Blue Shield of California breach exposes health data of 4.7 million members via Google Analytics misconfiguration

Blue Shield of California has disclosed a major data breach that exposed the protected health information of 4.7 million members. The incident was caused by a misconfiguration of Google Analytics on certain Blue Shield websites, allowing sensitive member data to be shared with Google Ads between April 2021 and January 2024.

The data potentially exposed includes insurance details, location information, medical claim data, and search activity through Blue Shield’s “Find a Doctor” tool. The breach did not involve Social Security numbers, driver’s license details, or financial information. However, the organisation is urging affected members to monitor account activity and credit reports closely.

The breach was added to the U.S. Department of Health and Human Services breach portal this week. Blue Shield has not confirmed whether it will notify affected individuals directly or offer identity theft protection.

This marks the second major incident for the provider in under a year, following a ransomware attack via third-party vendor Connexure in 2024.

FBI: Cybercrime losses soar to $16.6 billion in 2024, driven by fraud and ransomware

Cybercriminals stole a record $16.6 billion in 2024, a 33% increase over the previous year, according to the FBI’s annual Internet Crime Complaint Center (IC3) report. IC3 received 859,532 complaints, with confirmed losses in 256,256 cases—averaging $19,372 per incident.

Older Americans were the hardest hit, with those over 60 reporting $4.8 billion in losses. However, the FBI cautions that the true scale of cybercrime is likely far higher, as many cases go unreported or undetected.

Ransomware continues to plague critical infrastructure, with complaints rising 9% year-on-year. Notably, reported ransomware losses only account for ransom payments, excluding business disruption, recovery costs, or third-party remediation.

The report also highlights a disturbing trend: scammers impersonating IC3 staff to re-target fraud victims. Since its launch, IC3 has logged over 9 million complaints, with an average of 2,000 received daily in recent years. The message from the FBI is clear. Cybercrime is intensifying.

Hackers exploit Google DKIM loophole to deliver convincing phishing emails

Hackers have exploited a clever DKIM replay flaw to deliver phishing emails that appear to come directly from Google’s own servers. The attack bypassed authentication checks by leveraging Google’s infrastructure and using the “sites.google.com” platform to host a fraudulent support portal designed to steal Google credentials.

The phishing emails, which passed DKIM checks and showed “no-reply@google.com” as the sender, were actually forwarded security alerts triggered via Google’s OAuth system. Ethereum Name Service developer Nick Johnson identified the scam after spotting that the alert linked to a fake login page, mimicking a real Google portal but hosted on an unusual subdomain.

Google has since acknowledged the issue and is working on a fix, but the attack underscores how even authenticated messages can be abused. A similar tactic was also recently seen targeting PayPal users. Security experts warn users to check URLs carefully—even if the message looks legitimate.

Marks & Spencer hit by cyberattack disrupting Click & Collect and contactless payments

Marks & Spencer (M&S) has confirmed a cyberattack disrupted store operations, including its Click & Collect service and contactless payments. The British retail giant, which employs over 64,000 staff across 1,400 stores, issued a statement via the London Stock Exchange, noting the incident prompted “minor, temporary changes” to store procedures to protect customers and business systems.

While stores, the website, and app remain operational, the attack has led to delays in online order collection and prompted an advisory for customers to wait for notification before visiting stores. Contactless payments are still unavailable in some locations, frustrating shoppers.

M&S said it’s working with cyber security experts to investigate and mitigate the attack and has notified the UK’s data watchdog and the National Cyber Security Centre.

No customer data is reported stolen, but the incident highlights the wider impact of cyberattacks on everyday services and retail operations. Recovery efforts remain ongoing.

Ransomware attacks hit two US healthcare providers, exposing data of 245,000+ patients

Two US healthcare organisations have disclosed major data breaches following ransomware attacks that compromised the personal and medical information of over 245,000 individuals.

Milwaukee-based Bell Ambulance reported a network intrusion discovered on 13 February 2025, with hackers gaining access to files containing names, dates of birth, Social Security numbers, medical records, and financial data. The Medusa ransomware group later claimed responsibility, stating it exfiltrated over 200GB of data. While Bell did not disclose figures, the US Department of Health and Human Services (HHS) listed the breach as affecting 114,000 people.

Meanwhile, Alabama Ophthalmology Associates confirmed on 10 April that a separate attack compromised patient data, including SSNs, licence details, and insurance records. The BianLian ransomware gang claimed responsibility. HHS reports the breach impacts more than 131,000 individuals.

These incidents add to over 700 healthcare data breaches in the US last year, affecting more than 180 million patient records.

Energy sector cyberattacks surge as utilities face growing threats

A new report from KnowBe4 highlights a dramatic increase in cyberattacks targeting the energy sector, particularly in Europe. As utilities embrace digital transformation and expand into renewables, they’re becoming prime targets for both cybercriminals and nation-state actors.

The research found that the average number of cyberattacks on energy companies more than doubled between 2020 and 2022. In 2023 alone, the sector reported three times more operational technology (OT) and industrial control system (ICS) cyber incidents than any other industry. Phishing was the leading attack vector, responsible for 34% of reported breaches.

In the UK, successful cyberattacks on utility companies soared by 586% from 2022 to 2023, exposing sensitive data and causing service disruption. Ransomware and phishing attacks are also driving significant revenue losses across the sector.

With threats mounting, 94% of energy companies are now turning to AI-powered cyber security tools to bolster defences.

Adyen confirms major DDoS cyberattack, disrupting payment services across Europe

Global payments provider Adyen confirmed a major DDoS cyberattack on 21 April 2025 that disrupted services across Europe. The attack began at 18:51 CEST and involved three waves of high-volume traffic targeting Adyen’s European data centres, resulting in intermittent outages for E-commerce and In-Person Payment services.

At its peak, the attack generated millions of requests per minute, causing transaction delays and failures. Core services impacted included Hosted Onboarding, the Transfer API, and checkout systems like Session Integrations and Pay by Link. The incident was resolved by 03:20 CEST on 22 April.

Adyen’s engineering team activated mitigation strategies, including traffic filtering and increased system capacity. The company has committed to transparency and a full post-incident review.

CTO Tom Adams said, “We regret the disruption and are taking steps to strengthen our defences.” As DDoS attacks become more complex, the incident underscores the urgency of protecting critical financial infrastructure.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.