Depending on who you ask, the holiday season has already begun. Millions will be shopping for gifts they will give to friends and family, and a large amount of purchases will be made online.

While this can be a happy occasion for many, unfortunately, cybercriminals are also very active during the holidays, as they hope to steal valuable personal information and money.

In fact, a study from Iris found 73% of respondents are concerned that their personal and financial data will be at risk during the holiday shopping season.

It’s why you should take the proper precautions when you buy online. Only shop with verified retailers and consider using a virtual payment card when making purchases. At the very least, use your credit card instead of debit. It is far easier to handle fraudulent transactions with a credit card company as opposed to a bank.

In this installment of the BlackCloak Thursday Threat Update, we will cover a pair of data breaches affecting a healthcare organization and a school district.


Cook County Health breach affects more than one million patients

What we know: Cook County Health disclosed it experienced a data breach affecting around 1.2 million patients. According to Perry Johnson & Associates, a company contracted to provide medical transcription services to the Illinois-based county, an unauthorized individual accessed its network between March 27th and May 2nd.  The compromised data included patients’ names, dates of birth, addresses, medical record numbers and other medical information. Around 2,600 patients had their Social Security numbers exposed in the breach.

Recommendations: Affected individuals were sent a data breach notification letter from Cook County Health. Anyone who received a letter should strongly consider placing a credit freeze and fraud alert on their accounts out of an abundance of caution, especially those who had their Social Security numbers exposed in the breach.


Cybercriminals steal information belonging to to Clark County School District

What we know: The Nevada-based Clark County School District confirmed personal data was stolen in a cyberattack. Cybercriminals have emailed parents, telling them the personal data belonging to their children has been leaked. The personal information involved in the breach includes students’ names, addresses and email addresses. 

Recommendations: In a statement on the breach, the school district told students and teachers to reset their passwords before they would be able to access Google Workspace. Parents should tell their children to be on the lookout for phishing emails that may be sent to the compromised email addresses. These emails may try to trick students, by eliciting an emotional response, into clicking malicious links and downloading attachments that may contain malware. 


Stay educated on threats and the tools to protect yourself

Everyone has a target on their back, as cybercriminals see everyone as a potential victim. It’s why you should always be aware of the different scams out there, as well as the tools you can deploy to protect yourself.

Learn how criminals are stealing passcodes to compromise victims’ financial security and the difference between a credit freeze and a fraud alert.