What is a JSON feed? Learn more

JSON Feed Viewer

Browse through the showcased feeds, or enter a feed URL below.

Now supporting RSS and Atom feeds thanks to Andrew Chilton's feed2json.org service

CURRENT FEED

Cyber Security & Privacy News | Hippogriff LLC

Every week Hippogriff shares some of the most alarming data breach and privacy infringing occurrences throughout the world. Keep stopping by to see the most recent entries.

A feed by Wizards that are not wee at work...

XML


Most U.S. Healthcare Apps Susceptible to Cyber Attack

Permalink - Posted on 2021-11-24 16:00

Vulnerabilities exist in most of the web applications used by leading healthcare providers in the United States, according to new research by cyber assessment company Outpost24. In its new 2021 Web Application Security for Pharma and Healthcare report, the company shared the finding that 90% of the web applications used by the US healthcare operators are susceptible to cyber-attacks. The report assessed the internet-exposed applications of the top 20 largest pharma and healthcare organizations in the European Union and in the US to identify common attack vectors and exploitable flaws. Researchers found that 85% of the top 20 pharma and healthcare applications had an external attack surface score of 30 or above out of 58.24. Outpost24 classified such a score as ‘critically exposed,’ indicating a "high susceptibility for security and vulnerability exposure." Healthcare organizations in the United States were found to be more at risk than their European counterparts. While US organizations had an average risk exposure score of 40.5, the score for healthcare organizations in the EU was 32.79. A quarter of the web applications run by healthcare organizations in the US presented a cybersecurity risk. Out of a total 6069 web applications run over 2197 domains, 3% were considered as "suspect" by researchers and a further 23.74% were found to be running on vulnerable components. Although EU healthcare organizations run almost four times as many web applications as those in the US, the percentage of apps deemed to be risky was lower in the EU than in the US. Of the 20,394 web applications run by EU healthcare organizations over 9216 domains, 3.3% were considered to be suspect and 18.3% were running on vulnerable components. The researchers found that the top three attack vectors identified across healthcare organizations in the EU and the US to be Degree of Distribution, Page Creation Method and Active Content.


GoDaddy Breach Widens to Include Reseller Subsidiaries

Permalink - Posted on 2021-11-24 16:00

The GoDaddy breach affecting 1.2 million customers has widened – it turns out that various subsidiaries that resell GoDaddy Managed WordPress were also affected. The additional affected companies are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost. The world’s largest domain registrar confirmed to researchers at Wordfence that several of these brands’ customers were affected by the security incident.


PHI of 57,000 Patients Potentially Compromised in TriValley Primary Care Cyber Attack

Permalink - Posted on 2021-11-24 16:00

Suspicious activity was detected in its IT environment on October 11, 2021. A review of the files on the affected systems confirmed the following types of patient data may have been compromised: First and last name, gender, home address, phone number, email address, date of birth, Social Security number, health insurance policy/group plan number, group plan provider, claim information, medical history, diagnosis, treatment information, dates of service, lab test results, prescription information, provider name, medical account number, and other information contained in medical records.


Apple Slaps Lawsuit on NSO Group Over Pegasus iOS Exploitation

Permalink - Posted on 2021-11-24 16:00

The lawsuit, filed on Tuesday in Northern California, seeks to hold NSO Group accountable for hacking into Apple’s iOS mobile platform with so-called zero-click exploits to spy on researchers, journalists, activists, dissidents, academics, and government officials. The Cupertino, Calif.-based Apple also announced it would contribute $10 million to researchers and academic outfits exposing cyber-surveillance abuses.


Phillipines: Personal Data of 22,000 S&R Members Compromised in Cyber Attack

Permalink - Posted on 2021-11-24 16:00

The National Privacy Commission (NPC) on Wednesday, Nov. 24, said the personal data of 22,000 S&R members were compromised following a recent cyber attack. In a statement, NPC confirmed the receipt of a breach notification report on Nov. 15 from S&R Membership Shopping concerning a cyber attack “that may have compromised its members’ personal data.” The S&R said they discovered the security incident last Nov. 14 and submitted a supplemental breach report to the NPC on Wednesday. According to the report, members’ personal data, including date of birth, contact number, and gender have been compromised.


