Cyber News Rundown: Over 2.5 million dental patients affected by Smile data breach
Dental services provider Smile Brands admitted that more than 2.5 million patients were affected by a 2021 data breach that initially listed only 2,200 affected patients. In other (dental) cybersecurity news, the American Dental Association was targeted by the Black Basta ransomware group.
Hackers list Coca-Cola data for sale after breach
Threat actors for the Stormous group posted a listing to their leak site claiming to contain 161GB of stolen data from a Coca-Cola data breach. While officials for Coca-Cola revealed that their systems were compromised by some type of cyberattack, they have not made any statements confirming whether any employee or customer information was exposed during the incident. It was also found that shortly before the cyberattack at Coca-Cola, Stormous had posted a poll that was asking followers to vote on the group’s next target and Coca-Cola won by a significant margin.
Smile Brands data breach expands to over 2.5 million patients
Nearly a year after the data breach was first reported, officials for dental services provider Smile Brands confirmed that the number of affected patients increased from the initial 2,200 to more than 2.5 million. Over the past year of investigation, the company has continued to notify newly identified patients of the third-party intrusion into their systems and the extent of patient information that had been exposed. Smile Brands and an affiliated dental office have also been served with a lawsuit regarding the ransomware attack and subsequent data theft.
Phase One of Hack DHS finds 122 vulnerabilities
Following the December announcement of the Hack DHS bug bounty program and completion of Phase One, the 455 invited security researchers discovered 122 vulnerabilities in Homeland Security’s systems. Twenty-seven of those vulnerabilities are classed as “critical.” With the success of Phase One, DHS handed out $125,600 in confirmed bug bounties and is preparing for Phase Two which has the researchers attend an in-person hacking event to continue the search for physical and network weaknesses.
British Army recruits’ data posted on leak site
IT staff for the British Army were forced to take their recruitment portal offline after discovering sensitive data on over 120 new recruits being posted to a dark web forum that is known for selling stolen data. In the month since the incident was first identified, officials have been able to restore their recruitment systems and begin an investigation with the Information Commissioner’s Office (ICO) into how the breach occurred and to what may come from the compromised data.
Black Basta ransomware group targets American Dental Assoc.
The American Dental Association (ADA) had to take emergency precautions when they identified a cyberattack on their systems and began taking them offline. Shortly after the ADA began informing their members of a security incident that was affecting many of their systems, the Black Basta ransomware group posted the stolen data on their leak site. The group claims that it contains W2s and other sensitive financial documents for hundreds of dental practices and state dental associations.
