September 2024 Data Breaches [LIST]

September 25, 2024

Data breaches continue to make headlines, no matter the industry and the size of the company. It’s becoming increasingly apparent that even the most secure companies experience data breaches and that the need for increased cybersecurity defenses has never been higher: companies should bolster their defenses before the breach occurs.

Compiled on September 25, the following list is composed of data breach headlines that were published during the month of September. Source articles have been organized by industry in reverse chronological order.

Security Breaches Reported in September 2024

Finance

09/16/2024

DeltaPrime on ARB Chain Suffers Security Breach, $6 Million Loss Estimated | Coinspeaker 

DeltaPrime, a decentralized finance (DeFi) platform operating on the Arbitrum chain, has been compromised in a cybersecurity breach resulting in a loss of approximately $6 million due to a private key exploit. 

09/09/2024

Payment Gateway SLIM CD Data Breach: 1.7 Million Users Impacted | HackRead

Payment gateway platform SLIM CD suffered a massive data breach between August 2023 and June 2024, compromising over 1.7 million customers’ personal and credit card information.

Healthcare

09/25/2024

Elitecare Emergency Hospital suffers healthcare data breach | TechTarget

Elitecare Emergency Hospital notified 24,754 individuals of a cybersecurity incident where health insurance information, medical information, among others were accessed by an unauthorized party. UT Southwestern Medical Center and Richland County have also suffered healthcare data breaches. 

09/24/2024

U.S. govt agency CMS says data breach impacted 3.1 million people | Bleeping Computer 

The Centers for Medicare & Medicaid Services (CMS) federal agency announced that health and personal information of more than three million health plan beneficiaries was exposed in ransomware attacks last year.

09/16/2024

88000 Impacted by Access Sports Data Breach Resulting From Ransomware Attack | SecurityWeek

New Hampshire-based orthopedics services provider Access Sports Medicine & Orthopaedics is informing 88,000 individuals of compromised personal and health information due to suspicious activity on its network on May 10, 2024. 

09/04/2024

Data Breaches Reported by Three Californian Healthcare Providers | The HIPAA Journal 

Data breaches involving unauthorized access have been reported by Californian healthcare providers Vasinda’s Around the Clock Care, Baker Places, Turning Point of Central California, and Watson Clinic in Florida. Providers have since been sending notification letters to affected individuals.

Tech

09/23/2024

Hackers Allegedly Claim Leak of Oracle Data on Hacking Forum | Cyber Security News 

Oracle has yet to confirm or deny breach claims that reportedly occurred in September 2024 and involved the exposure of 4,002 rows of employee information.

09/22/2024

Hackers Claim Second Dell Data Breach in One Week | Hackread 

Within a week of the first Dell data breach, Hackers claim to have breached Dell a second time, exposing sensitive internal files via compromised Atlassian software suite. Dell is already investigating the first incident but has yet to address the latest breach claims.

09/18/2024

Hacker claims to have stolen 20GB data hoard from Capgemini, and is threatening to leak it all | Tech Radar

Capgemini, a French tech and consulting giant, has yet to comment on a hacker’s claims to have stolen 20 gigabytes of sensitive data including databases, source code, keys credentials, and employee data, among others.

09/18/2024

Russian security firm Dr.Web disconnects all servers after breach | Bleeping Computer 

Doctor Web, a Russian anti-malware company, disclosed a security breach after its systems were targeted in a cyberattack. The company disconnected all servers from its internal network and was forced to stop delivering virus database updates to customers while investigating the breach.

09/17/2024

Cybersecurity firm reveals breach in third-party cloud system | Insurance Business Australia 

Cybersecurity firm Fortinet has disclosed a recent security breach where files stored in a third-party cloud-based file-sharing system were accessed by an unauthorized individual. Less than 0.3% of Fortinet’s customer data was affected.

09/05/2024

Microchip Technology Confirms Personal Information Stolen in Ransomware Attack | Security Week

US-based semiconductor supplier Microchip Technology has confirmed that data was stolen from its systems during a ransomware attack in August. Data was leaked after extortion attempts failed.

Retail

09/22/2024

Harvey Nichols confirms cyberattack, says customer data leaked | TechRadar

Harvey Nichols, a luxury British department store chain known for offering high-end fashion, beauty, food, and home products, suffered a cyberattack in which crooks stole “non-sensitive” user data such as postal addresses, phone numbers, and email addresses. Harvey Nichols is not providing much information regarding the breach.

09/18/2024

Temu denies data breach — but hacker claims to have leaked 87 million strong database | Tech Radar

Ecommerce giant Temu is denying a hacker’s claim that millions of customer records were stolen. As proof of the database’s authenticity, the hacker advertised a small sample containing usernames and IDs, IP addresses, full names, birth dates, gender, shipping addresses, phone numbers, and hashed passwords. 

09/16/2024

David’s Bridal notifies staff and customers of data breach following two ransomware attacks | Comparitech 

David’s Bridal notified 4,132 Texans of a data breach that compromised their personal information. The company is already facing at least two class-action lawsuits for failing to protect customer and employee personal information.

09/15/2024

Toyota has a data dilemma after hackers leak 240GB of customer information | Fox News 

A hacker leaked a 240GB file containing data stolen from a branch of Toyota. Although the leak was initially acknowledged, Toyota later claimed that the data was stolen from a third-party entity misrepresented as Toyota. 

09/06/2024

Car rental giant Avis data breach impacts over 299,000 customers | BleepingComputer

American car rental giant Avis notified over 299,000 impacted customers of an unauthorized access incident in August where the attacker stole customers’ personal information.

09/05/2024

Park 'N Fly Data Breach Impacts a Million Customers | CPO Magazine 

Unauthorized activity involving compromised VPN credentials occurred in July, potentially exposing a million customers’ sensitive information. Park ‘N Fly stresses that the data breach did not expose customers’ payment information or login credentials.

Miscellaneous

09/24/2024

100 million Americans just had their personal information leaked in the massive MC2 Data breach | ITPro

Background check firm MC2 Data has had 2.2TB of their data leaked—most likely due to human error. Nearly one-third of the US population may have had their personal data exposed. 

09/24/2024

Deloitte Says No Threat to Sensitive Data After Hacker Claims Server Breach | SecurityWeek

The audit and consulting giant has confirmed being aware of the claims and a statement provided to SecurityWeek suggests that the company did indeed suffer a data breach, but impact is limited.Prevent Data Breaches Before They Happen

Access Control Matters

Identity and access management (IAM) is imperative to deter and prevent data breaches before they happen. Regulating who or what is allowed to access particular information can prevent lateral movement even if the system is breached, minimizing the effect of the breach.

Built upon the idea of continuous verification, Pomerium is a zero-trust reverse proxy that helps enterprises manage secure application access. Authenticate, authorize, monitor, and secure user access to any application without a corporate VPN.

Share:

Stay Connected

Stay up to date with Pomerium news and announcements.

More Blog Posts

See All Blog Posts
Blog
What is Zscaler and How Does it Work?
Blog
Reference Architecture: Using AWS EKS with Pomerium
Blog
Identity Aware Proxy (IAP): Meaning, Pricing, Solutions

Revolutionize
Your Security

Embrace Seamless Resource Access, Robust Zero Trust Integration, and Streamlined Compliance with Our App.

Pomerium logo
© 2024 Pomerium. All rights reserved