Turkey, mashed potatoes, and gravy was not enough to deter attackers this past month as November continued to have its fair share of data breaches, cyber attacks, and costly lawsuits involving big name retailers and corporations. 

Compiled on December 2, the following lists are composed of data breach headlines that were published during the month of November. Source articles have been organized by industry (finance, healthcare, infrastructure, tech, retail, and miscellaneous) in reverse chronological order.

Security Breach Headlines in November 2024

Finance

11/20/2024

Fintech giant Finastra confirms it's investigating a data breach | TechCrunch 

Finastra, a London-based financial software company that serves most of the world’s top banks, has confirmed it’s investigating a data breach after a hacker claimed a compromise of the company’s internal file-transfer platform. Finastra spokesperson Sofia Romano confirmed the fintech giant detected what it calls “suspicious activity” related to an “internally hosted Secure File Transfer Platform (SFTP). Finastra confirmed data was exfiltrated from its systems through an incident disclosure shared with customers. 

11/19/2024

Six regional US banks are forced to issue urgent debit card alerts following a security breach 

Six US banks based in Massachusetts have sent letters to their customers warning them that their debit card information has potentially fallen into fraudsters' hands, forcing them to get new ones. The affected banks include Eagle Bank, The Village Bank, Savers Bank, Webster Five, Watertown Savings Bank, and Main Street Bank. Customers were told that a breach into a merchant's payment network allowed unauthorized access to their Mastercard debit card details.

11/11/2024

Debt Relief Firm Forth Discloses Data Breach Impacting 1.5 Million People | SecurityWeek 

Debt relief solutions provider Forth (Set Forth) is notifying 1.5 million individuals that their personal information was compromised in a May 2024 data breach where attackers accessed certain documents on its systems, including files containing personal information. The potentially compromised data, the company says, includes names, addresses, dates or birth, and Social Security numbers.

11/2/2024

Americans to score $4200 from $900k data breach settlement | The US Sun 

Paycom faced a class action lawsuit following the breach that failed to protect the personally identifiable information of its customers. During the breach that occurred between July 2023-October 2023, a hacker allegedly accessed details from clients through MOVEit Transfer, a secure file transfer application. Despite not admitting to any wrong doing, Paycom's guilty verdict will see entitled Americans earn up to $4,200.

11/2/2024

M2 crypto exchange hacked for $13M, user funds already restored | Coin Telegraph

Centralized cryptocurrency exchange (CEX) M2 was hacked for $13.7 million worth of digital assets. M2 announced that the situation has been fully resolved and customer funds have been restored. The incident occurred nearly four months after a hacker stole over $230 million from WazirX, an Indian cryptocurrency exchange, in the second-largest cryptocurrency hack of 2024 so far.

Healthcare

11/29/2024

Alder Hey children's hospital explores 'data breach' after ransomware claims | The Guardian

The INC Ransom group, has claimed to have stolen and published data containing the personal information of patients, donations from benefactors and procurement information from the Alder Hey children’s hospital in Liverpool. The Alder Hey children’s NHS foundation trust said it was aware of the alleged leak and was working to verify whether the data belonged to the hospital.

11/29/2024

French Hospital Suffers Cyber Attack Leaking Over 750000 Medical Records | CPO Magazine

Softway Medical Group has confirmed that an attacker breached the MediBoard health records system using compromised credentials belonging to the impacted hospital. Softway insists the breach did not result from a system misconfiguration or software vulnerability and that the impacted data was under the impacted hospital’s management. The threat actor is selling access to the compromised Softway’s MediBoard system, allegedly granting “exclusive control over multiple establishments.”

11/28/2024

OnePoint Patient Care Data Breach Affects 1.7 Million Individuals; Ransom Group Leaks Data | The HIPAA Journal

OnePoint Patient Care notified the HHS’ Office for Civil Rights (OCR) about a hacking-related data breach that involved the protected health information of 795,916 individuals; however, on November 22, 2024, the Maine Attorney General was notified that the data breach affected more than twice the number of people – 1,741,152 individuals, including 99 Maine residents. 

