T-Mobile Data Breach Leaves Customers Vulnerable to SIM Swapping

T-Mobile has had another data breach, although a report suggests this one is less severe than the one in August. Only a small set of customers have been affected, but they could be vulnerable to a SIM swapping attack.

This is where a malicious actor will change the physical SIM card associated with a phone number in order to obtain control of said number. This can, and often does, lead to the victim’s other online accounts being accessed via two-factor authentication codes sent to their phone number. The document says that customers affected by a SIM swap have now had that action reversed.

Planned Parenthood Hack Leaked Data for 400,000 Patients

In October, a Planned Parenthood facility in Los Angeles suffered a data breach. It affected about 400,000 patients.

Letters from PPLA to affected patients warned that “we identified files that contained your name and one or more of the following: address, insurance information, date of birth, and clinical information, such as diagnosis, procedure, and/or prescription information.”

Data Breach of California Pizza Kitchen Leaks 100,000 Social Security Numbers

TechCrunch reports that California Pizza Kitchen suffered a data breach in September. The SSNs of over 100,000 employees were leaked as a result.

While CPK didn’t confirm how many people are impacted by the breach, a notification from the Maine attorney general’s office reported a total of 103,767 current and former employees — including eight Maine residents — are affected. CPK employed around 14,000 people as of 2017, suggesting the bulk of those affected are former employees.

Phlebotomy Training Specialists Exposes Student Data in Breach

Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data breach from Phlebotomy Training Specialists.

Unfortunately, the company was storing the complete records of 10,000s of students nationwide on a single, open cloud account. In this case, Phlebotomy Training Specialists was using an Amazon Web Services (AWS) S3 bucket to store data it collected from students, staff members, and people applying to its courses. S3 buckets are an increasingly popular enterprise cloud storage solution. However, users must set up their security protocols manually to protect the data stored therein.

Dental Data Breach Affects 125,000 Patients in 10 States

North American Dental Management suffered a data breach between March 31 and April 1, 2021. It happened as the result of phishing. This group provides administrative and technical support services for Professional Dental Alliance (PDA) offices.

PDA said that it had not found any evidence of any actual misuse of personal information and that its investigation of the matter indicates that the attack was limited to email credential harvesting.

The threat actor did not access PDA’s patient electronic dental record or dental images; however, the Alliance found that some sensitive personal information may have been present in the compromised email accounts.

The breach was reported to the DHS’s Office for Civil Rights, impacting 125,760 patients in Connecticut, Florida, Georgia, Illinois, Indiana, Massachusetts, Michigan, New York, Texas and Tennessee.

SMS Routing Company 'Syniverse' Admits it was Hacked in 2016

Syniverse provides backbone services to wireless carriers like AT&T, Verizon, T-Mobile, and several other carriers. It discovered the breach in May 2021 but it began in May of 2016.

Syniverse repeatedly declined to answer specific questions from Motherboard about the scale of the breach and what specific data was affected, but according to a person who works at a telephone carrier, whoever hacked Syniverse could have had access to metadata such as length and cost, caller and receiver’s numbers, the location of the parties in the call, as well as the content of SMS text messages.

Health Apps Must Warn Users of Data Breaches, Says FTC

The Federal Trade Commission issued a policy statement on Thursday. It says that health apps and wearable companies must warn their users of data breaches or face fines.

In a policy statement adopted during an open meeting, the Commission noted that health apps, which can track everything from glucose levels for those with diabetes to heart health to fertility to sleep, increasingly collect sensitive and personal data from consumers These apps have a responsibility to ensure they secure the data they collect, which includes preventing unauthorized access to such information.

Excellent news. Now they should make sure the fines are high enough to deter repeat offenders (cough T-Mobile).