The mother of all breaches (MOAB). That’s how security experts are referring to the recent discovery of a massive database that is composed of data from thousands of previous breaches, leaks, and private data databases.

Deli Management, Inc. does business as Jason’s Deli. It is an organization with over 250 deli shops located in 28 states. Since 1976, Jason’s Deli has been a popular solution for sandwiches and soups in the south and mid-eastern US. They offer various options for individuals and catering, including a rewards program called “Deli Dollars” and a website from which users can create an account and order food.

The discovery of what has been dubbed the Mother of all Data Breaches (MOAB), reportedly containing 12TB or 26 billion records representing 3,800 separate data breaches, should remind everyone of the need to maintain strong passwords and change default credentials.

It’s January, and 2024 is already seeing two major security announcements with wide-scale implications for security teams. While these announcements may seem disconnected at first, they highlight the continued importance of good password hygiene, and ensuring that employees are protecting themselves online inside and outside of the workplace.

The Columbus Regional Healthcare System (CRHS) spans ten counties in southeastern Indiana. The network includes over 2,400 employees, 200 physicians, and many volunteers. CRHS offers emergency and surgical solutions, primary and specialty care programs, and endless inpatient and outpatient service options. CRHS recently notified the Maine Attorney General’s Office of a breach within their systems; the event happened in May 2023—and has potentially compromised the data of 132,887 individuals.

Based in Irvine, California, LoanDepot is a nationwide mortgage lender. Their solutions assist homeowners in purchasing land and obtaining reasonable equity costs. They are licensed in 50 states and, in 14 years, have become the most significant nonbanking lender in the US. In the second week of January, we featured a piece on LoanDepot; at the time, they were in the throes of a cyber skirmish, fighting for control of their discombobulated systems.

The cost of a data breach continues to rise every year as new attack methods, new vulnerabilities, and new risks appear. According to IBM’s Cost of a Data Breach Report 2023, the average cost of a data breach in 2023 was USD $4.45 million, a 2.3% increase from 2022’s cost of $4.35 million.

In a Friday regulatory filing, Microsoft has reported that its corporate email accounts were compromised by a Russian state-sponsored hacking group known as Midnight Blizzard, also identified as Nobelium or APT29. Microsoft's disclosure aligns with new U.S. requirements for reporting cybersecurity incidents. The attack was detected on January 12th, 2024, but it appears to have started in November 2023.

Kansas State University (K-State) is below Tuttle Creek Lake in northeast Kansas. The university serves 20,000 students, employs a complex faculty of emeritus, postdocs, and graduates, and offers over 50 programs. On Tuesday (January 16th, 2024), K-State published a statement concerning the disruption of some of its services; hours later, a preliminary investigation determined the cause of the disruptions came from a cybersecurity event.

This week was slow in the cybersecurity breach world; a combined 775k records got exposed stemming from two health centers (Singing River Health and Harris Center for Mental Health and IDD) and a nationwide mortgage lender (Academy Mortgage Corporation); a communications security solution (Egress) released a risk report urging action of business leaders; and Kansas State University suffered widespread disruptions, potentially compromising the sensitive data of their students and faculty.