It shouldn’t be a surprise to know that entities in every state experience data breaches. It also shouldn’t be a surprise to know that some states experience more data breaches than others.

Network Assured released a report detailing the 10 states that reported the most data breaches in 2022. Some of the states listed in the report are ones you’d expect. California, New York and Texas, reported the most breaches last year, which isn’t shocking when you consider how many people and businesses reside in those three states.

However, some smaller states, such as Maryland, also made the list. Even if you don’t live in one of the most populated regions of the country, you should still be prepared to receive a data breach notification letter at any time.

In this installment of the BlackCloak Thursday Threat Update, we’ll cover data breaches affecting a bank and an open-source media player application.


Kodi data breach affects 400K forum users

What we know: The user forum belonging to the open-source media player software application Kodi was breached, potentially affecting the more than 400,000 users who were members. Kodi said unauthorized individuals were able to steal the forum’s database by leveraging the credentials of an inactive staff member. Compromised data points included usernames, email addresses and encrypted passwords.

Recommendations: Even though the passwords were encrypted, Kodi said in its data breach announcement that users should treat them as compromised. Kodi shut down the forum following the breach, but if you use your Kodi password for other services, change them as soon as possible. Make sure the password is strong and completely unique. You should never reuse passwords under any circumstances. Additionally, as email addresses were stolen in the breach, be on the lookout for phishing emails that may come to your inbox.


Sensitive information exposed in Webster Bank breach

What we know: Webster Bank filed a data breach notice after learning of a third-party data breach where sensitive information was exposed. One of Webster Bank’s third party vendors, Guardian Analytics, conducted an investigation after identifying a data security incident that may have affected the bank’s customers. Guardian found unauthorized individuals were able to access its systems between November 27, 2022 and January 22, 2023. The unauthorized individuals were able to access customers’ names, Social Security numbers and financial information.

Recommendations: Due to the sensitive nature of the data exposed in this incident, it is highly recommended that you place a credit freeze and fraud alert on your accounts. Even if you do not receive a data breach notification letter from Webster Bank, you may want to do so out of an abundance of caution. It’s also a good idea to continuously monitor your accounts for any fraudulent activity. The sooner you identify the activity, the more likely it will be that you will be successful in stopping cybercriminals from doing further damage.


Education and action are key

Data breaches and cyber scams could come to your doorstep at any time. It’s why you should always stay on top of the latest cyberattacks, and take the steps necessary to protect your data wherever it’s stored.

Learn how to create strong, unique passwords to protect your accounts, and how cybercriminals are leveraging artificial intelligence in their latest “vishing” schemes.