Montana High School Hit by Ransomware

Permalink - Posted on 2021-11-24 16:00

Today’s report concerns Beaverhead County High School in Montana, which was reportedly hit by Avos Locker. The threat actors added the listing to their dark web leak site on November 20, but do not state when the attack actually occurred. As proof of claim, Avos Locker uploaded a few files — only 1 of which appears specific to BCHS: procedures to be followed in the event of an on-field injury during an athletic event.


WiFi Software Management Firm Exposed Millions of Users' Data

Permalink - Posted on 2021-11-24 16:00

WSpot provides software to let businesses secure their on-premise WiFi networks and offer password-free online access to their clients. Some of the notable clients of WSpot include Sicredi, Pizza Hut, and Unimed. According to WSpot, 5% of its customer base got impacted by this leak. Around 226,000 files got exposed in this data leak. The leaked information included personal details of at least 2.5 million users who connected to WSpot’s client’s public WiFi networks.


Astoria Notifying 940,000 Consumers After Breach Earlier This Year

Permalink - Posted on 2021-11-23 16:00

Mark Francis of Holland & Knight, who are external counsel for Astoria Company LLC has now notified the Maine Attorney General’s Office that Astoria is notifying 940,000 consumers about a breach that occurred in January, 2021. The impacted information included first and last name, mailing address, email address, phone number, date of birth, social security number and/or driver’s license number and state, and in some instances employment information.


Three Months After Ransomware Attack, UHC Fails to Notify Exposed Patients

Permalink - Posted on 2021-11-23 16:00

On September 25, DataBreaches.net reported on a ransomware attack suffered by United Health Centers of San Joaquin Valley (UHC). BleepingComputer had also reported on the incident the day before. Neither this site nor BleepingComputer had been able to get a statement from UHC at the time, but it was clear from the data dumped by threat actors known as “Vice Society” that there was protected health information acquired and dumped. Two months later, patients have still not received any individual notifications.


Polish DPA: Bank Millennium Fined 80,000 Euros for Failure to Notify of Data Breach

Permalink - Posted on 2021-11-23 16:00

The Personal Data Protection Office (UODO) learnt about the personal data breach from a complaint lodged against the bank. The complaint concerned the loss by a courier company of correspondence containing personal data, such as: name, surname, personal identification number (PESEL number), registered address, bank account numbers, identification number assigned to the bank’s customers. The complainants were informed about this fact by the bank, but the information was not sufficient — it did not meet the requirements set out in the GDPR.


Wind Turbine Giant Vestas Confirms Data Breach

Permalink - Posted on 2021-11-23 16:00

In a statement posted today (November 22), the Danish energy giant said it “has already initiated a gradual and controlled reopening of all IT systems” after shutting down several operational IT systems as a precaution following a “cybersecurity incident” on Friday (November 19). News of the incident first emerged on Saturday (November 20) when the company warned that “customers, employees, and other stakeholders may be affected by the shutdown”.


Online Payment Fraud Surges by 208% Ahead of Black Friday

Permalink - Posted on 2021-11-22 15:00

In a new report, cybersecurity vendor Kaspersky discovered 1,935,905 financial phishing attacks disguised as e-payment systems in October 2021. This is more than double the 627,560 attacks detected in the previous month. Interestingly, the researchers didn’t observe any seasonal trends for other types of phishing related to online shopping in the first 10 months of 2021. The emphasis on e-payment systems is believed to be linked to the introduction of new payment systems in many countries this year following the shift to online shopping during COVID-19. The team also detected 221,745 spam emails containing the words ‘Black Friday’ from October 27 to November 19, providing further evidence that fraudsters are trying to take advantage of the biggest shopping day of the year. In total, Kaspersky reported seeing 40 million phishing attacks targeting e-commerce and e-shopping platforms from January to October 2021.


Businesses Compromise on Cyber Security in Favor of Other Goals

Permalink - Posted on 2021-11-22 15:00

90% of IT decision makers claim their business would be willing to compromise on cybersecurity in favor of digital transformation, productivity, or other goals. Additionally, 82% have felt pressured to downplay the severity of cyber risks to their board, a Sapio Reserach report reveals. The research reveals that just 50% of IT leaders and 38% of business decision makers believe the C-suite completely understand cyber risks. Although some think this is because the topic is complex and constantly changing, many believe the C-suite either doesn’t try hard enough (26%) or doesn’t want (20%) to understand. There’s also disagreement between IT and business leaders over who’s ultimately responsible for managing and mitigating risk. IT leaders are nearly twice as likely as business leaders to point to IT teams and the CISO. 49% of respondents claim that cyber risks are still being treated as an IT problem rather than a business risk. This friction is causing potentially serious issues: 52% of respondents agree that their organization’s attitude to cyber risk is inconsistent and varies from month to month.


