Castlight Health, Inc.

On June 22, 2020, Castlight Health, Inc. suffered a data breach resulting from an automated cyber attack. The incident compromised the personal information of 55 individuals, exposing sensitive details such as names, passwords, health records, and insurance data. The breach posed significant risks to the affected individuals, including potential identity theft, financial fraud, and unauthorized access to medical histories. The company issued written notifications to the impacted parties on July 22, 2020, nearly a month after the attack occurred. The exposed health and insurance information heightens the severity of the breach, as such data is highly valuable on underground markets and could lead to long-term repercussions for the victims, including targeted phishing schemes or medical identity fraud. The breach underscores vulnerabilities in the company’s cybersecurity defenses, particularly in safeguarding personally identifiable information (PII) and protected health information (PHI).

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/6dc3b111-50b8-4d3b-9834-7b9cdde8f9d0.shtml

TPRM report: https://www.rankiteo.com/company/castlight-health

"id": "cas231090125",
"linkid": "castlight-health",
"type": "Cyber Attack",
"date": "6/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 55,
                        'industry': 'Healthcare Technology',
                        'name': 'Castlight Health, Inc.',
                        'type': 'Company'}],
 'attack_vector': 'Automated Attack',
 'customer_advisories': 'Written notification sent to affected individuals on '
                        'July 22, 2020',
 'data_breach': {'number_of_records_exposed': 55,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High (PII and health data)',
                 'type_of_data_compromised': ['Personal Information',
                                              'Health Information',
                                              'Insurance Details']},
 'date_detected': '2020-06-22',
 'description': 'The Maine Office of the Attorney General reported that '
                'Castlight Health, Inc. experienced a data breach due to an '
                'automated attack on June 22, 2020, affecting 55 individuals. '
                'Personal information potentially accessed included names, '
                'passwords, health information, and insurance details.',
 'impact': {'data_compromised': ['names',
                                 'passwords',
                                 'health information',
                                 'insurance details'],
            'identity_theft_risk': 'Potential (due to PII exposure)'},
 'references': [{'source': 'Maine Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'Maine Office of the '
                                                       'Attorney General'},
 'response': {'communication_strategy': 'Written notification sent to affected '
                                        'individuals on July 22, 2020'},
 'title': 'Castlight Health Data Breach (2020)',
 'type': 'Data Breach'}

Castlight Health, Inc.

Patriot Regional Emergency Communications Center: Patriot Regional Emergency Communications Center in Pepperell hit by cyberattack, affecting multiple towns

Drift Protocol: Crypto platform Drift suspends services after millions stolen in security incident

Optimism and Ethereum: Ethereum Security Breach Raises Questions After 2026 Roadmap Update