Data of 2.47 Million Individuals Exposed in Enzo Biochem Ransomware Attack - 1

Data of 2.47 Million Individuals Exposed in Enzo Biochem Ransomware Attack

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

In a recent Form 8-K filing with the US Securities and Exchange Commission (SEC), Enzo Biochem revealed that clinical test information of nearly 2.4 Million individuals was compromised in the April 2023 ransomware attack.

Enzo Biochem is a US-based medical sciences company that specializes in producing and marketing DNA-based tests to detect infectious and transmissible diseases.

The cyberattack prompted the company to launch an immediate investigation which revealed that around 2,470,000 individuals’ clinical test data was accessed and exfiltrated by unknown threat actors. The investigation which was carried out with the help of external cybersecurity experts revealed that compromised information included individuals’ names, test information, and in some instances their Social Security numbers (around 600,000).

In the SEC filing, the company also revealed that it’s trying to determine whether employees’ information was also a part of this breach. If any such discovery is made, Enzo will notify the impacted individuals and concerned regulatory authorities.

Adhering to its disaster recovery plan, Enzo Biochem also deployed containment measures, including disconnecting affected systems from the internet and notifying appropriate law authorities. These measures helped the company avoid disruption in business operations and enabled continuous delivery of services to its patients and partners.

However, the company stated that it has incurred and is expecting more expenses in relation to this cyberattack. ‘’certain expenses related to this attack, including expenses to respond to, remediate and investigate this matter,’’ noted Enzo Biochem.

Moreover, the attack and data breach has also exposed the company to certain risks and uncertainties, and in days to come, it is expecting increased scrutiny from regulatory authorities.

In recent months the healthcare industry has been witnessing a spate of ransomware attacks, resulting in the theft of sensitive personal and financial information. Just last week US-based MCNA revealed that its network had been compromised and personal data of 8.9 Million customers were stolen in the data breach incident.

Toyota Discloses Another Data Breach Involving Customers in Asia and Oceania - 2

Toyota Discloses Another Data Breach Involving Customers in Asia and Oceania

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

In a statement released this week, Toyota announced discovery of another data breach exposing sensitive information of customers in Asia and Oceania (excluding Japan). The discovery was uncovered in wake of its ongoing investigation into the May 12 data leak incident which left several Japanese customers data at risk.

According to the automaker, this breach was also a result of database misconfiguration of its cloud environment which are managed by TOYOTA Connected Corporation (TC). The cloud service company features a subscription model which allows Toyota customers to use internet in cars to access audio, multimedia, location services and emergency assistance.

The customer and vehicle information which was publicly available could be accessed by anyone who knew where to search. ‘’Vehicle registration number, vehicle ID, customer name, email ID, address, and phone number of customers in some countries in Asia and Oceania (Japan is not included) was exposed between October 2016 – May 2023,’’ said the notification.

The company said that this incident was the result of insufficient dissemination and enforcement of data handling rules. To avoid recurrence, on an ongoing basis, checks and maintenance of cloud environments are being conducted.

Additionally, the company would be investing in the training and education of TC employees regarding data handling rules to ensure safety of customer information.

In its statement, the company also issued an apology to all the affected customers and assured that no third-party had accessed the data nor any copy of it was found on the internet. However, at present the company could not confirm if vehicle location and credit card information was also a part of the leak.

This notification comes right after an earlier statement released by the company in May this year about the exposure of 1.15 million Japanese customers’ data.