Massive US PII breaches: CareCloud/Hims/Nike/Marquis updates, healthcare ransomware surge, ExpressVPN AI, OK Tax/Check City
Key Questions
What does the ITRC report say about recent data breaches?
ITRC reported 3,322 breaches, a 79% rise. This includes massive PII exposures from CareCloud, Hims, Nike, and Marquis.
What happened in the CareCloud data breach?
CareCloud's EHR breach on March 16 affected millions of patient records. It is part of ongoing healthcare data incidents.
How was Hims & Hers customer data exposed?
ShinyHunters used MFA phishing on a support platform, exposing PII. Hims revealed the cyberattack involving stolen personal info.
What are the details of the Nike data breach lawsuit?
Nike faces a class action over a 1.4TB breach with late notice on customer data, including CCs. The Oregon case claims inadequate protection.
What is the average ransomware demand in healthcare?
Hackers demand $18.2M on average for healthcare ransomware, nearly six times higher than other industries. Recent surges include Brockton Hospital and Signature Healthcare attacks.
What did ExpressVPN discover about leaked data?
ExpressVPN found 3.7M leaked AI chatbot messages and recordings. This highlights risks in AI chat systems.
What other notable breaches occurred?
Marquis/SonicWall exposed 672k bank SSNs; OK Tax SSNs leaked; ShinyHunters hit Cisco. Settlements like LastPass $8.2M and Iowa AG vs Change are ongoing.
How are companies responding to these breaches?
Responses include data freezes, MFA enforcement, and settlements. Nike lawsuit and Conduent expanded breach notifications show accountability efforts.
ITRC 3,322 breaches (79% rise); CareCloud EHR Mar16 (millions); Hims PII (ShinyHunters MFA phish); Nike lawsuit (1.4TB CCs late notice); Marquis/SonicWall 672k bank SSNs; healthcare ransom $18.2M avg; ExpressVPN 3.7M AI chats; OK Tax SSNs; LiteLLM/Mercor; ShinyHunters Cisco etc. Drives freezes/MFA/settlements incl. Iowa AG vs Change.