Iran's Mahan Air says Hit by Cyber ttack

Permalink - Posted on 2021-11-22 15:00

Iran's second-largest airline, Mahan Air, said it had been hit by a cyberattack Sunday, the latest of several targeting the company. According to Mehr news agency, some Mahan customers had received text messages that said: "Cyberattack against Mahan for complicity in the crimes committed by the terrorist Guardians Corps" -- a reference to Iran's elite Revolutionary Guards. Mahan Air is Iran's main private airline and the second biggest after the national carrier Iran Air.


GoDaddy Breach Exposes 1.2 Million Managed WordPress Customer Accounts

Permalink - Posted on 2021-11-22 15:00

Domain registrar and web hosting giant GoDaddy has been hacked and customer data for some 1.2 million WordPress users were exposed to the attacker for more than three months. The Tempe, Arizona-based GoDaddy disclosed the breach in an SEC filing and confirmed that millions of users of its managed WordPress hosting service had sensitive data stolen, including database usernames and passwords, email addresses and private SSL keys.


WhatsApp Pushes Privacy Update to Comply with Irish Ruling

Permalink - Posted on 2021-11-22 15:00

WhatsApp is taking the action after getting hit with a record 225 million euro ($267 million) fine in September from Ireland’s data privacy watchdog for violating stringent European Union data protection rules on transparency about sharing people’s data with other Facebook companies.


Utah Medical Group Discloses Data Breach Affecting Over 580,000 Patients

Permalink - Posted on 2021-11-22 15:00

As part of the incident, which was identified on September 4, 2021, unknown threat actors accessed files that contained sensitive personal information related to patients. Following the incident, Utah Imaging Associates informed the U.S. Department of Health and Human Services that the data of 583,643 individuals was compromised during the incident. The affected data, HIPAA Journal reported last week, included full names, birth dates, mailing addresses, health insurance policy numbers, and Social Security Numbers. Medical information, including diagnosis, prescription details, and treatment information was also affected.


India: PNB Customers' Data Exposed for Seven Months Due to Server Vulnerability

Permalink - Posted on 2021-11-22 15:00

Critical financial and personal information of 180 million Punjab National Bank (PNB) customers was at risk for around seven months due to a vulnerability in the lender's servers, said cybersecurity firm CyberX9. The vulnerability provided access to the entire digital banking system of the bank with administrative control, the agency claimed.


52% of SMBs Have Experienced a Cyber Attack in the Last Year

Permalink - Posted on 2021-11-19 16:00

The consequences of a breach have never been more severe, with global cybercrime collectively totaling $16.4 billion each day, a Devolutions survey reveals. A recent study by IBM revealed that organizations with fewer than 500 employees had an average data breach cost of $2.98 million per incident in 2021. As has been reported, approximately 60% of SMBs go out of business within six months of getting hacked.


California Pizza Kitchen Spills Over 100,000 Employee Social Security Numbers

Permalink - Posted on 2021-11-19 16:00

While CPK didn’t confirm how many people are impacted by the breach, a notification from the Maine attorney general’s office reported a total of 103,767 current and former employees — including eight Maine residents — are affected. CPK employed around 14,000 people as of 2017, suggesting the bulk of those affected are former employees.


Indonesia Probe Police Hack in Latest Cyber Breach

Permalink - Posted on 2021-11-19 16:00

Indonesian police are investigating claims by a hacker who said this week they have stolen personal data of thousands of police officers, the latest in a spate of cyber attacks that has highlighted the country's digital vulnerabilities. Using a now suspended Twitter handle, a hacker who said they were from Brazil claimed to have obtained the data of 28,000 officers by infiltrating Indonesia's national police server, according to local media reports. The hacker said the information compromised included names, home addresses, emails, phone numbers and blood types.


