  
US GAO (Government Accountability Office)
Source
New
PublicUSAYes6,600
Dobson Technologies, Inc.
Source
New
TelecomsUSAYes6,158
Nabholz Construction Company Employee Welfare Health Plan
Source 1; source 2
New
HealthcareUSAYes5,326
Dawson James Securities, Inc.
Source
Update
FinanceUSAYes4,673
North Hill (North Hill Communities, Inc., North Hill Home Health Care, Inc., North Hill Needham, Inc., Connected for Life, Inc., and the North Hill Employee Dental Plan)
Source
New
HealthcareUSAYes4,798
Advarra, Inc.
Source
New
HealthcareUSAYes4,656
Forward Healthcare, LLC
Source 1; source 2
New
HealthcareUSAYes3,999
Cardiothoracic and Vascular Surgeons, P.A.
Source
New
HealthcareUSAYes2,345
CareFirst BlueCross BlueShield Community Health Plan – District of Columbia
Source 1; source 2
New
HealthcareUSAYes2,189
County of Cumberland
Source
New
PublicUSAYes1,948
Cumberland Advisors, Inc.
Source
New
FinanceUSAYes1,637
Health New Zealand Te Whatu Ora 
Source
New
HealthcareNew ZealandYes12,000
The Bengtson Center for Aesthetics and Plastic Surgery
Source 1; source 2
New
HealthcareUSAYes935
Kentucky Cabinet for Health and Family Services
Source 1; source 2
New
HealthcareUSAYes857
Liberty Hospital
Source 1; source 2
Update
HealthcareUSAYes501
Crescent Community Health Center
Source 1; source 2
New
HealthcareUSAYes501
Spectrum Vision Partners
Source 1; source 2
New
HealthcareUSAYes500
Orbus Visual Communications, LLC
Source
New
ManufacturingUSAYes458
USCC Services, LLC d/b/a UScellular
Source
New
TelecomsUSAYes100
Aramark Correctional Services, LLC
Source
New
MultipleUSAYes67
Jeff Wyler Automotive Family, Inc.
Source
New
RetailUSAYes12
Family and Children’s Services of Lanark, Leeds and Grenville
Source
New
PublicCanadaYes4
100 Romanian hospitals using the Hipocrate Information System
Source 1; source 2
New
HealthcareRomaniaYesUnknown
Prudential Financial
Source
New
FinanceUSAYesUnknown
Securence (a subsidiary of U.S. Internet Corp)
Source
New
TelecomsUSAYesUnknown
Washington County
Source
New
PublicUSAYesUnknown
Robert Half
Source
New
Professional servicesUSAYesUnknown
Lili’s Brownies
Source
New
ManufacturingFranceYesUnknown
Kadac
Source
New
ManufacturingAustraliaYesUnknown
Doprastav
Source
New
Construction and real estateSlovakiaYesUnknown
Communication Federal Credit Union
Source
New
Charity and non-profitUSAYesUnknown
Roosens Betons
Source
New
Construction and real estateBelgiumYesUnknown
Motilal Oswal
Source
New
FinanceIndiaYesUnknown
Giraud Pere et Fils
Source
New
Construction and real estateFranceYesUnknown
Pradier Granulats
Source
New
Construction and real estateFranceYesUnknown
School District of Nekoosa
Source
New
EducationUSAYesUnknown
ASP Basilicata
Source
New
HealthcareItalyYesUnknown
Falco Electronics
Source
New
ManufacturingMexicoYesUnknown
América Móvil
Source
New
TelecomsMexicoYesUnknown
Unifer
Source
New
Construction and real estateFranceYesUnknown
Institutional Casework
Source
New
ManufacturingUSAYesUnknown
ATB SA Ingénieurs-Conseils
Source
New
Engineering  SwitzerlandYesUnknown
Bronstein & Carmona
Source
New
LegalUSAYesUnknown
Waldemar S. Nelson & Company
Source
New
Professional servicesUSAYesUnknown
Silverlining
Source
New
