International Business Machines Corporation

The California Office of the Attorney General disclosed that IBM suffered an unauthorized access incident affecting the **Janssen CarePath platform**, a database containing personal information. The breach was reported on **September 22, 2023**, though the exact date of the intrusion remains undisclosed. While the specifics of the compromised data were not detailed in the report, the incident involved the exposure of personal information, likely belonging to customers or patients associated with the platform. Given the nature of Janssen CarePath—a service supporting healthcare-related financial and treatment assistance—the breach raises concerns about potential misuse of sensitive health or personally identifiable information (PII). IBM has not publicly confirmed the scale of the breach or whether the exposed data was exfiltrated, but the involvement of a government authority suggests regulatory scrutiny and possible compliance implications under data protection laws like **CCPA (California Consumer Privacy Act)** or **HIPAA (Health Insurance Portability and Accountability Act)** if health data was impacted.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-574033

TPRM report: https://www.rankiteo.com/company/ibm

"id": "ibm040091825",
"linkid": "ibm",
"type": "Breach",
"date": "9/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Technology / IT Services',
                        'location': 'Armonk, New York, USA',
                        'name': 'International Business Machines Corporation '
                                '(IBM)',
                        'type': 'Corporation'},
                       {'industry': 'Pharmaceuticals / Healthcare',
                        'name': 'Janssen CarePath (platform under Johnson & '
                                'Johnson)',
                        'type': 'Healthcare Platform'}],
 'data_breach': {'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High (personal information)',
                 'type_of_data_compromised': ['Personal Information']},
 'date_publicly_disclosed': '2023-09-22',
 'description': 'The California Office of the Attorney General reported that '
                'International Business Machines Corporation (IBM) experienced '
                'unauthorized access to personal information in their database '
                'used on the Janssen CarePath platform.',
 'impact': {'data_compromised': ['Personal Information'],
            'identity_theft_risk': 'Potential (personal information exposed)',
            'systems_affected': ['Janssen CarePath platform database']},
 'investigation_status': 'Reported; details pending',
 'references': [{'date_accessed': '2023-09-22',
                 'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['California Office of '
                                                        'the Attorney '
                                                        'General']},
 'response': {'communication_strategy': 'Reported to California Office of the '
                                        'Attorney General'},
 'title': "Unauthorized Access to Personal Information on IBM's Janssen "
          'CarePath Platform',
 'type': 'Data Breach / Unauthorized Access'}

International Business Machines Corporation

FFF Academy Saudi Arabia: French Football Federation discloses data breach after cyberattack

23andMe Nets Approval for Bankruptcy Plan With Data Breach Deals

Upbit Korea: Crypto Exchange Upbit Suffers Security Breach