Breach

Information compromised in the breach included not only names, birthdates, email addresses, and phone numbers, but also Social Security numbers, driver's licenses, taxpayer IDs, payment details, and health and health insurance and billing data, according to a filing with the Office of the Maine Attorney General.

Unauthorized access to the database prompted the exfiltration of recruitment-related information from April 2016 to July 2024, including applicants' names, birthdates, email addresses, and employment history, but not their financial details, passports, credentials, and uploaded documents.

Additional details regarding the incident, which was initially reported by independent tech news outlet 404media, remain uncertain but cybersecurity researchers John Hammond of Huntress and Marley Smith of RedSense have confirmed the veracity of the nearly 1.4 GB of data exposed by the threat actor on the XSS website.

Infiltration of PowerSchool's PowerSource customer support portal via stolen credentials enabled threat actors to access a maintenance access tool enabling entry to SIS instances and the eventual exfiltration of data such as names and addresses, as well as personally identifiable information, Social Security numbers, medical details, and grades, according to PowerSchool.

Nearly 6,500 of the impacted individuals were the company's employees, who had their names, birthdates, email addresses, taxpayer ID numbers, and HQ system account details, stolen as a result of the attack, according to Casio.

Infiltration of the third-party-managed Pro Shop website from Sep. 23 and 24 and Oct. 3 to 23 enabled the exfiltration of individuals' names, email addresses, and billing and shipping addresses, as well as their credit card types, numbers, verification numbers, and expiry dates, said Green Bay Packers in a data breach notice.

Aside from failing to address cybersecurity vulnerabilities in its systems that could have prevented the sweeping data breach, T-Mobile also improperly informed impacted individuals regarding the extent of the incident, according to Washington State Attorney General Bob Ferguson.

Infiltration of PSA's payroll records through the exploitation of a flaw in the systems of its payroll processor Banco Nacion also enabled yet-to-be-identified attackers to conduct fraudulent salary deductions ranging from $100 to $245, local media outlets reported.