Weekly Email Security News Recap #3 [October 2022]
Email security and cybersecurity news are everywhere with continuously evolving cyberattack methods. In the past week, major cybersecurity incidents occurred, like malware targeting Facebook accounts and a wine dealer Vinomofo data breach exposing 500,000 customers’ data.
Let’s see what else the latest cybersecurity news of the week has in store.
One story making headlines is the Keystone Health data breach.
Keystone Health is a Community Health Center serving Franklin County, Pennsylvania, generating around $35 million in annual revenue. The company operates locations like:
- Keystone Health
- Keystone Women’s Health
- Keystone Family Medicine
- Keystone Urgent Care
- Keystone Behavioral Health
- Keystone Pharmacy
At the beginning of the week, the healthcare provider filed an official notice of a data breach with the U.S. Department of Health and Human Services Office for Civil Rights after patients’ sensitive data was exposed.
More than 235,000 patients’ information was compromised, including names, clinical health data, and Social Security numbers.
On August 19th, Keystone Health discovered an incident that led to its computer systems shutting down temporarily. It contacted law enforcement and investigated with an outside cybersecurity firm to resolve the incident.
The company revealed that an unauthorized party had access to Keystone Health’s computer network from July 28th until August 19th, 2022, when it first discovered the incident.
Keystone Health sent out data breach letters to all the customers affected by the data security incident.
Data Breach Compromises 2.2M MyDeal Users’ Data
In other cybersecurity news, the Australian retail marketplace platform MyDeal suffered a massive data breach on October 14th, 2022, after a hacker gained access to the company’s customer relationship management (CRM) system using compromised user credentials.
The threat actor who compromised the data of 2.2 million customers tried to sell it on a hacker forum.
Though having purchased 80% of MyDeal, Woolworths insists that it wasn’t affected by the incident as its systems are on a completely different platform.
With access to MyDeal’s CRM system, the hacker could view and export customer data.
According to information from the company, the data breach exposed the following information of 2.2 million customers:
- Phone numbers
- Email addresses
- Birth dates
- Delivery addresses
For 1.2 million customers, only email addresses were exposed, but MyDeal says that no payment information, government IDs, and account passwords were breached. The hacker went so far as to put the stolen customer data on a hacking forum for $600.
MyDeal started sending data breach notifications to affected customers while informing them that customers who did not receive one were not affected.
Cybercriminals will continuously adopt new methods of social engineering and manipulation to target employees because people remain the power of any organization.
It’s never too late to implement proper security measures, so do it today!