Luque Chiropractic, Inc. suffered a data breach due to a vulnerability in their Amazon S3 storage account, which remained unsecured and accessible to unauthorized individuals between May 2016 and September 11, 2016. The exposed data included sensitive patient information such as names, addresses, dates of birth, treatment records, and Social Security numbers. The breach was reported by the California Office of the Attorney General on November 17, 2016, highlighting the failure to secure cloud storage properly. The compromised records pose significant risks, including identity theft, financial fraud, and unauthorized disclosure of medical history, as the exposed data could be exploited for malicious purposes. The incident underscores the critical need for robust cybersecurity measures, particularly in healthcare, where patient confidentiality is paramount. The prolonged exposure period (over four months) further exacerbates the potential harm, as the data remained vulnerable to exploitation for an extended duration.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-64959
TPRM report: https://www.rankiteo.com/company/luque-chiropractic-inc
"id": "luq1021090725",
"linkid": "luque-chiropractic-inc",
"type": "Breach",
"date": "5/2016",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'California, USA',
'name': 'Luque Chiropractic, Inc.',
'type': 'Healthcare Provider'}],
'attack_vector': 'Misconfigured Cloud Storage (Amazon S3)',
'data_breach': {'data_encryption': 'No (misconfigured S3 bucket)',
'data_exfiltration': 'Likely (unauthorized access confirmed)',
'personally_identifiable_information': ['Names',
'Addresses',
'Dates of birth',
'Social Security '
'numbers'],
'sensitivity_of_data': 'High (includes SSNs and medical '
'treatment info)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2016-09-11',
'date_publicly_disclosed': '2016-11-17',
'description': 'The California Office of the Attorney General reported that '
'Luque Chiropractic, Inc. experienced a data breach affecting '
'certain patient records. The breach originated from a '
'vulnerability in their Amazon S3 storage account, which was '
'accessible to unauthorized persons. The compromised data may '
'include patient names, addresses, dates of birth, treatment '
'information, and Social Security numbers. The breach was '
'active from May 2016 until September 11, 2016.',
'impact': {'data_compromised': ['Patient names',
'Addresses',
'Dates of birth',
'Treatment information',
'Social Security numbers'],
'identity_theft_risk': 'High (PII and SSNs exposed)',
'systems_affected': ['Amazon S3 Storage Account']},
'initial_access_broker': {'entry_point': 'Misconfigured Amazon S3 Bucket',
'high_value_targets': 'Patient records (PII/PHI)'},
'investigation_status': 'Disclosed; no further updates provided',
'post_incident_analysis': {'root_causes': 'Improper configuration of Amazon '
'S3 bucket access controls, leading '
'to unauthorized exposure of '
'sensitive patient data.'},
'references': [{'date_accessed': '2016-11-17',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['California Data Breach '
'Notification Law',
'Potential HIPAA '
'violations (if '
'applicable)'],
'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'communication_strategy': 'Public disclosure via California '
'Office of the Attorney General'},
'title': 'Luque Chiropractic, Inc. Data Breach (2016)',
'type': 'Data Breach',
'vulnerability_exploited': 'Improper Access Controls on Amazon S3 Bucket'}