6 Million Sky Routers Left Exposed to Attack for Nearly 1.5 Years

Permalink - Posted on 2021-11-19 16:00

Sky, a U.K. broadband provider, left about 6 million customers’ underbellies exposed to attackers who could remotely sink their fangs into their home networks: a nice, soft attack surface left that way for nearly 18 months as the company tried to fix a DNS rebinding vulnerability in customers’ routers. Pen Test Partners reported the problem to Sky Broadband – a broadband service offered by Sky UK in the United Kingdom – on May 11, 2020 … and then chased Sky for a repeatedly postponed update.


Less than Half of Consumers Change Passwords Post-Breach

Permalink - Posted on 2021-11-19 16:00

There’s a “shockingly high” disconnect between awareness of best practices following a data breach and actions taken, according to a new study from the Identity Theft Resource Center (ITRC). The non-profit polled over 1000 US consumers to gauge their understanding of and response to breach incidents involving personal information. The report found that more than half (55%) of social media users have had their accounts compromised in the past, so there’s generally a high level of awareness about what can be done to enhance personal security. However, nearly a fifth (16%) of respondents said they took no action following a breach. Less than half (48%) changed affected passwords, and only a fifth (22%) changed all of their passwords. That’s particularly worrying when 85% admitted to reusing log-ins across multiple accounts, putting them at risk of credential stuffing.


U.S. Regulators Order Banks to Report Cyber Attacks Within 36 Hours

Permalink - Posted on 2021-11-19 16:00

US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours. Banks are only required to report major cyberattacks if they have or will likely impact their operations, the ability to deliver banking products and services, or the US financial sector's stability. Bank service providers will also have to notify customers "as soon as possible" if a cyberattack has materially affected or will likely affect the customers for four or more hours. Examples of incidents that need to be reported under the new rule include large-scale distributed denial of service attacks that disrupt customer account access to banking services or computer hacking incidents that takedown banking operations for extended periods of time.


20% of Defense Contractors at Risk for Ransomware Attack

Permalink - Posted on 2021-11-19 16:00

A report featuring some of the United States' top defense contractors suggests that about 20% of them are “highly susceptible” to a ransomware attack, with 42% having experienced a data breach in 2020 alone. This data comes from Black Kite, a cybersecurity research firm. Report authors looked defense contractors working in financial services, health care, manufacturing, critical infrastructure and business services, and evaluated each company on their cybersecurity protocols and procedures to determine an industrywide index grade across defense contractors. The average score implies a safe level of risk management––and 54% of defense contractors are considered relatively safe from ransomware attacks. However, 43% of contractors were found to have old or dated cybersecurity systems, yielding a higher risk of cyberattacks.


Cyber Complexity Negatively Impacts a Company's Ability to Respond to Threats

Permalink - Posted on 2021-11-19 16:00

71% of VPs and CIOs believe that the high number of cybersecurity tools they use negatively impacts their organization’s ability to detect and prevent threats, a Perimeter 81 report reveals. The research evaluated responses from 500 IT professionals at companies with 50 or more employees in the US. It covers new trends in the workforce due to COVID-19, how those changes have affected cybersecurity, and their impact on IT professionals. 50% of companies with more than 1,000 employees use 20 or more cybersecurity tools and solutions; 64% report that they experienced a significant cybersecurity incident in 2020-21, including ransomware or phishing; 34% of companies have made cybersecurity a priority due to news coverage of cyber incidents; 59% admitted they paid a ransom to cyber thieves; 47% of cyberattack victims had recovery costs between $100,000 and $1 million.


Turkey: MNG Kargo Hacked; User Information Stolen

Permalink - Posted on 2021-11-18 16:00

MNG Cargo, which has a wide transportation network in our country, announced that some of its corporate customers were attacked by cyber attacks as a result of their user names and passwords being seized. Notifying the Personal Data Protection Authority, the company announced that the names, surnames, addresses and phone numbers of the cargo recipients were seized. The company, which was able to detect the leak that started on August 15, on August 23, stated that the number of people affected by this situation is uncertain, and that there is no flaw in the system, and that the situation that caused the leak was due to the seizure of corporate customer accounts.


82% of Healthcare Organizations Have Experienced an IoT Attacks in the Past 18 Months

Permalink - Posted on 2021-11-18 16:00

A new study conducted by Medigate and CrowdStrike has highlighted the extent to which healthcare Internet of Things (IoT) devices are being targeted by threat actors and warns about the worrying state of IoT security in the healthcare industry. The study included a survey of healthcare organizations to determine what threats they have faced over the past 18 months. 82% of surveyed healthcare organizations said they have experienced at least one form of IoT cyberattack in the past 18 months, with 34% of respondents saying the attack involved ransomware. The situation is likely to get worse as the number of IoT devices in healthcare grows. According to the report, spending on connected medical devices has been predicted to increase at a CAGR of 29.5% through 2028.


