Connecticut College (CC) is a private campus institution in New London, CT; initially opened as a women’s college, the institution today serves a 2k-student population and offers more than 40 degree programs. In March 2023, cybercriminals victimized CC by accessing their network environment. Eleven months later, CC officials have begun sending impact notices to those with data exposed in the incident.

Perry Johnson & Associates (PJ&A) is a medical transcription organization based in Nevada. Since the public learned about PJ&A’s breach, we have featured it whenever large healthcare networks have announced data breaches stemming from their incident and when officials present updates. This week, more information is public about the incident, through the Maine Attorney General’s Office.

U.S. Renal Care (Renal) is a 32-state, 400-location, 26k-patient healthcare provider primarily concerned with kidney disease and longevity; Renal offers in-facility and at-home dialysis solutions. Renal’s significant treatment network is made possible by various third-party vendors, from equipment solutions to transcription services.

The Bayer Heritage Federal Credit Union has headquarters in West Virginia. Like other unions, they offer various services that assist members in saving and investing no matter their life phase. Bayer’s products include financial accounts, IRAs, investment options, and many loans, from estate to student. At the end of October 2023, Bayer reportedly experienced a cyberattack; the breach lasted only a day but exposed the Social Security Numbers (SSNs) of 61,159 borrowers.

This week, around 643k data records were announced as lost in the cyber wars. Early on, the public learned of HopSkipDrive’s event, which impacted 155k student guardians. The most significant breach of this week, with an impact figure of over 307k, also occurred early in the week; the Des Moines Orthopaedic Surgeon clinic claimed the incident was due to a vendor’s failure.

Verizon is a top-performing communications organization with clients and influence worldwide. They offer various electronic services, including physical technology, Internet services, entertainment programs, communications plans, etc. They enjoy a user base of nearly 145 million people in the US, making them the largest telecoms operator in the states. Verizon recently announced a breach in mid-September 2023; however, the event was not from an external threat actor—it came from an employee.

Infosys McCamish Systems (IMS) is a subsidiary of Infosys, a global outsourcing organization. IMS is primarily concerned with delivering life insurance and retirement solutions for clients of Infosys. Among those who use IMS’ services are nationwide organizations, including Bank of America. In November 2023, IMS was made aware of a cyberattack on their systems; the attack disrupted some of IMS’ applications and compromised the information of 57,028 people.

Des Moines Orthopaedic Surgeons, P.C. (DMOS) has three clinics throughout Iowa’s capital; they offer comprehensive solutions for ortho-care, from joints to extremities and MRI imaging to outpatient surgery. DMOS utilizes a variety of third-party vendors to serve their patients and the surrounding regions; almost a year ago, DMOS experienced a cybersecurity event through one of these vendors. The unauthorized actors broke into their system and compromised the information of 307,864 individuals.

Bankers Life and Casualty Company (Bankers) is a nationwide retirement solutions provider. Their services assist members in maintaining and stretching their retirement income, paying for health and treatment programs, finding excellent retirement care, and assisting families with final expenses. There are over 3,800 Bankers agents throughout the US, with most states having one or more physical branches.

HopSkipDrive is an education solution that assists guardians with their unique transportation needs; from planning bus logistics to utilizing live ride-share options, HopSkipDrive is a family’s best resource for education transportation. In July 2023, HopSkipDrive received an email from an unknown actor, allegedly claiming that assailants exfiltrated information during a cyber attack.