June 2022 proved to be a trying time for organizations to keep their data safe from cyber criminals, as over 80 security incidents and 34.9 million records were breached, as reported by IT Governance. In particular, it seems the healthcare and finance sectors have been hit the hardest with the most major data losses during this month. Below, we detail how many people were left victims, what was stolen, and what led to these malicious cyber-attacks.
Shields Health Care Group
Massachusetts Shields Health Care Group disclosed in June 2022 their detection of a breach back in March 2022. Stolen data included social security numbers, medical records, and other private data. Upon investigation, it was determined that an unknown cybercriminal had access to this sensitive information from March 7, until March 21, 2022, unbeknownst to the organization at the time.
Flagstar Bank notified its customers of a breach of their personal information, during which the social security numbers of an estimated 1.5 million customers were stolen. The Michigan-based bank which operates 150 branches, and is one of the country’s largest mortgage lenders, reported that the breach occurred in December 2021, but was only just discovered in June 2022. Flagstar has promised two years of identity theft monitoring to victims of the attack.
A former Amazon employee was convicted in a 2019 Capital One breach where the employee used knowledge of cloud server vulnerabilities within Capital One and other companies to steal the personal information of over 100 million people. The former employee was convicted of wire fraud and five counts of unauthorized access to a protected computer. Capital One was found guilty of lacking security practices and was fined $80 million by the Office of Comptroller of Currency. Capital One is also set to pay an additional $190 million in the settlement.
Choice Health Insurance
On June 8th, 2022, Choice Health Insurance filed a notice that a breach had occurred compromising sensitive information about victims such as social security numbers, full names, Medicare beneficiary numbers, addresses, date of birth, and contact information. The data breach was found after the discovery that this sensitive information was being sold online via a popular hacker website.
Baptist Medical Center
In a breach affecting more than 1.2 million patients of the Baptist Medical Center in Texas, the names, full social security numbers, health insurance information, addresses, billing information, and medical records were taken by an unknown threat actor. The breach was reported on June 16, 2022, after a malicious line of code was discovered and installed on the organization’s computer network.
For the full list of breaches from June 2022, read more here.