We continue with the worst handled data breaches of 2022:
Advanced, NH provider
Advanced, an IT service provider to Britain's National Health Service, confirmed in October that attackers had stolen data from its systems during a ransomware attack in August. The incident knocked out several of the organization's services, including its Adastra patient management system, which helps non-emergency call managers dispatch ambulances and doctors access patient records, and Carenotes, used by mental health centers to obtain information about patients.
Although Advanced reported that its incident response teams - Microsoft and Mandiant - had identified LockBit 3.0 as the malware used in the attack, the company declined to say whether patient data had been accessed. The company admitted that "some data" belonging to more than a dozen NHS bodies was "copied and leaked" but declined to say how many patients were potentially affected or what kind of data was stolen.
Twilio
In October, the US messaging giant Twilio confirmed that it had suffered a second breach that allowed cybercriminals to access its customers' contact information. News of the breach, which was carried out by the same "0ktapus" hackers who compromised Twilio in August, was buried in an update to a lengthy incident report and contained few details about the nature of the breach and the impact on users. customers.
Twilio spokeswoman Laurelle Remzi declined to confirm the number of customers affected by the June breach or share a copy of the notice the company claims to have sent to those affected. Remzi also declined to explain why it took Twilio four months to make the incident public.
Rackspace
The enterprise cloud computing giant Rackspace suffered a ransomware attack on December 2, leaving thousands of customers around the world without access to their data, including archived emails, contacts, and calendars. Rackspace received widespread criticism for its response, as it said little about the incident or its efforts to restore data.
In one of the company's first updates, posted on Dec. 6, Rackspace said it had yet to determine "what, if any, data was affected," adding that if sensitive information was affected, "would notify customers as appropriate." We are at the end of December and customers still do not know if their sensitive information has been stolen.
LastPass
And last but not least: LastPass, the embattled giant of password managers, confirmed three days before Christmas that hackers had stolen the keys to its kingdom and stolen the encrypted passwords of its clients weeks before. The breach couldn't be more detrimental to LastPass' 33 million customers, whose encrypted password vaults are only as secure as the customers' master passwords used to lock them.
However, LastPass' handling of the breach drew a swift rebuke and fierce criticism from the security community, not least because LastPass claimed there was no action customers could take. However, based on a scrutinized read of its data breach notice, LastPass knew that customers' encrypted passwords may have been stolen as early as November, after the company confirmed that their cloud storage had been accessed using a set of employee cloud storage keys stolen during a previous breach in August, but not revoked by the company.
LastPass is entirely to blame for the leak, but its management was egregiously incorrect. Will the company survive? Maybe yes. But with its atrocious handling of data breaches, LastPass has sealed its reputation.
