Breach

Included in the stolen data trove were individuals' names, birthdates, gender, phone numbers, email addresses, addresses, education details, and employment information.

Infiltration of the hospital's network earlier that month resulted in the compromise of files, one of which had individuals' names, birthdates, Social Security numbers, state ID or driver's license numbers, biometric details, financial account data, payment card information, medical data, health insurance policy details, and user credentials, reported investigators.

"Atos understands that external third-party infrastructure, unconnected to Atos, has been compromised by the group Space Bears. This infrastructure contained data mentioning the Atos company name, but is not managed nor secured by Atos," said the firm in a statement.

U.S. telecommunications companies Windstream, Consolidated Communications, and Charter Communications were reported by the Wall Street Journal to have also been compromised by Chinese state-backed threat group Salt Typhoon in a cyberespionage operation previously confirmed to have targeted nine telcos across the country.

Aside from deferring the delivery of breach notifications two months later, Visionworks also did not sufficiently defend its systems, resulting in the exfiltration of customers' names, birthdates, Social Security numbers, home and email addresses, financial details, and medical information, alleged the lawsuit.

Cybernews reports that MetLife was claimed to have been compromised by the RansomHub ransomware-as-a-service operation, which alleged the theft of 1 TB of data from the major global insurance company's systems. The insurance company, however, denied that its systems were compromised, saying an Ecuador-based subsidiary was impacted by a "cyber incident."

While Google Groups and LinkedIn reports noted the campaign to have commenced in early December, such an attack may have been tested since March as evidenced by command-and-control subdomains discovered by BleepingComputer.