The Week in Breach News: 1/15/25 – 1/21/25

The Texas Health and Human Services Commission (HHSC) disclosed on Friday that 61,000 individuals may have had their personal data improperly accessed by agency employees. Information involved includes Social Security numbers, full names, home addresses and Medicaid and Medicare Identification Numbers. HHSC terminated the employees responsible and referred the case to the agency’s Office of Inspector General for potential criminal charges. Recipients of the Supplemental Nutrition Assistance Program (SNAP) are advised to monitor Lone Star Card transactions for fraudulent activity. Affected individuals should review their accounts closely and report any suspicious charges immediately.

Bank of America filed a data breach notice with the Attorney General of Massachusetts after discovering unauthorized access to a third-party vendor’s systems on October 1, 2024. The breach exposed sensitive information about certain loan customers. The potentially exposed data includes names, addresses, passport numbers, phone numbers, Social Security numbers and loan numbers. BofA has since sent notification letters to affected customers, detailing the breach and its impact. 

Hotel management platform Otelier has experienced a data breach. Threat actors claim that they accessed its Amazon S3 cloud storage to steal nearly 8 terabytes of data regarding major hotel brands like Marriott, Hilton and Hyatt. The breach began in July 2024 and continued through October 2024. The sensitive documents reportedly snatched include personal information, reservations, nightly reports, shift audits and accounting data. The attackers said that they gained access to Otelier’s Atlassian server through stolen employee credentials harvested via malware. Otelier, formerly MyDigitalOffice, serves over 10,000 hotels worldwide. 

Indiana University Health (IU Health) has confirmed that unusual activity linked to a team member’s email account resulted in unauthorized access to sensitive information, including a limited number of Social Security numbers. The breach, discovered on November 8, revealed that the account was accessed between August 27 and October 2, 2024. Exposed data may include addresses, ages, medical record numbers, diagnoses, and other limited treatment details. IU Health has since secured its systems and is notifying affected individuals. The organization began notifying affected individuals on January 2 and is providing dedicated call center support to answer any questions.

Technische Universiteit Eindhoven (TU/e) took its internal network offline on Sunday following a cyberattack, disrupting access to essential services like email, Wi-Fi, Canvas, and Teams for students and staff. As a result, no educational activities are taking place, including planned makeup sessions and exam preparations. The university’s ICT experts are investigating the attack’s scope and expect the network to be restored by Tuesday. Despite the disruption, TU/e’s buildings and campus remain open.

New Brunswick Liquor (NB Liquor) stores are still working to restore their point-of-sale systems one week after a suspected cyberattack disrupted operations. The Crown corporation initially shut down all stores last Wednesday to protect customers and reopened the following day, but transactions remain limited to cash. Early last week, NB Liquor announced it still could not yet accept debit, credit or gift cards and expected system recovery to extend into the week. Cannabis NB stores have been similarly affected. Alcohol NB Liquor (ANBL) is the provincial Crown corporation that governs the purchase, importation, distribution and retail sale of all alcoholic beverages and cannabis in the province. 

Roseltorg, Russia’s primary electronic trading platform for government and corporate procurement, confirmed a cyberattack on its systems after initially attributing outages to “maintenance work.” The attack, claimed by the pro-Ukraine hacker group Yellow Drift, reportedly resulted in the deletion of 550 terabytes of data, including emails and backups. While Roseltorg stated that its data and infrastructure have been restored, its website remains offline and trading systems are yet to resume full operations. The breach has disrupted clients, including government agencies and suppliers, raising concerns about financial losses and delays in procurement processes. Yellow Drift shared screenshots of the compromised infrastructure as proof of the attack.