Just last week, we announced that cybercrime will get worse this year. Now, less than a week into 2018, it’s safe to say our prediction is coming true.

Here are four more data breach announcements to be aware of:

U.S. Department of Homeland Security (DHS)

The DHS has confirmed a data breach involving the personally identifiable information of over 240,000 former and current DHS workers. Sources indicate that the data was discovered to be in the possession of a former DHS Office of Inspector General (OIG) employee. The individual’s identity was not disclosed, and details about the breach are still murky. We do know, however, that the individual was able to access names, Social Security numbers, positions, grades, dates of birth and duty stations. What’s more, the individual risked exposing a trove of investigative data. The data breach was discovered last May, but due to the complexity of the investigation it was just recently announced.

Forever 21

Forever 21 has issued a press release announcing a data breach that happened at several of its point-of-sale (POS) terminals. Hackers were able to successfully lift customers’ credit card numbers, internal verification codes and expiration dates. Attacks were carried out between April and November 2017, following the installation of malware on certain POS devices. The malware compromised the POS systems’ encryption technology.

SSM Health

St. Louis, Missouri’s SSM Health has announced a possible data breach after an unauthorized employee gained access to patient records. The employee was able to access records between February 13, 2017 and October 20, 2017.

“It appears that although the former employee accessed patient information from multiple states, the focus of his illegal activities involved the medical records of a small number of patients with a controlled substance prescription and a primary care physician within the St. Louis area,” SSM Health stated. “Out of an abundance of caution, SSM Health is notifying all 29,000 patients whose records were accessed by this individual, even if the access may have been for legitimate job functions.”

Altogether, 29,000 people may have been impacted.

Oregon State Accident Insurance Fund Corp.

The personal information of more than 1,750 people may have been exposed by a data breach at Oregon’s State Accident Insurance Fund Corp.

Hackers were able to gain access to individual names and Social Security numbers after someone gained access to an SAIF email account by phishing. The account contained emails that had personal data on employees for six companies who receive insurance from the agency.

The organization has since notified those who may have been impacted. So far, no cases of identity theft have been reported.

Here are some of the areas all organizations looking to promote a cybersecurity culture need to focus on.

1.    Cybersecurity training must be done regularly.

2.    Auditing and documentation must be performed regularly to ensure systems are secure.

3.    Anomaly detection should be running constantly to detect threats as they emerge.

4.    Penetration testing shows if systems can easily be reached from the outside. Here is a case where this test might have saved two company’s’ reputations from being destroyed.

5.    Network forensics for when a breach eventually occurs. The bad guys always seem to get in eventually.

6.    An action plan to follow when a breach does occur. Once it happens, few will have the clear heads needed to “wing it” correctly. Equifax botched it’s response in what is being called a PR catastrophe.

To ensure your organization is safe – even if you have internal IT, hire an experienced MSP or MSSP like Apex Technology Services.