11/25/2024

Texas health system reports data breach following ransomware attack 

UMC Health System in Lubbock, Texas, has disclosed a data breach involving patient information after a ransomware attack on its computer systems. During the investigation, UMC Health System learned that an unauthorized individual gained access to certain systems between Sept. 16 and Sept. 26, potentially stealing files before deploying ransomware that temporarily disrupted operations.

11/20/2024

Cyberattack at French hospital exposes health data of 750,000 patients | Bleeping Computer

A data breach at an unnamed French hospital exposed the medical records of 750,000 patients after a threat actor gained access to its electronic patient record system. Softway Medical Group has confirmed that hackers have compromised a MediBoard account. However, it noted that this was not the result of a software vulnerability or misconfiguration on their part, but rather through the use of stolen credentials used by the hospital.

11/15/2024

Equinox discloses data breach involving health info of clients, staff | Reuters 

Counseling and health services firm Equinox on Friday disclosed a data breach involving the personal health information of some current and former clients, as well as staff and has notified the individuals likely to have been affected. The information that could have been compromised varies between individuals, but may include names, social security numbers, financial account information and medication-related information, among others.

11/7/2024

Kaiser Permanente reports email data breach | TechTarget 

Kaiser Permanente notified its members and patients in Southern California of an email data breach where an unauthorized party gained access to two employee email accounts in September 2024. Further investigation determined that protected health information (PHI) was included in the breach. The PHI that was potentially accessed or viewed included names, medical record numbers, dates of birth and medical information.

11/4/2024

Gryphon Healthcare Facing Multiple Lawsuits Over 400,000-Record Data Breach | The HIPAA Journal

Gryphon Healthcare, a Houston, TX-based provider of revenue cycle management and medical billing services to healthcare providers, is facing multiple class action lawsuits over an August 2024 data breach that involved unauthorized access to the protected health information of almost 400,000 individuals. The compromised information included names, contact information, Social Security numbers, diagnosis and treatment information, health insurance information, and medical record numbers. The intrusion occurred via an unnamed IT service provider.

11/1/2024

Summit Pathology: 1.8 Million Individuals Affected by Ransomware Attack | The HIPAA Journal

Summit Pathology Laboratories, Inc., a Colorado pathology service provider, has confirmed in a breach report to the HHS’ Office for Civil Rights (OCR) that 1,813,538 patients have been affected by an April 2024 cyberattack. Summit Pathology said suspicious activity was identified within its computer environment on or around April 18, 2024, and immediate action was taken to prevent further unauthorized access. A third-party cybersecurity firm was engaged to investigate the incident and determine the nature and scope of the security breach.

Infrastructure

11/27/2024

Zello asks users to reset passwords after security incident | Bleeping Computer 

Zello, a mobile service with 140 million users, is warning customers to reset their passwords if their account was created before November 2nd in what appears to be another security breach. At this point, it is unclear if Zello suffered a data breach or a credential stuffing attack, but the notice indicates that threat actors may have access to the passwords of the company's customers.

11/11/2024

Newpark Resources hit by ransomware; activates cybersecurity response | Industrial Cyber 

Texas-based oilfield services supplier Newpark Resources detected a ransomware attack by an unauthorized party accessing internal systems in October. The company activated its cybersecurity response plan and began investigating with external advisors to assess and contain the threat. However, the ransomware incident disrupted access to some of the company’s information systems and business applications, but manufacturing and field operations continued using downtime procedures.

11/8/2024

Halliburton incurs about $35M in expenses related to August cyberattack  | Cybersecurity Dive

Halliburton CEO Jeff Miller said an August cyberattack and storms in the Gulf of Mexico resulted in a 2 cents a share impact on its adjusted earnings due to lost or delayed revenue, during a quarterly conference call with Wall Street analysts. The attack, which led to data theft, is suspected to be related to a threat group called RansomHub, one of the most active in the world this year. Miller said the attack did not have a material effect on its financial condition or operating results. 

