A trio of companies disclosed data breaches this week affecting approximately 3.7 million customers and employees across North America.
Insurance biz Allianz Life confirmed the largest incident. It previously revealed data belonging to approximately 1.4 million customers was hit during a break-in at an unnamed third-party CRM provider.
It has now told the Maine Attorney General's Office that 1,497,036 people, to be exact, may have had their names, addresses, dates of birth, and Social Security numbers plundered.
The attackers accessed the data of the insurer's customers, staff, and financial professionals, it said in the letter sent to those affected.
Allianz is joined by Canadian airline WestJet, which on Monday confirmed similar findings after its investigation into a June attack allegedly orchestrated by Scattered Spider.
The airline's cyberattack led to interruptions affecting its online services and mobile app, and at the time it encouraged staff and customers to "exercise additional caution."
WestJet's filing in Maine confirmed 1.2 million American's data was exposed.
The information involved in data thefts almost always varies from victim to victim, and WestJet reiterated that point in its public statement.
It said the data could include names, contact details, information and documents provided in connection with their reservation and travel, and data regarding victims' relationship with WestJet.
"Importantly, credit card or debit card numbers, expiry dates and CVV numbers, and guest user passwords, were not compromised, and our systems are fully secure," WestJet added in a letter to customers and staff.
"At no time was the safety and integrity of our operations ever in question."
- Schools are swotting up on security yet still flunk recovery when cyberattacks strike
- Fake North Korean IT workers sneaking into healthcare, finance, and AI
- Google bolts AI into Drive to catch ransomware, but crooks not shaking yet
- Asahi runs dry as online attackers take down Japanese brewer
WestJet said its investigation into the widely reported attack ended on September 15, and it began notifying affected individuals soon after.
While the airline was figuring out the damage, another US tech company was battling a ransomware attack that saw criminals make off with over a quarter-million people's records.
Ohio-based Motility Software Solutions, which builds software for dealerships specializing in recreational vehicles (RVs) and powersports vehicles, did its best to avoid the R word.
According to its filing in Maine: "An investigation determined that an unauthorized actor deployed malware that encrypted a portion of our systems. Although the malware primarily restricted our access to internal data, the forensic evidence suggests that, before encryption, the actor may have removed limited files containing customers' personal data."
Again, the affected data varies among the 766,670 victims, but could include full names, home and email addresses, telephone numbers, dates of birth, SSNs, and driver's license numbers.
It said it is not aware of any evidence that the data has been misused at this time, and couldn't find any trace of its data on the most active ransomware group leak sites either.
All three businesses offered identity protection and credit monitoring services – Allianz Life and WestJet two years of coverage, Motility 12 months. ®