Back to top

Hacks, Attacks and Breaches: 4/7/2021 to 4/13/2021

Suzanne Gassman

Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.

The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.

United States – CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC)

Exploit: Nation-State Hacking
CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC): Insurer

Risk to Small Business: CareFirst BlueCross BlueShield’s Community Health Plan District of Columbia (CHPDC) has announced a data breach carried out by what it described as a “foreign cybercriminal” group. The insurer confirmed that sensitive information about members was snatched and that they have notified authorities including the FBI and the Office of the Attorney General for the District of Columbia

How it Could Affect Your Business: Nation-state cyberattack risks are not just a problem for government and military targets anymore. These clever cybercriminals will exploit any opening fast.

United States – Office Depot

Exploit: Unsecured Database
Office Depot: Business Supply Retailer 

Risk to Small Business: Security researchers discovered a non-password protected Elasticsearch database belonging to Office Depot that contained just under a million records. The exposed records were labeled as “Production” and contained customer information, file logs and other internal records for European customers, primarily in Germany. The company has addressed the issue.

How it Could Affect Your Business: Cybercriminals will benefit from this trove. Data like this is transacted every day on the dark web, providing ample ammunition for future cyberattacks and fraud.

United States – LinkedIn

Exploit: Scraped Records
LinkedIn: Social Media Network 

Risk to Small Business: Bad actors have dropped notice that they’ve obtained an archive containing data purportedly scraped from 500 million LinkedIn profiles. A sample of data was posted on a popular hacker forum, with another 2 million records leaked as proof of the haul. More than 780,000 email addresses are associated with this leak. The initial listing contained 4 archives, but after LinkedIn denied the data breach, threat actors updated their ad to include 6 additional archives that allegedly include 327 million scraped LinkedIn profiles, putting the overall number of scraped profiles at 827 million including potential duplicates.

How it Could Affect Your Business: Following hard on the heels of last week’s Facebook breach social media risks are multiplying fast and growing serious for businesses.

United States – Personal Touch Holding Corp. (PTHC)

Exploit: Hacking
Personal Touch Holding Corp. (PTHC): Home Healthcare Provider 

Risk to Small Business: New York based medical services provider PTHC has announced a data breach impacting patients. The conglomerate operates Medicare-certified home health agencies, licensed home care service agencies, hospice at home services and Early Intervention Programs, as well as a managed care plan in New York. Both patient data and Member information has been impacted. The incident is under investigation.

How it Could Affect Your Business: This breach is not just going to cost a fortune to fix now – it’s also likely to incur a hefty regulatory penalty from state and federal authorities.