#breach

Details of the 2026 Breach

• Cause: Unauthorized access to systems via a vendor's Oracle software vulnerability, discovered by Humana around September 29, 2025, and reported in March/April 2026.
• Impacted Data: Names, Humana IDs, Social Security numbers, medical billing/claims information, dates of service, and provider names.
• Scope: Reports suggest thousands were affected, with a specific filing for Texas citing roughly 2,104 residents.
• Response: Humana fixed the vulnerability and is offering 24 months of free credit monitoring and identity restoration services through Equifax, with an enrollment deadline of March 31, 2027.
  Legal Action and Safety Measures
• Lawsuits: A class action lawsuit was filed in Kentucky federal court in March 2026, alleging negligence and failure to protect patient information.
• Investigation: Legal firms (e.g., Federman & Sherwood https://www.federmanlaw.com/blog/humana-inc-data-breach-investigated-by-federman-sherwood/ ) are investigating the breach for potential legal action.
• Protection: Impacted individuals should receive a notification letter, monitor their credit reports, and consider placing fraud alerts.

Humana is facing significant controversies, most notably a class-action lawsuit alleging the use of an AI tool ("nH Predict") to wrongfully deny, limit, or terminate post-acute care coverage for Medicare Advantage patients.

Other issues include federal lawsuits over Medicare billing, data breaches, and a 2025 court loss regarding star ratings that risked billions in payments.

Key Humana Controversies and Lawsuits
AI Coverage Denials (nH Predict):

—A lawsuit alleges Humana uses the "nH Predict" algorithm, developed by naviHealth, to override physicians' recommendations and prematurely cut off rehabilitation or nursing facility stays for elderly patients. The suit claims these, which are "rigid and unrealistic predictions for recovery," are used to maximize profits.

—Medicare Advantage Fraud Allegations: Humana has faced multiple lawsuits under the False Claims Act. In 2024, they were involved in a $90 million settlement related to claims of overbilling the government for Medicare Part D prescriptions.

—Star Ratings Loss (2025): A Texas judge upheld a decision by the Centers for Medicare & Medicaid Services (CMS) to downgrade Humana’s 2024 star ratings for certain plans. This loss threatens billions of dollars in revenue for the company.

—Illegal Kickback Allegations: Lawsuits have alleged that Humana paid illegal kickbacks to insurance brokers, such as SelectQuote, to steer consumers into their Medicare Advantage plans between 2016 and 2021.

—Data Breaches and Security: Humana has reported incidents where unauthorized parties attempted to access member accounts, and they have faced class action suits regarding the protection of sensitive patient information, including a 2026 incident.

—False Statements (OIG Violations): Humana previously agreed to pay over $411,000 for allegedly violating the Civil Monetary Penalties Law by making false claims/statements regarding "meaningful use" payments in their electronic health records.

These legal challenges have created volatility for the company's stock, particularly surrounding the profitability and quality of its Medicare Advantage business, which is the primary source of its revenue.

Wondering if there is a case for breaches of fiduciary duties, duty of loyalty, and duty of care in the selecting of the short lived CEO. Any legal experts out there want to chime in?

I'm sure that I'm not the only one that got/is getting the letter that Navia was hacked.

3rd "we've gotten hacked" letter this year that I have received

Wonder if they are using F5 products?

anyone get a copy of their own information and documentation that was released due to the breach?

Oh boy. The outcome of this won’t be good.

https://www.kiro7.com/news/local/lawsuit-claims-seattle-based-f5-overstated-cybersecurity-strength-before-revealing-major-breach/EVFK25KTSRDUXH5IXHL6JVZF3I/

I let my managers and directors know of the decline in quality for the last many years. And I was ignored.

Wrn Leggs is gone at the end of the month

Fiserv faces security issue lawsuit : A civil complaint alleges the payment processor misled its customers about the use of two-factor authentication to access systems containing sensitive information.

Att quickly discovered some unauthorized access to customer online accounts in August. User is and answers to security questions were obtained from outside of att and used to log in. Impacted accounts have been locked by att.