DDoS Attacks Surge 35% in Q3 as VoIP Is Targeted

Permalink - Posted on 2021-11-18 16:00

Security experts have warned of a surge in distributed denial of service (DDoS) attacks in the third quarter, with quantity, size and complexity all increasing in the period. The findings come from Lumen’s Q3 DDoS Report, which revealed that the firm mitigated 35% more attacks in the quarter than Q2 2021. The vendor claimed that the largest bandwidth attack it tackled during the period was 612 Gbps — a 49% increase over Q2. The largest packet rate-based attack scrubbed was 252 Mbps — a 91% increase.


PHI of 127,000 NorthCare Patients Potentially Compromised in Ransomware Attack

Permalink - Posted on 2021-11-18 16:00

NorthCare, an Oklahoma City, OK-based mental health clinic, was the victim of a ransomware attack in June 2021 in which patients protected health information may have been compromised. NorthCare identified suspicious network activity on June 1, 2021, when ransomware was used to encrypt files. The investigation into the attack confirmed its network was breached on May 29, 2021. The attackers rapidly deployed ransomware to prevent access to files and demanded payment of a ransom for the keys to decrypt files.


Robinhood Hack Also Included Thousands of Phone Numbers

Permalink - Posted on 2021-11-18 16:00

The recent hack at app-based investment platform Robinhood also impacted thousands of phone numbers, Motherboard has learned. The news provides more clarity on the nature of the data breach. Originally, Robinhood said that the breach included the email addresses of 5 million customers, the full names of 2 million customers, and other data from a smaller group of users. Motherboard obtained a copy of the stolen phone numbers from a source who presented themselves as a proxy for the hackers. The file includes around 4,400 phone numbers. When asked if the numbers belonged to Robinhood customers, the company told Motherboard in a statement that “We’ve determined that several thousand entries in the list contain phone numbers, and the list also contains other text entries that we’re continuing to analyze.”


Number of Cyber Attacks Infiltrating Critical New Zealand Networks Soars

Permalink - Posted on 2021-11-18 16:00

New Zealand’s National Cyber Security Centre (NCSC) has observed a 15% year-on-year jump in cyber-attacks against the country’s “nationally significant” organizations. More than 400 such incidents were recorded between July 1, 2020, and June 30, 2021, up from 352 a year earlier, according to the NCSC’s latest annual threat report, published today (November 16). More alarmingly still, the proportion of these incidents that reached the post-compromise stage – where threat actors manage to access and move laterally through networks or otherwise cause the victim harm – more than doubled, from 15% to 33%.


Data Breach Rule for Health Apps Leaves Developers in the Dark

Permalink - Posted on 2021-11-18 16:00

Makers of health apps are scrambling to understand the extent of their legal liability after a divided Federal Trade Commission announced they’re now required to inform users about data and privacy breaches—and if they have used their customers’ health data without authorization. The commission approved 3-2 a policy statement that the makers of health apps, including apps on smartphones and fitness devices, must comply with the FTC Health Breach Notification Rule. The rule had previously applied to a much narrower set of health-information software, primarily apps used to collect and store health records from doctors and other health-care providers. Supporters say it’s a welcome attempt to extend privacy protections to health data being gathered and stored by a new generation of health and fitness apps that hadn’t been imagined when the breach notification rule was issued in 2009. These apps gather such information as menstrual cycles, fitness and sleep patterns, and blood-glucose levels. But app developers say the September statement leaves them in the dark about crucial questions, including which apps and app makers are included under the rule, and how big the fines could be for violations, especially in cases where an app maker has been sharing users’ health information without authorization.


