What is the total number of incidents reported in the week between May 6, 2024, and May 13, 2024?

During the week between May 6, 2024, and May 13, 2024, there were a total of 25 incident/data breach events reported.

What was the largest data breach reported during the week of May 6, 2024?

The largest breach reported during the week was the Dell reports data breach, which allegedly exposed the data of 49 million customers.

What industries were most affected by data breaches in the week of May 6, 2024?

The healthcare industry was the most affected with 10 incidents, followed by the government sector with 6 incidents, and IT/software/technology with 3 incidents.

What were the main causes of data breaches reported in that week?

The main causes of data breaches included malware, ransomware and related attacks (6 incidents), system misconfiguration exploits (2 incidents), and unauthorized access (1 incident).

What were some of the critical vulnerabilities addressed during the week?

Some critical vulnerabilities addressed included a flaw in Apple's iTunes for Windows, vulnerabilities in Citrix Hypervisor and BIG-IP Next Central Manager, several issues in Golang, and a high-severity issue in Google Chrome.

Knowledge

State of (in)security - Week 19, 2024

published: May 13, 2024

Take action: Secure your APIs against scraping, track the number of requests and alert on unexpected jump in valid requests. Dell allowed 49 million users to be scraped through an API with a little bit of guessing.

Learn More

In the week between May 6, 2024, midnight and May 13, 2024, midnight we witnessed a total of:

10 advisory/vulnerability events
25 incident/data breach events

Week over Week comparison of week 19 2024 vs week 18 2024:

We also shared 1 practical knowledge items

Total impacted individuals via the events of the week

There were a total of 49,719,119 impacted individuals across 6 incidents, with the largest breach being the Dell reports data breach allegedly exposing 49 million customers incident exposing 49,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents

Cause	Number of incidents
Malware, Ransomware and Related Attacks	6
System Misconfiguration Exploits	2
Human bad security behaviour	1
Software Vulnerability and SDLC Exploits	1
Third Party Compromise	1
Unauthorized access	1

Industry breakdown of incidents

Industry	Number of incidents
Healthcare	10
Government	6
IT/Software/Technology	3
Finance	2
Retail	1
Non-profit/Charity	1
Other	1
Education	1

Read the Event Details of the Week

Knowledge

vulerability | Microsoft warns of security vulnerability impacting Android applications

Vulnerabilities

critical vulnerability | Apple released fix for critical flaw in Windows versions of iTunes
critical vulnerability | Citrix releases update for Citrix Hypervisor to remove vulnerable PuTTY SSH tooling
critical vulnerability | Email Subscribers by Icegram Express WP plugin vulnerable to SQL injection
critical vulnerability | F5 patches severe flaws in BIG-IP Next Central Manager
critical vulnerability | Golang team reports two vulnerabilities, one critical
critical vulnerability | Google fixes another actively exploited Chrome vulnerability, patch ASAP
critical vulnerability | Google releases Android May patches, one critical issue patched
critical vulnerability | IBM Patches critical flaw in Administration Runtime Expert for i
critical vulnerability | Tinyproxy critical vulnerability exposes over 50,000 servers to remote code execution
critical vulnerability | Ubuntu Linux fixes several FreeRDP vulnerabilities, at least one critical

Incidents

data breach | Australian company Iress reports unauthorized access to their GitHub repositories
data breach | UK Ministry of Defence reports data breach exposing over 250k armed forces members
data breach | Bluebonnet Trails Community Services reports data breach exposing over 76k people
data breach | Innovative Renal Care reports data breach
data breach | NSW Byron Shire Council reports data leak
data breach | Hong Kong fire department reports data leak due to third party supplier misconfiguration
data breach | Christie's website hacked before major sales events
data breach | Europol confirms portal hack, claims no operational data impacted
data breach | Continuum Health Alliance reports data breach exposing data of 377k patients
data breach | European Parliament reports data breach of its recruitment application
data breach | DocGo healthcare provider reports data breach
data breach | Palomar Health Medical Group is reporting potential cyberattack
data breach | Ascension health system hit by cyberattack, clinical operations disrupted
data breach | Zscaler shuts down supposed test environment after claims of breach
data breach | City of Wichita shuts down computer network after ransomware attack
data breach | Dell reports data breach allegedly exposing 49 million customers
data breach | Dental Group of Amarillo reports data breach exposing patient data
data breach | Citizen Watches Singapore customer data exposed in data breach
data breach | Florida based Centennial Bank reports data breach
data breach | Texas Panhandle Centers reports potential data breach
data breach | Winter Haven Hospital reports data breach caused by human error
data breach | Bridgeway Center reports data breach from February 2022
ransomware | Brandywine Realty Trust reports ransomware attack and data breach
ransomware | NRS Healthcare reports ransomware attack
ransomware | Washington Center for Deaf & Hard of Hearing Youth reports ransomware attack

Read More
State of (in)security - Week 39, 2023
State of (in)security - Week 12, 2026
State of (in)security - Week 49, 2024
State of (in)security - Week 14, 2024
State of (in)security - Week 18, 2025