Yazılar

UnitedHealth Tech Unit Hack Affected 192.7 Million People

/in /tarafından

A cyberattack on UnitedHealth Group’s (UNH.N) technology unit, Change Healthcare, last year affected 192.7 million people, according to the U.S. Department of Health and Human Services (HHS). The company had previously estimated the breach impacted 190 million individuals.

Disclosed in February 2024, the attack—identified as the largest healthcare data breach in U.S. history—was carried out by hackers claiming to be part of the “Blackcat” ransomware group. The breach caused widespread disruptions in claims processing and affected patients and healthcare providers nationwide.

A UnitedHealth spokesperson confirmed, “The final total number of individuals impacted by the Change Healthcare cyberattack is approximately 192.7 million,” noting that state-by-state figures may vary.

Compromised data is believed to include health insurance member IDs, patient diagnoses, treatment records, social security numbers, and provider billing codes. The breach is now listed in HHS’s official database of healthcare data breaches maintained by its Office for Civil Rights.

Australia’s Privacy Regulator Sues Optus Over Massive 2022 Data Breach

/in /tarafından

Australia’s privacy regulator, the Australian Information Commissioner (AIC), has filed a lawsuit against Optus, the Singapore Telecommunications-owned carrier, alleging violations of the Privacy Act 1988 related to a 2022 cyberattack that compromised personal data of nearly 9.5 million customers.

The lawsuit names both Singtel Optus Pty Ltd and Optus Systems Pty Ltd as defendants. The AIC claims a separate breach for each affected customer, with potential fines up to A$2.2 million per breach. However, the regulator has not disclosed the total fine amount sought. Optus is currently reviewing the claims but has not yet assessed the financial impact.

The September 2022 cyberattack is considered one of the worst data breaches in Australia’s history, exposing sensitive information including home addresses, passport details, and phone numbers. Around 10 million Australians—about 40% of the population—were affected, and many experienced a significant disruption to mobile, broadband, and landline services.

The breach sparked calls from Prime Minister Anthony Albanese for stronger privacy laws and faster breach notifications, especially to banks. Optus has also faced ongoing criticism due to a 12-hour nationwide network outage in 2023, leading to the resignation of then-CEO Kelly Bayer Rosmarin.

In addition to this legal action, Optus was taken to court by Australia’s domestic media regulator earlier in 2024 over the same cyberattack.

UK Police Arrest Four Suspects Over Cyberattacks on M&S, Co-op, and Harrods

/in /tarafından

Four individuals under the age of 21 have been arrested in connection with cyberattacks that disrupted operations at major UK retailers Marks & Spencer (M&S), the Co-op, and Harrods, the National Crime Agency (NCA) announced on Thursday. The most severe incident occurred in April when a ransomware attack forced M&S to halt online clothing sales for nearly seven weeks, resulting in an estimated £300 million ($400 million) loss in operating profit.

The arrested suspects include three males aged 17, 19, and 19, and a 20-year-old woman. They were detained at their homes in the West Midlands and London. The NCA said they face allegations including offenses under the Computer Misuse Act, blackmail, money laundering, and involvement in organized crime. Authorities also seized their electronic devices, and the suspects are currently being questioned by the NCA’s National Cyber Crime Unit.

M&S Chairman Archie Norman revealed to lawmakers that the company had engaged with the U.S. FBI regarding the cyberattack. He suggested that loosely connected groups, possibly led by a hacking collective known as DragonForce, were behind the incidents. Norman also advocated for UK businesses to be legally mandated to report significant cyberattacks, noting that some major breaches recently went unreported.

M&S resumed online clothing orders on June 10 after a 46-day suspension, although click-and-collect services remain offline. CEO Stuart Machin expressed confidence that the company would be through the worst of the attack’s impact by August.