Adult Cam Site StripChat Exposes the Data of Millions of Users and Cam Models

Permalink - Posted on 2021-11-18 16:00

StripChat, one of the internet’s top 5 adult cam sites, has suffered a security breach and has leaked the personal data of millions of users and adult models. The leak, discovered by security researcher Bob Diachenko, took place earlier this month after StripChat exposed its ElasticSearch database cluster on the internet without a password for more than three days between November 4 and November 7. The exposed servers leaked a treasure trove of highly-sensitive information, such as: Data of 65 million users registered on the site (username, email, IP address, ISP details, tip balance, account creation date, last login date, account status); Data of 421,000 models broadcasting on the site (username, gender, studio ID, live status, tip menus/prices, strip score); Data of 134 million transactions (information about tokens and tips paid by users to models, including private tips); Data about 719,000 chat messages saved in a moderation database (the user and model ID involved in the conversations).


Patients Unaware of the Extent of Healthcare Cyber Attacks and Data Theft

Permalink - Posted on 2021-11-16 16:00

A recent survey conducted by the unified asset visibility and security platform provider Armis has explored the state of cybersecurity in healthcare and the security risks that are now faced by healthcare organizations. The survey was conducted by Censuswide on 400 IT professionals at healthcare organizations across the United States, and 2,000 U.S. patients to obtain their views on cybersecurity and data breaches in healthcare. The survey confirmed cyber risk is increasing, with 85% of respondents saying cyber risk has increased over the past 12 months. Ransomware gangs have targeted the healthcare industry over the past 12 months, and many of those attacks have succeeded. 58% of the surveyed IT professionals said their organization had experienced a ransomware attack in the past 12 months. The increase in cyberattacks on the healthcare sector is influencing healthcare decisions. 75% of IT professionals said recent attacks have had a strong influence on decision making and 86% of respondents said their organization had appointed a CISO; however, only 52% of respondents said their organization was allocating more than sufficient funds to cover IT security. The survey of patients revealed a third had been the victim of a healthcare cyberattack, and while almost half of patients (49%) said they would change healthcare provider if it experienced a ransomware attack, many patients are unaware of the extent of recent cyberattacks and how frequently they are now being reported. In 2018, healthcare data breaches were reported at a rate of 1 per day. In the past year, there have been 7 months when data breaches have been reported at a rate of more than 2 per day. Despite extensive media reports about healthcare data breaches and vulnerabilities in medical devices, 61% of potential patients said they had not heard about any healthcare cyberattacks in the past two years, clearly showing many patients are unaware of the risk of ransomware and other cyberattacks. However, patients are aware of the impact those attacks may have, with 73% of potential patients understanding a cyberattack could impact the quality of care they receive. When potential patients were asked about their privacy concerns, 52% said they were worried a cyberattack would shut down hospital operations and would potentially affect patient care, and 37% said they were concerned about the privacy of information accessible through online portals.


PHI of 1.27 Million Patients Compromised in Two Healthcare Data Breaches

Permalink - Posted on 2021-11-16 16:00

On June 24, 2021, Sea Mar learned sensitive data had been exfiltrated from its IT systems by an unauthorized individual. Assisted by a leading third-party cybersecurity firm, Sea Mar determined its systems had been accessed between December 2020 and March 2021. According to the breach notice posted on its website, a review was conducted of the information potentially stolen from its network, which confirmed the following data types had been stolen: Name, address, Social Security number, date of birth, client identification number, diagnostic and treatment information, insurance information, claims information, and/or images associated with dental treatment. On November 3, 2021, Utah Imaging Associates reported a data breach to the HHS’ Office for Civil Rights that involved the protected health information of 583,643 individuals. The breach has been listed as a hacking/IT incident involving PHI stored on a network server.


Southern Ohio Medical Center Diverts Ambulances Due to Cyberattack

Permalink - Posted on 2021-11-15 20:00

Southern Ohio Medical Center (SOMC) Diverts in Portsmouth, OH, is recovering from a cyberattack that occurred on the morning of Thursday, November 11, 2021. The attack forced the hospital to go on diversion and direct ambulances to other healthcare facilities. The hospital also had to cancel some appointments and outpatient services.


Data of 5.9 Million Customers of RedDoorz Hotel Booking Site Leaked in Singapore's Largest Data Breach

Permalink - Posted on 2021-11-15 20:00

The personal data of nearly 5.9 million Singaporean and South-east Asian customers of hotel booking site RedDoorz was found to have been leaked, in what the Government has called Singapore's largest data breach. The Personal Data Protection Commission (PDPC) has fined local firm Commeasure, which operates the website, $74,000. This is much lower than the combined $1 million fine imposed on SingHealth and Integrated Health Information Systems for the 2018 data breach which affected 1.5 million people.


