Safeguard
Topic

Incident Analysis

In-depth guides and analysis on incident analysis from the Safeguard engineering team.

137 articles

Incident Analysis

Change Healthcare Breach: The Worst Healthcare Data Breach in U.S. History

In February 2024, a ransomware attack on Change Healthcare paralyzed the U.S. healthcare payment system for weeks and ultimately exposed the personal health data of over 100 million Americans, making it the largest healthcare data breach ever recorded.

Feb 21, 20247 min read
Incident Analysis

Change Healthcare Ransomware Attack: The Breach That Disrupted American Healthcare

The BlackCat/ALPHV ransomware attack on Change Healthcare caused the largest healthcare IT disruption in U.S. history, affecting pharmacies, hospitals, and insurance claims processing nationwide.

Feb 21, 20246 min read
Incident Analysis

Bank of America Breach via Infosys McCamish Exposes 57,000 Customers

In February 2024, Bank of America disclosed that a ransomware attack on its service provider Infosys McCamish Systems had compromised the personal and financial data of over 57,000 customers, highlighting the cascading risk of vendor supply chain attacks.

Feb 12, 20248 min read
Incident Analysis

AnyDesk Production Systems Compromised: Code Signing Certificates Stolen

AnyDesk confirmed a breach of their production systems in late January 2024, forcing revocation of code signing certificates and a mandatory password reset for all users.

Feb 2, 20245 min read
Incident Analysis

Cloudflare's Thanksgiving 2023 Breach: How Okta Credentials Led to a Nation-State Intrusion

Cloudflare disclosed that a nation-state actor used credentials stolen from the October 2023 Okta breach to access their Atlassian systems. Their transparent post-mortem set a new standard.

Feb 1, 20245 min read
Incident Analysis

Midnight Blizzard and the Microsoft Email Breach

Russia's SVR-linked Midnight Blizzard sat inside Microsoft's corporate email for weeks. Here is what the January 2024 disclosure revealed about identity supply chains.

Jan 25, 20245 min read
Incident Analysis

Trello API Scraping Exposes 15 Million User Accounts

In January 2024, a threat actor used an insecure Trello API endpoint to scrape and correlate email addresses with Trello account data for over 15 million users, then posted the dataset on a hacking forum.

Jan 22, 20247 min read
Incident Analysis

Microsoft Breached by Midnight Blizzard: Russian Hackers Read Executive Emails

In January 2024, Microsoft disclosed that the Russian state-sponsored group Midnight Blizzard had been reading emails of senior executives and security team members since November 2023, using a password spray attack against a legacy test account.

Jan 19, 20247 min read
Incident Analysis

VF Corporation Ransomware Attack Disrupts Vans, North Face, and Timberland

In December 2023, VF Corporation, parent company of Vans, The North Face, and Timberland, suffered a ransomware attack that disrupted order fulfillment and exposed personal data of 35.5 million customers during the critical holiday shopping season.

Dec 18, 20237 min read
Incident Analysis

Xfinity Breach via Citrix Bleed Exposes 35.9 Million Customers

In December 2023, Comcast's Xfinity division disclosed that attackers exploiting the Citrix Bleed vulnerability had accessed personal data of 35.9 million customers, including usernames, hashed passwords, and partial Social Security numbers.

Dec 18, 20237 min read
Incident Analysis

Norton Healthcare Ransomware Breach Exposes 2.5 Million Patient Records

In December 2023, Norton Healthcare disclosed that a May ransomware attack by the ALPHV/BlackCat group had compromised personal and medical data of 2.5 million patients, revealing the devastating impact of ransomware on healthcare.

Dec 8, 20238 min read
Incident Analysis

Dollar Tree Third-Party Breach Impacts Nearly 2 Million Employees

In November 2023, Dollar Tree disclosed that a breach at its third-party service provider Zeroed-In Technologies exposed the personal data of nearly 2 million current and former employees, highlighting the persistent risk of third-party supply chain compromises.

Nov 22, 20237 min read
Incident Analysis (Page 9) — Supply Chain Security Blog | Safeguard