CISA Advisories

1.8M Patients' Fingerprints Stolen 🚨 + 40K Stores Skimming Cards 💳

Two stories today show just how exposed everyday people are right now — from the medical data on file at your hospital to the credit card you tap in at checkout. Here's what happened and why it matters.

1.8 Million Patients Just Had Their Fingerprints Stolen 🏥

NYC Health + Hospitals confirmed that hackers spent three full months — November 2025 through February 2026 — quietly roaming its network after breaking in through a third-party vendor. The haul is staggering: medical records, billing details, government IDs, precise location data, and (most unsettling of all) stored fingerprints and palm prints for at least 1.8 million people.

Here's the "so what": passwords can be reset, but biometrics can't. Once your fingerprint is in a criminal database, it's there forever. This breach is also a textbook example of supply-chain risk — the hospital itself wasn't directly hacked, but a vendor it trusted was. If you're a business of any size, this is your reminder that your security is only as strong as the weakest partner you've handed data to.

Read more →

Your Next Online Checkout Could Be Skimming Your Card 🛒

Researchers at Sansec uncovered an actively exploited flaw in FunnelKit Funnel Builder, a WordPress plugin running on more than 40,000 WooCommerce storefronts. Attackers can sneak malicious JavaScript directly into the checkout page, silently siphoning off shoppers' card numbers, CVVs, and billing addresses as they type — a classic "Magecart"-style skimmer, but operating at massive scale.

Why this matters to you: there is no warning sign for shoppers. The page looks normal, the purchase goes through, and the card data lands with the attackers. Store owners on FunnelKit need to update to version 3.15.0.3 or later immediately. Shoppers should keep a close eye on card statements and consider using virtual cards or payment platforms (Apple Pay, PayPal) that don't expose your real card number to the merchant's checkout form.

Read more →

Stay ahead of threats with GOCO Security at gocosecurity.com.

Comments

Popular Posts