Robinhood Discloses Data Breach Impacting 7 Million Customers

Permalink - Posted on 2021-11-15 20:00

Stock trading platform Robinhood has disclosed a data breach after their systems were hacked and a threat actor gained access to the personal information of approximately 7 million customers. The attack occurred on November 3rd after a threat actor called a customer support employee and used social engineering to obtain access to customer support systems. After accessing the support systems, the threat actor was able to access customer information, including full names, email addresses, and for a limited number of people, data of birth, and zip codes.


Costco Discloses Data Breach After Finding Credit Card Skimmer

Permalink - Posted on 2021-11-12 14:00

Costco discovered the breach after finding a payment card skimming device in one of its warehouses during a routine check conducted by Costco personnel. Costco added that individuals impacted by this incident might have had their payment information stolen if those who planted the card theft device were able to gain access to the info before the skimmer was found and removed. While the company didn't reveal the exact timeline of the incident, Costco customers have complained about unauthorized transactions on their payment cards since at least February.


Back-to-Back PlayStation 5 Hacks Hit on the Same Day

Permalink - Posted on 2021-11-12 14:00

A pair of PlayStation 5 breaches shows the consoles don’t have protection from attackers taking over its most basic functions. Both exploits were posted on Twitter on Nov. 7 without disclosure to Sony or specifics, but they nonetheless signal potential security problems to come for the gaming giant.


Booking.com Was Reportedly Hacked by a U.S. Intel Agency But Never Told Customers

Permalink - Posted on 2021-11-12 14:00

A hacker working for a US intelligence agency breached the servers of Booking.com in 2016 and stole user data related to the Middle East, according to a book published on Thursday. The book also says the online travel agency opted to keep the incident secret. Amsterdam-based Booking.com made the decision after calling in the Dutch intelligence service, known as AIVD, to investigate the data breach. On the advice of legal counsel, the company didn’t notify affected customers or the Dutch Data Protection Authority. The grounds: Booking.com wasn’t legally required to do so because no sensitive or financial information was accessed. IT specialists working for Booking.com told a different story, according to the book De Machine: In de ban van Booking.com (English translation: The Machine: Under the Spell of Booking.com). The book’s authors, three journalists at the Dutch national newspaper NRC, report that the internal name for the breach was the “PIN-leak,” because the breach involved stolen PINs from reservations. The book also said that the person behind the hack ​​accessed thousands of hotel reservations involving Middle Eastern countries including Saudi Arabia, Qatar, and the United Arab Emirates. The data disclosed involved names of Booking.com customers and their travel plans. Two months after the breach, US private investigators helped Booking.com’s security department determine that the hacker was an American who worked for a company that carried out assignments from US intelligence services. The authors never determined which agency was behind the intrusion.


Transavia Airline Fined for Weak Security Practices That Led to Data Breach

Permalink - Posted on 2021-11-12 14:00

The Dutch Data Protection Agency has levied a €400,000 ($455,000) fine today against Transavia, a Dutch airline that operates low-cost routes across Europe, for a security breach that allowed a hacker to steal the personal details of more than 83,000 passengers. The fine pertains to a security breach that Transavia publicly disclosed in February 2020.


Canada: Province Sued Over Privacy Breach Involving 9,000 Children

Permalink - Posted on 2021-11-12 14:00

A class-action lawsuit will proceed against the province after confidential information about nearly 9,000 children with disabilities was mistakenly sent to agencies that provide services to them and community advocates.


Ohio: SOMC Suffers from Cyber Attack

Permalink - Posted on 2021-11-12 14:00

Patients who had appointments at Southern Ohio Medical Center (SOMC) facilities Thursday received notice that their appointments were canceled due to an emergency. Rumors quickly started circulating that the hospital and its facilities we unable to access their computers or phone lines due to the computer system being down. It was later announced on the hospital’s social media platforms that the hospital’s computer servers had been hacked.


