Sign Up
BlogNews16TH NOV 2023
AuthorSamir Yawar
3 min read
News

Samsung, Postmeds and PJ&A Data Breaches dominate headlines

Twitter
Facebook
WhatsApp
Email
LinkedIn
Feature image for a cybersecurity news roundup on November 17, 2023

This week, we were made aware of data breaches at Samsung, Postmeds, and PJ&A that affected millions of customers. The cyber attacks have stolen personal information belonging to users in the US and the UK.

We take a look at these cybersecurity incidents.

Cybersecurity News Roundup


1. Samsung notifies customers in UK of data breach
2. Pharmacy provider Postmeds loses customer data
3. PJ&A loses patient data after cyber attack

Samsung notifies customers in UK of data breach

South Korean electronics titan Samsung sent word earlier this week that it faced a data breach by an unauthorized individual.

The company states that customers of Samsung's UK online store who made purchases between July 1, 2019 to June 30, 2020 had their information exposed due to the breach.

The breach was discovered recently on Nov 13, 2023. The company says that it happened due to a hacker exploiting a vulnerability in a third-party app.

Screenshot of an email Samsung sent informing of a data breach
Samsung informs of data breach in an email | Source: Michael Valentine

Pharmacy provider Postmeds loses customer data

Pharmacy services provider Postmeds has notified customers of a data breach it faced recently.

Postmeds, which also does business as ‘TruePill’, says that it suffered unauthorized network access on August 31, 2023 by a threat actor.

Truepill is a B2B pharmacy platform that handles order fulfillment and delivery services for pharmaceutical products across the US, with operations based in all 50 states.

According to the letter sent by Postmeds to the U.S. Department of Health and Human Services Office for Civil Rights, the data breach impacted around 2,364,359 people.

Data that threat actors have potentially accessed include:

  • Full name

  • Medication type

  • Demographic information

  • Name of the prescribing physician

Many people were left bewildered after receiving a data breach notification from Postmeds. They were puzzled how a company they’d never heard of had their data.

Legal experts say that multiple class action lawsuits are being prepared against Postmeds for its failure to adhere to industry guidelines related to information security.

PJ&A loses patient data after cyber attack

Pharmaceutical giant PJ&A (Perry Johnson & Associates) also disclosed that it was the target of a cyber attack in March 2023. The company estimates that the personal data of almost nine million patients was compromised during the attack.

The company revealed that threat actors have access to the following information:

  • Full name

  • Date of birth

  • Medical record number

  • Hospital account number

  • Admission diagnosis

  • Date and time of service

  • Social Security numbers (SSNs)

  • Insurance information

  • Medical transcription files (lab and diagnostic test results)

  • Medication details

  • Treatment facility and healthcare provider names

Details of the cyber attack only became apparent after PJ&A started sending notices to impacted individuals on October 31, 2023.

A letter containing the details of the data breach at PJ&A
PJ&A informs customers their data is at risk | Source : BleepingComputer


Samir Yawar
Samir Yawar / Content Lead
Samir wants a world where people can instinctively whack online scams and feel accomplished without the need for psychic powers. As an ISC2 member, he is doing his bit to turn cybersecurity awareness training into a fun concept with simple, approachable and accessible content. Reach out to him at X @yawarsamir
a feature image about spear phishing vs phishing
Read NextSpear Phishing vs Phishing: How to Spot Targeted Attacks
Scams
FAQsFrequently Asked Questions
Information at risk in a data breach can include personal details (names, addresses, social security numbers), financial information (credit card numbers, bank account details), login credentials, medical records, and other sensitive data. The severity of the breach depends on the type and amount of information compromised.