#Hacktivity Report February 28, 2025
Each week, we’ll spotlight high-profile stories on cyber attacks, ransomware, identity theft, and other digital crimes. The frequency and impact of these incidents on individuals and businesses are on the rise.
We don’t need to accept this as the norm, nor as simply the price of being online.
Using independently encrypted shared blocks, IronWeave offers unparalleled privacy, security, and scalability. Our patented shared-block architecture empowers you to determine who can see and share your data.
We are ushering in the new era of Read, Write, Own and SECURE.
24,041 Americans Affected As Billion-Dollar Bank Suffers Data Breach
The Massachusetts-based lender Reading Cooperative Bank (RCB) reported a phishing-related cyberattack has impacted 24,041 customers. The bank has informed customers who are especially concerned about the breach can consider placing a security freeze and a fraud alert on their credit file. This feels like to being mugged, handing over your wallet and then having the police tell you to monitor your credit card statements for unusual activity. Wasn’t it your job to prevent me from being robbed in the first place?
Philippine army confirms cyberattack on its networks
Ten thousand records of both active and retired service members of the Philippine army were accessed, revealing military details, such as names, ranks, addresses, medical records, financial data and criminal histories. According to the Philippines' digital security advocacy group Deep Web Konek, the hacker group known as Exodus Security claimed responsibility for the attack. Cold warfare is a cause for real concern and we need to do a better job in defending online data.
VectraRx Mail Pharmacy Services Notifies 109K Individuals About Data Breach
The data breach exposed electronic protected health information (ePHI) and included names, dates of birth, Rx numbers, Rx information, dates of service, and Social Security numbers. It’s easy to imagine the harm insurers and employers might do when they know your medical condition and the medications you use. Will you be made whole for any harm that comes from this breach?
US employee screening giant DISA says hackers accessed data of more than 3M people
DISA, which provides services like drug and alcohol testing and background checks to more than 55,000 enterprises and a third of Fortune 500 companies, confirmed the breach in a filing with Maine’s attorney general on Feb. 24. This is incredibly sensitive data and could be a potent weapon in the wrong hands. There should be serious consequences for companies failing to safeguard the data entrusted to them. Without that, the limited costs are only an entry in the debit column of their P & L statement. No more business as usual.
#Hacktivity Report February 21, 2025
Cyberattack Strikes Upstate New York Hospital, Systems Offline
This past week, Ithaca, N.Y.-based Cayuga Medical Center suffered a cyberattack, disrupting computer systems and halting emergency room admissions. Ambulances with stroke and heart attack patients were rerouted, and staff reverted to pen and paper for patient check-ins. While in "recovery mode," some systems remain offline. CMC, the leading healthcare provider in New York's Finger Lakes region, has 212 beds, over 1,500 staff, and more than 200 affiliated physicians. With lives at stake, these computer systems cannot afford to accept the risks that come with ‘business as usual’. That model is severely broken.
Massive data leak exposes over 14 million shipping records; customer info
Hipshipper, a global shipping business used by sellers on Amazon, eBay, and Shopify in over 150 countries, experienced the data breach in December and was able to fix the leak by January. What was accessed? Invoices, addresses, phone numbers, and email addresses, all of which enable the hackers to commit fraud against this customer base. Even if you got free shipping, this could cost you. How will they make it right?
3.9 Billion Passwords Stolen—What You Need To Know
As reported by Forbes:
More than 4.3 million machines were infected by infostealer malware across 2024 according to the latest KELA state of cybercrime report, published Feb. 20. The threat intelligence analysts also said they had observed 3.9 billion passwords “shared in the form of credentials lists that appear to be sourced from infostealer logs.”
No doubt there will be a ripple effect of crime, including fraud, identity theft, and more ransomware attacks. We don’t need to accept this. IronWeave offers data protection that is secure, private, and compliant when and where needed.
Pro-Russian hackers hit Italian bank, airport websites
Pro-Russian hackers have been linked to cyberattacks against 20 Italian websites, including sites for banking and airports. It’s likely these attacks were in response to Italy’s President Sergio Mattarella’s comments comparing Russia’s war against Ukraine to Nazi expansionism before World War II. Whatever the motivation, it’s clear that every store of data online needs better security.
Hacktivity Report February 14, 2025
U.S. Coast Guard Suffers Data Breach, Pay Delayed for 1,135 Members
The Coast Guard Reserve was previously breached in April of 2024 at which time 10,700 personnel were affected. Names, employee ID numbers and home addresses were accessed. The Coast Guard issued a statement that they are expediting the pay of affected personnel. “Fool me once, shame on you. Fool me twice…” What have they learned about protecting the data of those who protect us?