Construction and real estateUSAYesUnknown
Dubose Strapping
Source
New
ManufacturingUSAYesUnknown
Meerservices
Source
New
MultipleNetherlandsYesUnknown
Onclusive
Source
New
Professional servicesUSAYesUnknown
Mechanical Reps
Source
New
ManufacturingUSAYesUnknown
H.R.Ewell
Source
New
TransportUSAYesUnknown
Hy-Tec
Source
New
TelecomsUSAYesUnknown
Norman, Fox & Co
Source
New
ManufacturingUSAYesUnknown
Von Hagen Design
Source
New
ManufacturingUSAYesUnknown
LD Davis
Source
New
ManufacturingUSAYesUnknown
Advantage Orthopedic & Sports Medicine Clinic
Source
New
HealthcareUSAYesUnknown
Dobrowski Stafford & Pierce
Source
New
LegalUSAYesUnknown
Réseau Ribé
Source
New
AgriculturalFranceYesUnknown
The Closing Agent
Source
New
Construction and real estateUSAYesUnknown
VARTA AG
Source
New
ManufacturingGermanyUnknownUnknown
Office of the President of the Republic of Korea
Source
New
PublicThe Republic of KoreaUnknownUnknown
Office of the Colorado State Public Defender
Source
New
PublicUSAUnknownUnknown
MSH International Canada
Source
New
HealthcareCanadaUnknownUnknown
ISSPOL (Instituto de Seguridad Social De La Policía Nacional)
Source
New
PublicEcuadorUnknownUnknown
Jacksonville Beach
Source
New
PublicUSAUnknownUnknown
River Oaks Baptist School
Source
New
EducationUSAUnknownUnknown
Park Home Assist Insurance Services
Source
New
FinanceUKUnknownUnknown
Grupo Camarotto
Source
New
Construction and real estateItalyUnknownUnknown
Lyon Equipment Ltd
Source
New
ManufacturingUKUnknownUnknown
Diener Precision Pumps
Source
New
ManufacturingSwitzerlandUnknownUnknown
Fédération Envie
Source
New
Charity and non-profitFranceUnknownUnknown
Sealco (Shaker Electronics and Appliances Lebanon Co.)
Source
New
RetailLebanonUnknownUnknown
Palterton Primary School
Source
New
EducationUKUnknownUnknown
Victory Heights Primary School
Source
New
EducationUAEUnknownUnknown
Disaronno International
Source
New
ManufacturingUSAUnknownUnknown
Allmetal Inc.
Source
New
ManufacturingUSAUnknownUnknown
Freedom Munitions
Source
New
ManufacturingUSAUnknownUnknown
Arlington Perinatal Associates
Source
New
HealthcareUSAUnknownUnknown
Plexus Teleradiology
Source
New
HealthcareUSAUnknownUnknown
Cámara Arbitral de la Bolsa de Cereales
Source
New
ManufacturingArgentinaUnknownUnknown
Taiwan Textiles
Source
New
ManufacturingTaiwanUnknownUnknown
Silver Airways
Source
New
TransportUSAUnknownUnknown
Henri Germain
Source
New
Construction and real estateFranceUnknownUnknown
Lower Valley Energy
Source
New
Energy and utilitiesUSAUnknownUnknown
Forge Precision
Source
New
ManufacturingUSAUnknownUnknown
Garon Products
Source
New
ManufacturingUSAUnknownUnknown
Conseguros, Corredor de Seguros
Source
New
InsuranceGuatemalaUnknownUnknown
Kabat Tyre
Source
New
ManufacturingPolandUnknownUnknown
Kevin Leeds
Source
New
FinanceUSAUnknownUnknown
Hawbaker Engineering
Source
New
EngineeringUSAUnknownUnknown
Bombay Grill Restaurant
Source
New
Hospitality and leisureCroatiaUnknownUnknown
Caribbean Radiation Oncology Center
Source
New
HealthcareUSAUnknownUnknown
Spalding SSD
Source
New
ManufacturingCanadaUnknownUnknown
Tormetal SpA
Source
New
EngineeringChileUnknownUnknown
ASAM SA
Source
New
EngineeringRomaniaUnknownUnknown

