Weekly Data Leaks Review (June 23 – June 30)
Weekly Data Leaks Review (June 23 – June 30)

Let’s take a look at a brief overview of data leaks from last week. In the spotlight: Department of Health and Human Services, MOVEit, Citi Trends, NDPC, TCRS, Roosevelt University, Sweetwater Union High School District, Medibank, USAA.

The Department of Health and Human Services is the latest entity to fall victim to a data breach through the MOVEit system, potentially compromising information of over 100,000 individuals. The breach occurred due to an exploited vulnerability in popular file-transfer software, as acknowledged by a representative on Thursday.

Citi Trends, Inc. has disclosed a data breach to the Montana Attorney General following an incident where an unauthorized entity accessed confidential employee data on the company’s IT network. The breach allowed the intruder to access sensitive customer information, including names, Social Security numbers, and financial account details.

The Nigeria Data Protection Commission (NDPC) is looking into potential data breaches involving three banks, Babcock University, Leadway Insurance, and other entities. Zenith, Fidelity, and Guarantee Trust Banks are among the suspected parties.

The Tennessee Consolidated Retirement System (TCRS) is alerting retirees and their beneficiaries to a data breach. The compromised data, which belonged to the MOVEit Transfer software operated by Pension Benefits Information (PBI), included personal information of the parties involved.

Roosevelt University (RU) notified the Maine Attorney General of a data breach where an unauthorized party accessed confidential information of current and prospective students. The breached information includes names, addresses, Social Security numbers, and driver’s license numbers from FAFSA applications.

A data breach occurred in the Sweetwater Union High School District in San Diego in February, with an unauthorized party gaining access to files containing personal information of an undetermined number of individuals. The compromised data included personal details of students, families, and current and former employees.

Medibank is set to hold a $250 million capital reserve following last October’s significant data breach as a penalty imposed by the APRA. The breach resulted in the theft of data belonging to 9.7 million customers.

San Antonio’s USAA, an insurance and financial services company, has reported a data breach with unauthorized individuals accessing personal information of a small fraction of its members. The breach impacted less than 0.15 percent of its more than 13 million members, which translates to approximately 19,000 affected individuals.