On October 15, 2025, CISA issued Emergency Directive ED 26-01 (https://www.cisa.gov/news-events/directives/ed-26-01-mitigate-vulnerabilities-f5-devices), marking an extraordinary federal response to the F5 breach. The directive's language is strikingly urgent, warning of "imminent risk to federal agencies" and scenarios "potentially leading to a catastrophic compromise of critical information systems." CISA explicitly stated that the stolen material enables threat actors to "penetrate core networks" and "decrypt a significant portion of global Internet traffic." This language reveals just how catastrophic CISA believes this breach could become. The directive mandated that federal agencies inventory ALL F5 devices and apply patches by October 22, 2025, giving them just seven days to respond. While Deep Specter claims CISA "never issued Emergency Directives for breaches before," this is technically incorrect. CISA has issued approximately 10 EDs previously, including ED 21-01 for the SolarWinds compromise. However, Deep Specter's broader point stands: Emergency Directives are extraordinarily rare and reserved for critical national security threats. The fact that CISA used such alarm-raising language and demanded such rapid action indicates they view this breach as an existential threat to federal networks.

The cybersecurity community's reaction to the F5 breach has been notably alarmed. Bruce Schneier, one of the world's most respected cryptographers and security experts, titled his analysis simply "Serious F5 Breach". This is significant because Schneier rarely sounds public alarms, and his choice to call out this incident by name signals its gravity. Robert Huber, Chief Security Officer at Tenable, called it "a five-alarm fire for national security," invoking the highest level of emergency response. CISA's Acting Director stated that "the alarming ease with which these vulnerabilities can be exploited by malicious actors demands immediate and decisive action." This language emphasizes not just the threat but the accessibility of exploitation. Perhaps most starkly, Chris Woods, a former HP security executive and founder of CyberQ Group, advised that "since that vulnerability information is out there, everyone using F5 should assume they're compromised." When experienced security professionals abandon nuance and tell customers to assume the worst, it reflects a consensus that this breach represents a fundamental breakdown in security that cannot be easily remediated.

https://www.reddit.com/r/f5networks/comments/1okn55c/factchecking_the_deep_specter_report_on_f5/?rdt=45343

The actor dwell time inside their network is being quoted as 393 days. Let that sink in. Then consider this is being attributed to APT27 (China). I’m working from a position that they have everything (EVERYTHING) and are potentially still inside the network.

$FFIV blames the recent breach for weak guidance, but the real story looks secular. Hyperscalers are commoditizing load balancing, and $NET / $AKAM are squeezing F5’s security edge. 1q rev growth turning negative, FY26 EPS down mid-singles. Stock -5% AH.

Comcast has a cyber attack today. All 6 petabytes of minio data was deleted. People are checking if it was retaliation for the divisions layoffs.

Dozens of Oracle customers impacted by Clop data theft for extortion campaign: Researchers said malicious activity dates back to early July and active exploitation was observed two months ago.

Clop, the notorious ransomware group, began targeting Oracle E-Business Suite customers three months ago and started exploiting a zero-day affecting the enterprise platform to steal massive amounts of data from victims as early as Aug. 9, Google Threat Intelligence Group and Mandiant said in a report Thursday.

Not sure what defines highly sophisticated hacker or not but clearly they went for the Jackpot Bingo. Application Delivery Controller or ADC is a single point of exposure of all traffic that goes through F5 that would be a magnet for hackers. It breaks all norms of security by concentrating in the same venue all the secret keys for every service that is on-boarded to the ADC. It is a matter of time until someone gets its hands on it. Otherwise no hacker would bother to go to break F5 if the traffic that goes through it is end to end encrypted. It was unwise and d-mb idea from the begining and only to support security of lax architecture in the back end. Now those all that were calling that is the only secure way to go about it are reaping their fruits. It was not at all driven from security point of view but more about sales, project check mark and also about sniffing transfers in the internal network for data loss prevention or DLP. Well those who pushed it all are not anymore around to be asked about it. Next all the secret vaults and smillar things.

https://forums.theregister.com/forum/all/2025/10/15/highly_sophisticated_government_hackers_breached/

Chuckie is in hot water, expecting federal government agencies to remove Cisco equipment

US Senator Bill Cassidy has fired off a pointed letter to Cisco over the firewall flaws that allegedly let hackers breach "at least one federal agency."

