Welcome to the ORGYLE Threat Roundup for September 2024, a monthly report designed to keep you informed about the most critical cybersecurity threats and incidents impacting organizations worldwide. This report offers a detailed overview of the latest trends, emerging threats, and key vulnerabilities identified over the past month.

The cybersecurity landscape in September 2024 was marked by several high-profile data breaches across multiple sectors, including finance, healthcare, technology, retail, and automotive industries. The attacks ranged from exploits in decentralized finance platforms and massive personal data leaks to ransomware impacting healthcare systems. Notably, a breach of the Centers for Medicare & Medicaid Services (CMS) compromised the data of over 3 million people, and a background check firm, MC2 Data, exposed the personal information of 100 million Americans. Major companies such as Dell, Oracle, Toyota, and Avis also faced significant security challenges. These incidents highlight the ongoing risks to both organizations and individuals, emphasizing the need for robust cybersecurity measures.

FINANCE SECTOR:

9/16/2024

  • DeltaPrime on ARB Chain Suffers Security Breach, $6 Million Loss Estimated.
    DeltaPrime, a decentralized finance platform on the Arbitrum chain, experienced a significant breach due to a private key exploit. This led to an estimated loss of $6 million​(BleepingComputer).

09/09/2024

  • Payment Gateway SLIM CD Data Breach: 1.7 Million Users Impacted
    SLIM CD, a payment gateway platform, was hit by a massive data breach that occurred between August 2023 and June 2024. The breach compromised the personal and financial information of over 1.7 million users​(BleepingComputer).

 

HEALTHCARE SECTOR:

09/24/2024

  • CMS Data Breach Impacts 3.1 Million People
    The Centers for Medicare & Medicaid Services (CMS) confirmed that 3.1 million beneficiaries were affected by a ransomware attack. The breach exposed sensitive health and personal data​(BleepingComputer).

09/04/2024

  • Multiple Californian Healthcare Providers Report Data Breaches
    Healthcare providers, including Vasinda’s Around the Clock Care, Baker Places, and others, disclosed breaches involving unauthorized access to patient data. Affected individuals have been notified​(BleepingComputer).

 

TECHNOLOGY SECTOR:

09/24/2024

  • MC2 Data Breach Exposes Information of 100 Million Americans
    Background check firm MC2 Data suffered a major breach, exposing 2.2TB of data, which contained personal information of nearly one-third of the U.S. population​(Horizon3.ai).

09/23/2024

  • Hackers Allegedly Claim Leak of Oracle Data
    Hackers claimed to have leaked data from Oracle on a hacking forum, involving 4,002 rows of employee information. Oracle has yet to confirm or deny these claims​(BleepingComputer).

09/22/2024

  • Second Dell Data Breach in One Week
    Dell faced a second data breach within a week, allegedly caused by vulnerabilities in the Atlassian software suite. Sensitive internal files were leaked, and Dell is investigating​(BleepingComputer).

09/17/2024

  • Fortinet Breach in Third-Party Cloud System
    Cybersecurity firm Fortinet disclosed a breach that exposed files stored in a third-party cloud-based file-sharing system. Less than 0.3% of Fortinet’s customer data was affected​(Splunk Security Content).

 

RETAIL SECTOR:

09/18/2024

  • Temu Denies Data Breach Amid Claims of Hacker Leaks
    E-commerce giant Temu denied claims of a data breach involving 87 million customer records. A hacker provided a sample of the leaked data, but Temu continues to deny the incident​(Splunk Security Content).

 

AUTOMOTIVE SECTOR:

09/15/2024

  • Toyota Data Breach Exposes 240GB of Customer Information
    A hacker leaked 240GB of customer data, allegedly stolen from a third-party misrepresented as Toyota. Toyota has acknowledged the breach but claims it was not directly their systems that were compromised​(BleepingComputer)​(Splunk Security Content).

09/06/2024

  • Avis Data Breach Affects 299,000 Customers
    Car rental company Avis disclosed a data breach that impacted over 299,000 customers. The breach resulted in the exposure of personal information​(BleepingComputer).