NorthBay Healthcare breach: Over 500 Thousand Americans Affected
The records of 569,012 Americans revealed names, financial account numbers, credit and debit card numbers, security codes, PINs and more. If corporations were truly held responsible, the costs of securing their data would seem reasonable by comparison. Call on business and governments to employ decentralized, secure and private data solutions.
ParkMobile Agreed to Pay Out $32 Million For Failing to Protect Data
Nearly four years after there data was breached the parking company settled a class action lawsuit for $32.8 million dollars. It’s safe to assume that had it gone to trial that sum would have been much greater. Will management of the company face consequences? If history is any indicator, the answer is no. There need to be incentives that make improved data security the better option than making payouts for ‘business as usual’.
Ransomware Attack Hits Taiwan-Based Circuit Board Maker Unimicron
The printed circuit board manufacturing giant experienced a ransomware attack Jan. 30. A hacker group, the Sarcoma gang, took responsibility for the attack and threatened to leak the data unless a ransom was paid. Once the ransom is paid the price of circuit boards has only one direction to go, up. All consumers end up paying for data breaches. We must demand better data security.
Hacktivity Report February 7, 2025
DOGE May Be A Cybersecurity Crisis - Or Upgrade Opportunity - Unfolding In Real-Time
“They call themselves the Department of Government Efficiency, or DOGE, and, according to an executive order, they’ve been empowered by President Donald Trump to streamline — or in some cases dismantle — federal agencies.” Forbes
Government data holds some of the most sensitive information in the world, and is likely based on old data stores and repositories (even with strong external security). Streamlining agencies likely also means better data storage, protection, and protection against bad-actor AI, which requires a new data store… like IronWeave. If government data were on IronWeave, not only would each instance of data (like a record, not the whole database) be encrypted, but you could see who tried to access it, when, and what action they took on it, all immutable and unerasable.
Why should those government data stores be updated, and replaced with something purpose-built for an online world? Because once those existing and antiquated data stores of personal health, financial, and national defense have been accessed, is there any way to “put the toothpaste back in the tube”? We need systems that don’t rely on the good faith or even competence of those responsible for safeguarding our data. We need systems that secure data, and each element individually, at its source… rather than hoping passwords or back-doors are locked well enough to keep the warehouses inside from looting.
Massive cyber attacks converge on healthcare
CB Insights reports on the enormous costs that cyber attacks have exacted from healthcare systems between 2017 and 2024. Over $10 billion. Imagine how that money could have been used to improve health outcomes and increase the bottom line for shareholders.
To quote a senator from a byegone era, “A billion here, a billion there, and pretty soon you’re talking about real money.” When will we act to demonstrate that this is unacceptable?
According to Tech Radar:
- Gravy Analytics is being sued for failing to protect personal data
- The suit comes after 17TB of records were allegedly stolen from the firm
- The hack on a data broker has sparked four lawsuits so far
This latest lawsuit is the fifth filed against the company for failing to protect personal data. All of us will end up paying the price of these cyber attacks.
Cyberattack Disrupts Publication of Lee Newspapers Across the U.S.
According to media company Lee Enterprises, many of their newspapers have experienced a “cybersecurity event” causing significant disruptions at dozens of its newspapers, forcing some to publish shorter editions or not print at all.
Lee Enterprises is the parent company of more than 70 daily newspapers, such as The St. Louis Post-Dispatch, and nearly 350 weekly and specialty publications in 25 states. A free press, often called the ‘fourth estate’, is necessary for a vibrant democracy. Their data and online systems media outlets must be protected.
Hacktivity Report January 31, 2025
DeepSeek Data Leak Exposes 1 Million Sensitive Records
On Jan. 29, cybersecurity researchers at Wiz Research reported that DeepSeek, a Chinese AI company, had suffered a major data leak, exposing over one million sensitive records including chat logs, system details, operational metadata, API secrets and sensitive log streams. How is DeepSeek - or each of the largest AI companies - handling data security and privacy? We’re all being encouraged to rely on AI for productivity and freeing our time for creative endeavors. But we are being asked to trust these centralized entities with our data. Does it make sense to trust them?
Medical monitoring machines spotted stealing patient data, users warned by FDA to pull the plug ASAP
The United States Food and Drug Administration has advised medical facilities and caregivers who monitor patients using Contec equipment to disconnect the devices from the internet ASAP.
