Data breaches can affect a lot of people. Occasionally, news stories will emerge about data breaches where millions of people had their information compromised.

However, it is highly unlikely that every single user or customer had their data stolen in an incident. Organizations only send data breach notifications to those who were affected by a breach.

Even in cases where you do not receive a notification letter, if you know an entity you’ve engaged with fell victim to a data breach, you should still play it safe. Perhaps now is the time to update your password, and it doesn’t hurt to periodically check your accounts for fraudulent activity.

Practicing good cyber hygiene is always beneficial. By getting into a habit of doing so, you’ll be that much more prepared in the event your information gets caught up in a cyberattack.

In this week’s installment of the BlackCloak Thursday Threat Update, we’ll be covering a pair of recently disclosed data breaches.

 

Sensitive information exposed in Western Digital breach

What we know: Western Digital revealed it experienced a data breach. The company said it discovered unauthorized individuals gained access to its systems on March 26. Western Digital said in a release on the incident that cybercriminals gained access to a database it uses for its online store, and that exposed data points included customers’ names, billing and shipping addresses, email addresses and telephone numbers. Cybercriminals were also able to access hashed and salted passwords and partial credit card numbers. 

Recommendations: In its data breach notification letter sent to affected individuals, Western Digital recommends keeping an eye out for phishing emails or any other suspicious messages. Since phone numbers were exposed in the breach, cybercriminals may also send SMS text message phishing messages, a practice known as “smishing.” Even though passwords and credit card numbers were encrypted, it’s still a good idea to change your password and monitor your accounts for fraudulent activity. It is currently unknown how many customers were affected by the breach, but even if you do not receive a data breach notification letter, it is still a good idea to take these steps out of an abundance of caution.

 

NextGen Healthcare breach affects more than a million patients

What we know: NextGen Healthcare disclosed it experienced a data breach where more than a million patients had their information exposed. NextGen found the breach occurred between March 29 and April 14, 2023. Compromised data included patients’ names, dates of birth, address and Social Security numbers, however, the electronic health record software provider said there was no evidence any medical information was exposed. 

Recommendations: Due to the sensitive nature of the breach, it is a good idea to place a credit freeze and fraud alert on your accounts. In its data breach notification letter sent to the Office of the Maine Attorney General, NextGen will be offering data breach victims 24 months of free credit monitoring and identity theft protection. Anyone who wishes to enroll in the plan must do so before August 31.

 

Know what attacks may be coming your way

Cyber scams can be cleverly designed, but that doesn’t mean you cannot identify them. The key is knowing what to look for, and taking the proper steps to protect yourself.

 

Learn more about how “smishing” scams works, and how cybercriminals are leveraging artificial intelligence to conduct voice phishing attacks, or what is commonly known as “vishing.”