11/6/2024

Schneider Electric suffers data breach, exposing critical project and user data | CSO Online 

A hacker group known as “Grep” has reportedly infiltrated Schneider Electric’s internal project tracking system, stealing about 40 GB of data in the latest cyberattack targeting the French multinational. Hackers have demanded $125,000 ransom in “baguettes” following Schneider’s third data breach in two years, spotlighting security concerns on the day the company appoints a new CEO.

11/3/2024

KPMG: US Energy Sector Faces High Risk of Cyber Attacks | Energy Digital Magazine

Recent findings from KPMG and Security Scorecard have pinpointed the energy sector in the US as particularly vulnerable to supply chain cyber-attacks. Data has indicated that within the last year, 45% of security breaches in this sector were due to third-party vulnerabilities. This figure starkly contrasts with a global average of 29% across various industries. Furthermore, an overwhelming 90% of repeatedly compromised energy companies were breached via third-party channels. As energy companies transform into technologically advanced entities, they encounter new kinds of vulnerabilities such as cyber theft, a method that is more lucrative and less risky than traditional methods.

Tech

11/18/2024

Twitch data breach leaves Amazon with major fine | TechRadar 

Türkiye has fined Amazon $58,000 for the Twitch data breach in 2021 where an anonymous hacker leaked the entirety of the popular video game live streaming service, including its source code and personally identifiable information (PII) of its users. Due to 35,274 Turkish nationals being affected, KVKK imposed a 1.75 million lira (~$51,000), fine for inadequate security and 250,000 lira (~$7,000) for failing to report the breach.

11/18/2024

Facebook Data Breach Fallout—Millions May Receive Compensation | Forbes 

A German court has ruled that users affected by the massive 2019 data breach can seek compensation without proving specific damage. This ruling represents a meaningful shift in how tech companies may be held accountable for data protection failures. The 2019 breach exposed the personal information of 533 million Facebook users across 157 countries through a technique known as "scraping."

11/18/2024

US space tech giant Maxar discloses employee data breach | Bleeping Computer 

Hackers breached U.S. satellite maker Maxar Space Systems and accessed personal data belonging to its employees, the company informs in a notification to impacted individuals.The threat actor compromised the company network about a week before the discovery of the intrusion. Immediately after discovering the unauthorized access, the company took action to prevent the hackers from reaching further into the system.

11/15/2024

Second threat actor claims Cisco data breach | Cyber Daily 

Last month, IntelBroker, an infamous threat actor, claimed to have accessed Cisco’s systems and exfiltrated data belonging to the company and its clients. In reference to the IntelBroker data breach, Cisco confirmed the incident but stressed that its own network was safe and that the threat actors breached a third party.

11/7/2024

As Hacker Gives Stolen Data Away, Nokia Issues New Denial Statement | Forbes

Notorious hacker IntelBroker has offered data including source code and internal credentials claimed to have been stolen from Nokia for sale. The data is alleged to have been stolen during a breach of a third-party contractor which “directly worked with Nokia to help aid their development of some internal tools.". A Nokia spokesperson denied any evidence that its systems or data had been impacted and pointed to it being a “3rd party security incident, related to a single customized software application.” The hacker has claimed to have a hack on a third-party contractor. 

11/5/2024

Canada arrests suspected hacker over breach of 160+ Snowflake users' data | SiliconANGLE

Canadian authorities have arrested a person suspected to be behind a large-scale hacking campaign that targeted Snowflake Inc. users: Alexander Moucka, “one of the most consequential threat actors of 2024.” An investigation on the dataset that had been stolen from an unnamed organization’s Snowflake environment led to the discovery that more than 160 other Snowflake customers were breached as well, including large enterprises such as AT&T and Ticketmaster. 