"Once the patient monitor is connected to the internet, it begins gathering patient data, including personally identifiable information and protected health information, and exfiltrating the data outside of the health care delivery environment,"
New York Blood Bank Hit by Ransomware
Isn’t this data important enough to justify using the best data security technology available? New York Blood Center Enterprises provides blood products to over 400 hospitals in 17 states, as well as cellular therapy, specialty pharmacy, and medical services to over 200 academic, research, and biopharmaceutical organizations in the country.
ENGlobal Says Personal Information Accessed in Ransomware Attack
The company, which provides engineering and automation services to the federal government and critical infrastructure organizations, reported their system was breached two months after it occurred. To date the company has not disclosed what data was accessed but they state they will (future tense) inform the affected individuals.
“The company intends to provide notifications to affected and potentially affected parties and applicable regulatory agencies as required by federal and state law,” ENGlobal said.
How is it acceptable to do so little for the affected individuals?
#Hacktivity Report January 24, 2025
NYC law firm breach exposes data of 3.5M individuals
New York City-based law firm Wolf Haldenstein experienced a major breach and reports that the personal data of nearly 3.5 million individuals has been exposed. What did the hackers get? Full names; Dates of birth; Social Security numbers; Addresses for the past two to five years; Proof of current address; Photocopies of government issued IDs or driver’s licenses; and Copies of police reports, investigative reports or complaints to law enforcement. Oh, is that all? We have lost the data security war and bad actors are pillaging data at will. We need a meaningful response.
AIDS vaccine non-profit suffers cyberattack
The field of HIV/AIDS has a long history of facing opposition. Add this to their list of woes. International AIDS Vaccine Initiative (IAVI), a global non-profit based in New York, works to develop vaccines for AIDS and HIV. The hackers struck the organization last month and had access to people’s sensitive information. This is yet another call for distributed, private, secure data solutions.
Cloud-based hotel management platform Otelier hit by data breach
The cloud-based hotel management platform which serves over 10,000 hotels worldwide, experienced a major data breach involving their Amazon S3 cloud storage (another centralized data store). News outlets report the theft of 7.8 terabytes of data that affected several major hotel chains including Marriott, Hilton, and Hyatt.
Govtech giant Conduent won’t rule out cyberattack as outage drags on
Service has been disrupted at government contractor giant Conduent, a publicly traded company. (NASDAQ: CNDT) The cyber attack has left residents in several U.S. states without some benefits and support payments. The New Jersey-based Conduent supports approximately 100 million U.S. residents across various government health programs, assisting state and federal agencies deliver essential services.
Toronto school district says 40 years of student data stolen in PowerSchool breach
Canada’s largest school board says hackers may have accessed some 40 years’ worth of student data during the recent PowerSchool breach. Will this haunt these students for years?
#Hacktivity Report January 10, 2025
Washington state sues T-Mobile over 2021 data breach security failures
Washington State wants their residents to be compensated and for T-Mobile to demonstrate they have now implemented appropriate security measures. This story is not yet over.
SEC cyber attack disclosure rules baffle companies, one year later
New requirements for most public companies to disclose material cyber incidents within four business days went into effect Dec. 18, 2023. However…
“...only 16.9% of public 8-K filings disclosing a cyber incident provided specific details about the material impact it had on the company's business, according to a report from BreachRx released Tuesday.
- The report, shared exclusively with Axios, also showed that only 48% of 8-K filings provided any specifics about how the organization was responding to an ongoing incident.
- The other 52% of filings shared only the same, vague boilerplate language about the incidents.”
- Source: Axios
Businesses must be held accountable when they fail to protect sensitive data. Perhaps there would be better data security if the leaders of negligent companies faced more significant consequences.
Initially denying there was a ransomware attack, the tooth truth was pulled out of the company. We hope a $350,000 settlement will give this dental group something to chew on.
Hackers reportedly compromise Argentina’s airport security payroll system
Argentina’s airport security police (PSA) were the object of a cyberattack reported to have compromised the personal and financial data of its officers and civilian personnel. The hackers accessed PSA’s payroll records and deducted small amounts of money from employees' salaries. They then listed these fraudulent deductions — ranging from 2,000 to 5,000 pesos ($100 to $245) — as “DD mayor” and “DD seguros.”
Question: by deducting relatively small amounts, were they hoping to go undetected? Maybe it’s best not to try peering into the minds of hackers.