Blood donation company reveals personal data of donors stolen in cyber attack
- OneBlood was hit by a cyber attack in July 2024 and has now completed its investigation
- The analysis revealed that OneBlood lost sensitive information about some customers
- Names and social security numbers are among the details included
OneBlood, a medical nonprofit critical to the operations of healthcare companies in the southeastern US, has confirmed it has lost sensitive donor information in a ransomware attack.
In July 2024, OneBlood was hit by an attack that caused an IT system outage and led to 250 hospitals activating critical blood shortage protocols.
The move disrupted services in several US states, with the organization operating at a ‘significantly reduced capacity’. This meant that while OneBlood continued to collect, test and distribute blood, it had to return to the manual labeling process, which significantly slowed down the work. The attack also meant operations and treatments were affected in several states as OneBlood looked to get back up to speed.
Names and SSNs
Now, BleepingComputer has published a data breach notification letter that OneBlood has reportedly started sending to affected individuals, detailing what happened and what kind of information the attackers compromised.
“On or about July 28, 2024, OneBlood became aware of suspicious activity within its network,” the letter said. “Our investigation has shown that between July 14 and 29, 2024, certain files and folders were copied from our network without permission. On or about December 12, 2024, we completed our review and determined that the affected files contained your information.”
The company said the thieves stole people’s names and Social Security Numbers (SSN), but because organizations typically collect much more information than this (such as mailing addresses, email addresses, phone numbers, demographics, health information and more), hackers managed to steal it of “some” names and social security numbers can be seen as a bright spot.
Yet even this is enough to get involved in phishing, identity theft and other forms of cybercrime. We don’t know exactly how many people were affected by the incident, but it’s best to invest in some identity theft protection tools.
While there is no evidence that the data is being misused in the wild, OneBlood is offering affected individuals free credit monitoring services for a year. Users have until April 9 to activate the service, it added, stressing that they should also closely monitor their bank statements for suspicious transactions.
Via BleepingComputer