Retail

11/25/2024

Blue Yonder Ransomware Attack Hits Starbucks, Supermarkets | Dark Reading 

A disruptive ransomware attack on Blue Yonder, a supply chain management software provider for major retailers, consumer product companies, and manufacturers, highlights the heightened risk organizations face during the busy holiday season. A November attack on Blue Yonder affected infrastructure that the company uses to host a variety of managed services for customers, which include 46 of the top 100 manufacturers, 64 of the top 100 consumer product goods makers, and 76 of the top 100 retailers in the world.

11/19/2024

Ford Investigating Potential Breach After Hackers Claim Data Theft | SecurityWeek 

Notorious hacker IntelBroker and a hacker called EnergyWeaponUser claim to have targeted Ford this month and they allegedly obtained 44,000 customer records, including names, physical addresses, and information on product acquisitions. Ford is aware and is actively investigating the allegations that there has been a breach of Ford data.

11/12/2024

Millions of Hot Topic Customers Impacted by Data Breach | SecurityWeek 

Roughly 57 million unique email addresses allegedly stolen from fashion retailer Hot Topic have been posted online, data breach notification website Have I Been Pwned warns. Shortly after the initial report, Atlas Privacy analyzed the allegedly stolen data and identified approximately 54 million email addresses in it. Roughly 25 million credit cards, 25 million names, 25 million phone numbers, and tens of millions of birth dates, home addresses, and job titles were also compromised, Atlas said.

11/11/2024

Grocery giant Ahold Delhaize's US operations disrupted by cyberattack | Cybersecurity Dive 

Ahold Delhaize said that it had “detected a cybersecurity issue within its U.S. network” and was investigating with help from outside experts, but did not indicate what might have impacted its online infrastructure. The company said it took some systems down and notified authorities about the incident.

11/11/2024

Amazon Confirms Employee Data Was Exposed Through MOVEit Breach | Forbes 

In a significant development that underscores the lasting impact of 2023's MOVEit vulnerability, Amazon has confirmed that employee data was compromised through a third-party property management vendor. The breach, revealed by a threat actor known as "Nam3L3ss," exposes the continuing ripple effects of one of last year's most devastating supply chain attacks.

11/10/2024
200,000 SelectBlinds Customers Exposed In Card-Skimming Data Breach | Forbes 

SelectBlinds, an Arizona-based window coverings retailer, has disclosed a massive data breach affecting 206,238 customers. The breach began on Jan. 7 and was only discovered on Sept. 28, when the company identified suspicious activity on its website, as detailed in breach notifications filed in Maine and California. Through an e-skimming operation, attackers had gained access to sensitive customer data, including card numbers, expiration dates and CVV security codes. The SelectBlinds breach reflects a growing pattern of sophisticated payment card theft that has caught the attention of law enforcement worldwide.

11/8/2024

Casio Confirms Oct. 08 Ransomware Attack—Were Passwords Compromised? | Forbes 

Casio confirmed that a ransomware attack occurred on Oct. 08 and had caused the leakage of personal information and confidential internal information. Email users had been sent an early warning as a “precautionary measure related to the Ransomware Attack.”

Miscellaneous

11/26/2024

New York Fines Geico and Travelers $11 Million Over Data Breaches | SecurityWeek 

Auto insurance companies Geico and Travelers were fined $11 million in New York over data breaches that impacted the personal information of over 120,000 individuals. Vulnerabilities in the company’s website and insurance agents’ quoting tool eventually led to attackers compromising the personal information of approximately 116,000 New York residents.

11/25/2024

Employee data leaked in security breach at Granite School District | ABC4 News

After personally identifiable information was leaked in a cybersecurity incident at Granite School District, all employees have been urged to place fraud alerts on their accounts, according to the district. The investigation is ongoing, and the district said it is still working to determine what type of information has been compromised after the incident.

11/25/2024

Microlise Confirms Data Breach as Ransomware Group Steps Forward | SecurityWeek 

UK-based vehicle tracking solutions provider Microlise confirmed last week that data was stolen from its systems during an October cyberattack. The incident resulted in a large portion of Microlise’s network being disrupted, which impacted tracking systems and panic alarms in the prison vans and courier vehicles of at least two operators, namely DHL and Serco. The SafePay ransomware group listed the company on its Tor-based leak site, claiming the theft of 1.2 terabytes of data.

