Incident Analysis
In-depth guides and analysis on incident analysis from the Safeguard engineering team.
137 articles
Change Healthcare Breach: The Worst Healthcare Data Breach in U.S. History
In February 2024, a ransomware attack on Change Healthcare paralyzed the U.S. healthcare payment system for weeks and ultimately exposed the personal health data of over 100 million Americans, making it the largest healthcare data breach ever recorded.
Change Healthcare Ransomware Attack: The Breach That Disrupted American Healthcare
The BlackCat/ALPHV ransomware attack on Change Healthcare caused the largest healthcare IT disruption in U.S. history, affecting pharmacies, hospitals, and insurance claims processing nationwide.
Bank of America Breach via Infosys McCamish Exposes 57,000 Customers
In February 2024, Bank of America disclosed that a ransomware attack on its service provider Infosys McCamish Systems had compromised the personal and financial data of over 57,000 customers, highlighting the cascading risk of vendor supply chain attacks.
AnyDesk Production Systems Compromised: Code Signing Certificates Stolen
AnyDesk confirmed a breach of their production systems in late January 2024, forcing revocation of code signing certificates and a mandatory password reset for all users.
Cloudflare's Thanksgiving 2023 Breach: How Okta Credentials Led to a Nation-State Intrusion
Cloudflare disclosed that a nation-state actor used credentials stolen from the October 2023 Okta breach to access their Atlassian systems. Their transparent post-mortem set a new standard.
Midnight Blizzard and the Microsoft Email Breach
Russia's SVR-linked Midnight Blizzard sat inside Microsoft's corporate email for weeks. Here is what the January 2024 disclosure revealed about identity supply chains.
Trello API Scraping Exposes 15 Million User Accounts
In January 2024, a threat actor used an insecure Trello API endpoint to scrape and correlate email addresses with Trello account data for over 15 million users, then posted the dataset on a hacking forum.
Microsoft Breached by Midnight Blizzard: Russian Hackers Read Executive Emails
In January 2024, Microsoft disclosed that the Russian state-sponsored group Midnight Blizzard had been reading emails of senior executives and security team members since November 2023, using a password spray attack against a legacy test account.
VF Corporation Ransomware Attack Disrupts Vans, North Face, and Timberland
In December 2023, VF Corporation, parent company of Vans, The North Face, and Timberland, suffered a ransomware attack that disrupted order fulfillment and exposed personal data of 35.5 million customers during the critical holiday shopping season.
Xfinity Breach via Citrix Bleed Exposes 35.9 Million Customers
In December 2023, Comcast's Xfinity division disclosed that attackers exploiting the Citrix Bleed vulnerability had accessed personal data of 35.9 million customers, including usernames, hashed passwords, and partial Social Security numbers.
Norton Healthcare Ransomware Breach Exposes 2.5 Million Patient Records
In December 2023, Norton Healthcare disclosed that a May ransomware attack by the ALPHV/BlackCat group had compromised personal and medical data of 2.5 million patients, revealing the devastating impact of ransomware on healthcare.
Dollar Tree Third-Party Breach Impacts Nearly 2 Million Employees
In November 2023, Dollar Tree disclosed that a breach at its third-party service provider Zeroed-In Technologies exposed the personal data of nearly 2 million current and former employees, highlighting the persistent risk of third-party supply chain compromises.