Note 1: ‘New’/‘Update’ in the first column refers to whether this breach was first publicly disclosed this week, or whether a significant update was released this week. The updated data point is italicised in the table.

Note 2: For incidents where we only know the file size of the data breached, we use the formula 1 MB = 1 record. Given that we can’t know the exact numbers, as it depends on the types of records included (e.g. pictures and medical histories are considerably larger files than just names and addresses), we err on the side of caution by using this formula. We believe that this underestimates the records breached in most cases, but it is more accurate than not providing a number at all.


AI

Open AI removes accounts used by state-sponsored hackers

ChatGPT’s parent company, Open AI, has closed accounts used by state-sponsored attackers from China, Iran, North Korea and Russia that were misusing its large language model to enhance their capabilities. Following information from Microsoft, Open AI closed accounts associated with the Forest Blizzard (Strontium), Emerald Sleet (Thallium), Crimson Sandstorm (Curium), Charcoal Typhoon (Chromium) and Salmon Typhoon (Sodium) threat groups.

Tech giants agree to combat AI-enhanced election fraud

At the Munich Security Conference last Friday, executives from Adobe, Amazon, Google, IBM, Meta, Microsoft, OpenAI and TikTok announced a new framework for responding to AI-generated deepfakes designed to trick voters. Twelve other companies will also sign the accord.


Enforcement

Joint operation disrupts LockBit ransomware

Operation Cronos, an international operation involving the UK National Crime Agency, the US FBI and law enforcement partners from nine other countries, has disrupted the LockBit ransomware group, seizing numerous servers and public-facing websites. Two LockBit actors have been arrested in Poland and Ukraine, and over 200 cryptocurrency accounts linked to the group have been frozen.

FBI dismantles Warzone RAT malware operation

The US FBI has seized the infrastructure of the Warzone RAT (remote access trojan) and two individuals associated with the cyber crime operation have been arrested. Daniel Meli, 27, was arrested by Maltese police and Prince Onyeoziri Odinakachi, 31, was arrested in Nigeria at the request of the US law enforcement agencies.

Head of JabberZeus cyber crime gang pleads guilty

Vyacheslav Igorevich Penchukov, one of the leaders of the JabberZeus cyber criminal group, has pleaded guilty to two charges related to his role in the Zeus and IcedID malware groups. He faces a maximum of 40 years’ imprisonment.


Other news

South Korean researchers release Rhysida ransomware decryption tool

Researchers from Kookmin University and KISA (the Korea Internet & Security Agency) have released a free decryption tool for the Rhysida malware. It is available on the KISA website. Recent victims of Rhysida include the British Library and Sony’s Insomniac Games.

NIST publishes guidelines for securing software supply chains

NIST (the US National Institute of Standards and Technology) has now issued the final version of SP 800-204D, Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines. The guidance describes NIST’s SSDF (Secure Software Development Framework), and sets out ways to integrate elements of software supply chain security assurance into continuous integration/continuous delivery pipelines to demonstrate SSDF compliance.

Patch Tuesday: Microsoft patches two zero-day vulnerabilities

In February’s Patch Tuesday release, Microsoft addressed 73 vulnerabilities, including two zero-day and five critical vulnerabilities.


Key dates

31 March 2024 – PCI DSS v4.0 transitioning deadline 

Version 3.2.1 of the PCI DSS (Payment Card Industry Data Security Standard) is being retired on 31 March, to be replaced by version 4.0 of the Standard. There are more than 50 new requirements in PCI DSS v4.0. You can find out more about them on the PCI Security Standards Council’s website.


That’s it for this week’s round-up. We hope you found it useful.

We’ll be back next week with the biggest and most interesting news stories, all rounded up in one place.

In the meantime, if you missed it, check out last week’s round-up. Alternatively, you can view our full archive.


Security Spotlight

To get news of the latest data breaches and cyber attacks straight to your inbox, subscribe to our weekly newsletter: the Security Spotlight.

Every Wednesday, you’ll get a 4-minute email with:

  • Industry news, including this weekly round-up;
  • Our latest research and statistics;
  • Interviews with our experts, sharing their insights and expertise;
  • Free useful resources; and
  • Upcoming webinars.