11/22/2024

Hackers Breach Andrew Tate's Online 'University,' Exposing 800,000 Users | PCMag 

Controversial influencer Andrew Tate's self-dubbed "online university" has been hacked. Tate's website, "The Real World," previously called Hustler's University, sells courses on fitness, finance, content creation, AI, etc and charges a monthly fee of about $50. The website currently has 113,000 active users. But its security is "hilariously insecure," according to the hackers, who described "hacktivism" as their motive. 

11/15/2024

Keyboard robbers steal 171K customers' data from AnnieMac mortgage house | The Register

American Neighborhood Mortgage Acceptance Company, which trades as AnnieMac Home Mortgage, said an unknown intruder "viewed and/or copied" some customer data between August 21 and 23. The affected data types include names and social security numbers (SSNs).

11/12/2024

Personal Data of 216K Tech Job Seekers Left Unsecured, Researcher Says | Business Insider 

An IT researcher found that the unsecured files from a tech recruiter's database included personally identifying information of an estimated 216,000 job seekers — including data like names, phone numbers, passport numbers, visa information, and partial Social Security numbers. The security report indicated that Alltech left its database of job candidate information unsecured without a password, leaving personal identifying information of about 216,000 tech job candidates exposed.

11/8/2024

Another US law firm reaches data breach settlement as cyber risks mount | Reuters Florida business law firm Gunster has agreed to pay $8.5 million to resolve a proposed class action over a 2022 data breach that allegedly exposed the personal and health information of thousands of people. It would resolve one of two cases filed this year against West Palm Beach-founded Gunster over a data security incident that allegedly compromised the personal data of nearly 10,000 people, including former and current clients and employees.

11/4/2024

City of Columbus: Data of 500,000 stolen in July ransomware attack | Bleeping Computer 

​The City of Columbus (Ohio’s capital city with a population of over 905,000) notified 500,000 individuals that a ransomware gang stole their personal and financial information in a July 2024 cyberattack. The resulting outages affected various services and IT connectivity between public agencies. The Rhysida ransomware gang claimed the attack the same day, alleging they had stolen databases containing 6.5 TB of data, including employee credentials, city video camera feeds, server dumps, and other sensitive information.

11/2/2024

Landmark Admin Data Breach Impacts 800,000 Insurance Customers | Forbes 

Landmark Admin, a company that provides administrative services to some of the largest insurance companies in the U.S., has recently announced that a cyberattack in May 2024 exposed the personal information of over 800,000 individuals. Landmark Admin partners with include American Monumental Life Insurance Company, Pellerin Life Insurance Company, and American Benefit Life Insurance Company. 

11/1/2024

LA housing authority confirms breach claimed by Cactus ransomware | Bleeping Computer 

The Housing Authority of the City of Los Angeles (HACLA), one of the largest public housing authorities in the United States, confirmed that a cyberattack hit its IT network after recent breach claims from the Cactus ransomware gang. Cactus claims this stolen data includes "personal Identifiable Information, actual database backups, financial documents, executives/employees personal data, customer personal information, corporate confidential data and correspondence," and has already published some screenshots of sensitive documents on its leak site as proof.

Access Control Matters

The rising frequency and sophistication of data breaches underscore the critical importance of proactive, preventative security measures. Organizations must shift from reactive security approaches to preventive approaches that emphasize strict access control. By implementing granular access policies, companies can contain potential breaches and protect sensitive data before security incidents occur. The best time to secure systems is before the breach or attack happens.

Built upon the idea of continuous verification, Pomerium is a zero-trust reverse proxy that helps enterprises manage secure application access. Authenticate, authorize, monitor, and secure user access to any application without a VPN. 

Companies are choosing Pomerium to modernize their security infrastructure and protect their systems.

Try Pomerium Today.