The Dallas suburb noted in an online notice that the incident resulted in the compromise of names, addresses, Social Security numbers, credit card details, driver's license numbers, medical insurance data, and financial account details.
Aside from obtaining access to the Treasury Department's payment system for managing federal system, DOGE was also alleged by Office of Personnel Management employees of having installed an improperly vetted private server that could potentially compromise millions of federal workers' sensitive records.
Such a third-party breach not only led to the exposure of individuals' names, phone numbers, and email addresses, but also the exfiltration of some customers' partial credit card details and legacy systems' hashed credentials, said Grubhub in a statement.
Nearly 150 S3 buckets previously leveraged by cybersecurity firms, governments, Fortune 500 companies, and open source projects could be re-registered with the same AWS account name to facilitate executable and/or code injections in the deployment code/software update mechanism, according to an analysis from watchTowr Labs researchers.
Investigation into the incident completed in October revealed that only "limited" personal information had been compromised from affected individuals, who were informed and given complimentary identity protection services in December.
AEA confirmed being subjected to a cybersecurity incident that resulted in the exposure of information from 193,306 patients more than a month after the DragonForce ransomware operation took responsibility for the intrusion against the eye care provider, which was purported to lead to the theft of hundreds of gigabytes of data.
Aside from exploiting a pair of zero-day flaws in the VeraCore supply chain management software to facilitate systems and configuration files compromise and persistence, XE Group also moved to revive a webshell initially installed four years prior, according to a joint analysis by Intezer and Solis Security.