Cassidy's letter [PDF] to Cisco CEO Chuck Robbins demands clarity around the company's knowledge of and response to the critical flaws – namely CVE-2025-20333 and CVE-2025-20362 – that prompted the US government to issue an emergency patching directive for federal civilian agencies.

Cassidy says "at least one federal agency has already been breached as a result of this vulnerability," a claim Cisco has not publicly confirmed or denied.

Cyber: F5 experienced the same breach in March 2021. In Nov 2021 they announced they’re doubling their India staff which is now 20% of their headcount.

The WFH engineering is entirely in India. Only pre-sales and service engineers in US. None of these cyber SME’s will investigate India or the Beijing operations but I bet they’ll find a previously unknown vulnerability.

BTW India outlaws VPNs and these dudes WFH on Huawei networks. What happens to encrypted data traveling through China where encryption is illegal? Good question - cryptologists don’t seem to know. Bet they had anonymous security groups and no one checked logs so they didn’t even know. 95% of breaches involve insiders - negligence or intentional theft. I call it the offshore 401K.

https://finance.yahoo.com/news/oracle-investigating-hacks-customers-e-214339029.html

Previously, ORCL never acknowledge a security breach !

leaders are asking to suspend all products until further notice.

AT&T seems breached again, the hacker is selling access to 24 million users' data – are you one of those?

If you've got $100,000 – but strictly in crypto – you could buy access to the carrier's infrastructure, the offering claims.

By Sebastian Pier
PUBLISHED: SEP 03, 2025, 3:45 AM

https://www.phonearena.com/news/at-t-is-it-breached-again_id173750

Is AT&T going to be sued and fined for neglecting its users' private data? Or is it going to settle to pay out compensations to numerous users again, like it recently did?

This could very well happen, if another AT&T breach occurs – and SOCRadar's Dark Web Team has come across a new listing on the dark web that advertises what is described as unauthorized access to AT&T's internal systems.

Dark Web Offers Exploits, AT&T Access, Ledger Scam Kit, and 100K Stolen Cards

SOCRadar’s Dark Web Team has identified a new wave of underground activity involving high-value exploits, access, and data leaks. Threat actors are advertising an alleged Android 0-day affecting versions 11 through 15, persistent unauthorized access to AT&T’s core infrastructure, and a dump of over 100,000 credit cards from multiple countries. Additionally, a new scam page targeting Ledger wallet users has been leaked, suggesting broader phishing campaigns targeting the crypto community.

https://socradar.io/dark-web-offers-exploits-att-access-ledger-scam-kit-and-100k-stolen-cards/

https://cybernews.com/security/att-data-breach-impacted-millions-hackers-say/

I hope they pay the ransom again...

AT&T Wireless: In April 2024, hackers affiliated with ShinyHunters hacked AT&T Wireless and stole data on over 110 million customers. In May, AT&T paid a $370,000 ransom to one of the group's members to delete the data

and the names of those participating in the settlement going to be public, do you think Stankey would use that information as one of the "metrics" to fire employees that make a claim for the money?

https://www.tomshardware.com/tech-industry/cyber-security/researcher-downloaded-the-data-of-all-270-000-intel-employees-from-an-internal-business-card-website-massive-data-breach-dubbed-intel-outside-didnt-qualify-for-bug-bounty and they got some shots in on the products too

Seems this hack is being kept quite with all the uproar about Accenture suing L3Harris for $81 million and the Accenture I.T. contract ending with L3Harris on 12/15/2025. Karma? 450+ employees "sold" to Accenture without any severance options and then a year later the contract is terminated. This from a company that requires the employees to take yearly ethics classes.

https://www.cyberdaily.au/security/12488-exclusive-world-leaks-ransomware-gang-claims-hack-of-defence-contractor-l3harris-list

Since dell will never tell us this info on their own and will pretend it didnt happen.....

https://finance.yahoo.com/news/hr-giant-workday-says-hackers-130410698.html

https://techcrunch.com/2025/08/18/hr-giant-workday-says-hackers-stole-personal-data-in-recent-breach/

Workday, one of the largest providers of human resources technology, has confirmed a data breach that allowed hackers to steal personal information from one of its third-party customer relationship databases.