United Health Data Leak Confirmed

 The ransomware gang claiming responsibility for the UnitedHealth Group data leak has confirmed the data for sale on the Dark Web is indeed their data on their patients.

 UnitedHealth group Change Healthcare is slowly gaining ground on backlogged payments to health providers.

 "A ransom was paid as part of the company’s commitment to do all it could to protect patient data from disclosure" - UnitedHealth Group

 The ransomware group, BlackCat/ALPH, pulled an exit move and left with the ransom. The claim of 6TB of patient and provider data has appeared and disappeared from the Dark Web site selling portions of that data.

 UnitedHealth group is preparing to offer two-years of credit monitoring and identity theft protection to affected parties after the investigation.

“Based on initial targeted data sampling to date, the company has found files containing protected health information (PHI) or personally identifiable information (PII), which could cover a substantial proportion of people in America,”

Omni Hotels and Resorts Data Breach Recent Update

 More information here.

An advantage of data protection services, earlier warnings of data breaches.

Roku Cyber Attack

 Roku announced 500,000 accounts impacted by cyber attack discovered while investigating a data breach affecting 15,000 Roku accounts.

 This second attack, a result of "credential stuffing" allowed attackers to make unauthorized purchases of hardware products and service subscriptions. Roku will reverse charges or refund to the affected accounts.

 Roku has enabled two-factor authentication for all Roku accounts.

AT&T Data Breach Update

 

All 70+ million current and past AT&T customers who are known to have their data for sale may soon get the above email. If you still have the same email you gave AT&T.

The subscription code is for Experian IdentityWorks service. 
We have covered Experian's privacy issues in past Cyber Security SIG recorded presentations.

AT&T had issues with the large amount of emails. Experian had issues with the large number of requests.

MalwareBytes Digital Footprint Scam

 MalwareBytes has a Digital Footprint Scan:

https://www.malwarebytes.com/digital-footprint

This is a result you hope for:

In my testing the passwords/passphrases returned are accurate.

AND have i been pwned?

Google for Privacy?

 Google is not known for their privacy.
Their revenue stream comes from collecting data about us.
We know that!

BUT
Did you know you can use that collected data to your benefit also?

You can login to your Google account(s) and
1) Create an alert with search terms.

2) Using Google One you can search the dark web for:

Social Security Number (requires verification)
Name(s)
Physical Addresses
Phone Numbers
Email Addresses
And get results (very disturbing results)

NOTE: The Password results. These are in the clear passwords available on the Dark Web we keep hearing about.
(More like grey web BUT ...)

Invest some time now. Let family, friends, neighbors, and members know.

Apple releasing security fixes today 25-Mar-2024

  Security updates for macOS 14.4.1, macOS Ventura 13.6.6, iOS 16.7.7, and visionOS 1.1.1 join the security patches to iOS 17.4.1 and iPadOS 17.4.1 released 21-Mar-2024.

 These security updates fix vulnerabilities that could lead to arbitrary code execution. Thus important.