Menu
This week, Brightline, a pediatric mental health provider released a data notice warning patients that it suffered a data breach impacting 783,606 people following a cyberattack by the Cl0p ransomware gang. It is believed that the ransomware gang used a zero-day vulnerability (CVE-2023-0669) in its Fortra GoAnywhere MFT secure file-sharing platform to steal the data from 130 organisations including Brightline. The incident has resulted in a major impact for Brightline due to its extensive partnerships with healthcare institutes and companies in the U.S. including Nintendo of America Inc., Harvard University, Stanford University, and Boston Children’s Hospital.
Brightline has stated they took immediate action to investigate the incident and have implemented additional security measures. Brightline has offered all impacted individuals two years of complimentary identity theft and credit monitoring services via Cyberscout. Brightline’s internal investigation has revealed that the data stolen by the Cl0p ransomware gang included the following personal information:
The cyberattack was confirmed by the Cl0p ransomware gang when they listed Brightline on their data leak site on Thursday 16th of March 2023. However, following media attention to this incident, the Cl0p ransomware gang has contacted the BleepingComputer news site to say they deleted Brightline’s data from their data leak site.
NCSC Threat Reports Feed© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.
