Recent data breach incidents at Dropbox, 23andMe, other companies affect individuals in U.S. and worldwide

Recent data breaches overview: 

• Who: A data breach involving 26 billion records and a number of companies is just one of many recent data breaches involving companies such as Microsoft, Dropbox, Twitter, Hershey and 23andMe, among others. 
• Why: The data breaches exposed company information and/or the private and personally identifiable information of consumers and/or employees.
• Where: Recent data breaches have impacted consumers and/or companies and their employees nationwide. 

A recent data breach that led to a leak of more than 26 billion records belonging to companies around the world is just one of many recent data breaches across the United States. 

The major data breach includes about 20 companies with at least 100 million of their records leaked, including Tencent, a Chinese instant messaging app, Venmo, Canva, LinkedIn, X and Adobe.

The breach also affected various government organizations in the United States, Germany, Brazil and others, according to TechRadar. 

Other recent data breaches include 23andMe, Microsoft, Delta Dental of California, Hershey and VF Corp. 

Vans, North Face owner discloses data breach 

Last month, the owner of Vans and The North Face disclosed in a regulatory filing with the U.S. Securities and Exchange Commission that it suffered a data breach that exposed the private information of more than 3.5 million customers. 

VF Corp. did not disclose what information was exposed in the data breach or who it believed was behind it; however, the ransomware and extortion gang ALPHV reportedly took responsibility. 

The company notes it stores customers’ Social Security numbers, bank account info and payment card information but found no evidence any password information was stolen. 

23andMe blames October 2023 data breach on users

23andMe, which confirmed it suffered a data breach in December,  reportedly sent a letter to hundreds of breach victims last month blaming them for the incident. 

23andMe argued those impacted by the data breach were responsible for the incident because of their alleged failure to update their passwords for the genetic testing service, according to TechCrunch. It maintained the data breach was not a result of inadequate security measures on the company’s part. 

The 23andMe data breach occurred in Oct. 2023 and affected more than 6.9 million users, including about 5.5 million DNA Relative profile files and approximately 1.4 million Family Tree profiles. 

Microsoft says cyberattack exposed some corporate email accounts 

In January, Microsoft disclosed it was the victim of a cyberattack it claims Midnight Blizzard, a Russian state-sponsored hacking group, conducted. 

Midnight Blizzard,  which is also known as Nobelium, accessed some of Microsoft’s corporate email accounts, including ones belonging to senior leadership and cybersecurity and legal team members, according to a Microsoft blog post. 

The incident was not caused by a vulnerability but rather a password spray attack that compromised a legacy nonproduction test tenant account, Microsoft says. 

7M Delta Dental of California patients affected by data breach

In December, Delta Dental of California and its affiliates warned patients they may have been affected by a May 2023 data breach. 

The dental insurance provider claims the data breach is the result of a cyberattack on Progress Software’s MOVEit file transfer system. It says an investigation determined a threat actor improperly accessed the information between May 27-30, 2023. 

Delta Dental says a follow-up investigation found the data breach affected nearly 7 million customers and exposed names, financial account numbers, credit and debit card numbers and security codes. 

2,000+ employees affected by Hershey data breach

In a Dec. filing with the Office of the Maine Attorney General, Hershey disclosed it suffered a data breach that  may have exposed the personal information of more than 2,000 individuals with company email addresses. 

The confectionery company says the data breach was the result of a phishing campaign that may have exposed personal information such as names, birthdates and financial, health and medical information, among other things. 

Hershey says it found no evidence any of the potentially exposed information has been misused.

Have you been affected by a recent data breach? Let us know in the comments.

Read About More Class Action Lawsuits & Class Action Settlements:

• Judge rules TikTok biometric privacy class action settlement does not resolve newer in-app browser claims
• National Debt Relief class action claims website captures users’ IP address
• Bath Fitter class action alleges company made unsolicited telemarketing phone calls
• Class certified in Google app tracking lawsuit