Skip to content

Elf On the Shelf Reports All the Breaches

Elf on a Shelf Hero Image

Ho, ho, ho! It's your favorite Elf on the Shelf here, reporting straight from the North Pole! As 2023 wraps up, I've been keeping my elf-eyes on the cybersecurity scene, and let me tell you, it's been as busy as Santa's workshop in December. I've compiled a list, checked it twice, and here's the scoop on what my comrades and I reported back to Santa.


Tipalti's Tangle with Ransomware: Tipalti, the renowned accounting software provider, faced a tough challenge with the ALPHV ransomware gang. The gang claims to have accessed Tipalti's network since September, swiping away a hefty 256GB of data. This breach put the data of high-profile clients like Roblox and Twitch at risk. The team at Tipalti is now working tirelessly to fortify their systems and protect client data.‍‍

HTC Global Services' Unwanted Gift: HTC, an IT and managed services provider giant, faced a grim cyberattack, with the ALPHV ransomware gang leaking a trove of sensitive data. The leaked data includes passports, contact lists, emails, and confidential documents, highlighting the severity of the breach and the urgency of HTC's response.

Nissan's Down Under Dilemma: Nissan Australia found themselves grappling with a cyberattack that potentially compromised customer information. The automotive giant is proactively warning customers about possible scams and the risks of account hijacking, underscoring the importance of vigilance following such incidents.

Norton Healthcare's Data Leak: In Kentucky, Norton Healthcare disclosed a significant breach affecting 2.5 million people. The breach exposed a wide range of sensitive information, from personal contact details to health and insurance information. This incident emphasizes the need for robust data protection measures in the healthcare sector.

Toyota Financial Services' Info Spill: Toyota Financial Services faced a data leak that put personal and financial information at risk. Following an unauthorized access claim by the Medusa ransomware group, the company confirmed the breach, affecting systems in Europe and Africa. This breach highlights the global reach of cyber threats.

Idaho National Lab's Cloudy Christmas: A breach in the cloud-based Oracle HCM HR platform at Idaho National Lab affected about 45,000 individuals. Although the breach was limited to a test platform, it still involved multiple forms of sensitive PII, such as names, social security numbers, and banking details.

Delta Dental's Not-So-Sweet Breach: Delta Dental of California experienced a significant breach, with nearly seven million patients' personal details exposed due to a flaw in MOVEIt Transfer Software. The exposure of names, financial account numbers, and credit card details including security codes, underscores the critical nature of software security.

Mr. Cooper's Mortgage Mayhem: Mr. Cooper, a leading mortgage lender, was hit by a cyberattack impacting 14.7 million customers. Exposed data included names, addresses, phone numbers, SSNs, dates of birth, and bank account numbers, posing risks of phishing, scams, and identity theft.


As we jingle all the way into the new year, these incidents remind us to keep our cybersecurity game strong. Remember, staying secure online is the best gift you can give your business and your customers. Happy Holidays, and let's all stay on the nice list next year.

Elf on the Shelf is always watching!