Phishing Attacks Grow 31.5% Over 2020, Social Media Attacks Continue to Climb

Permalink - Posted on 2021-11-11 15:00

Phishing remains the dominant attack vector for bad actors, growing 31.5 percent over 2020, according to a PhishLabs report. Notably, attacks in September 2021 were more than twice as high as the previous year. Social media attacks skyrocket in 2021: Since January, the average number of social media attacks per target climbed steadily, up 82 percent year-to-date; Vishing is increasing: Vishing incidents more than doubled in number for the second consecutive quarter, suggesting a shift in tactics as threat actors seek to evade email security controls; O365 users beware: In Q3, 51.6 percent of credential theft phishing attacks reported by corporate users targeted O365 logins; PII grows on the dark web, leveraging chat services: The sale of Personally Identifiable Information accounted for 12 percent of dark web threats and was primarily made up of threat actors marketing employee email addresses to black market buyers. In 56 percent of PII sales, chat-based services were used to market the data.


Brittany Ferries Admits to Leaks Caused by Routine Website Update

Permalink - Posted on 2021-11-11 15:00

It's never good when a boat operator talks of a breach, even if in this case it's a figurative one. Brittany Ferries has told some customers that an unforeseen technical glitch introduced after "routine" website maintenance had left their accounts wide open, potentially exposing very sensitive details to anyone who knew the linked email address. The operator, which runs ships from the UK to ports in Spain, France, and Ireland, contacted punters on Tuesday with the bad news about a "breach to our data that might have an impact on your My Account with Brittany Ferries."


Comic Book Distributor Struggling with Shipments After Ransomware Attack

Permalink - Posted on 2021-11-11 15:00

Major comic book company Diamond Comic Distributors is struggling to keep up with its planned shipments after being hit with a ransomware attack on Sunday. In a statement, the company said its planned shipments for Wednesday would be delayed about two to four days throughout the country due to the attack; reorders are expected to resume within the next 72 hours. The delays will also affect international retailers. The company said it was dealing with a ransomware attack affecting its order processing systems as well as its internal communications platforms.


Gmail Accounts Are Used in 91% of all Baiting Email Attacks

Permalink - Posted on 2021-11-11 15:00

Bait attacks are on the rise, and it appears that actors who distribute this special kind of phishing emails prefer to use Gmail accounts to conduct their attacks. According to a report by Barracuda, who surveyed 10,500 organizations, 35% of them received at least one bait attack email in September 2021 alone.


DDoS Attack on VoIP Provider Telnyx Impacts Global Telephone Services

Permalink - Posted on 2021-11-11 15:00

Telnyx confirmed that it sustained the increasing intensity of DDoS attacks twice in a day. “It is anticipated that the DDoS attacks will continue, but there is no way for us to predict it. Telnyx has not been in communication with the bad actors. There has not yet been a ransom request,” Telnyx said in a statement. Given the severity of the attack, Telnyx is moving its operations to Cloudflare Magic Transit to mitigate additional risks. The company warned that users might experience failed calls, API and portal latency/time outs, and/or delayed or failed messages until proper resolutions are made.


Hackers Undetected on Queensland Water Supplier Server for 9 Months

Permalink - Posted on 2021-11-11 15:00

Hackers stayed hidden for nine months on a server holding customer information for a Queensland water supplier, illustrating the need of better cyber defenses for critical infrastructure. The breach occurred between August 2020 and May 2021, and the actors managed to access a web server used to store customer information by the water supplier.


Canada: N.L. Patient, Employee Data Stolen in Healthcare Cyber Attack

Permalink - Posted on 2021-11-10 15:00

Hackers stole personal information connected to both patients and employees in the Eastern Health and Labrador-Grenfell Health regions of Newfoundland and Labrador's health-care system as part of a recent cyberattack, according to officials. The information was accessed through the province's Meditech data repository, which includes a patient information database as well as core communication tools, such as email. According to government officials, the breach includes basic information collected when a patient registers for an appointment — including names, birthdays, addresses, email addresses and phone numbers, medical care plan (MCP) numbers, the name of the person's family doctor, marital status and in- and out-patient times. The attackers were also able to access information connected to Eastern Health employees who worked within about the last 14 years and Labrador-Grenfell Health employees from about the last nine years.


Maxim Healthcare Group Notifies 65,000 Individuals About October 2020 Email Breach

Permalink - Posted on 2021-11-10 16:00

Columbia, MD-based Maxim Healthcare Group has started notifying 65,267 individuals about a historic breach of its email environment and the exposure of their protected health information. Maxim Healthcare Group, which includes Maxim Healthcare Services and Maxim Healthcare Staffing, said it identified suspicious activity in its email environment on or around December 4, 2020. Steps were taken to prevent further unauthorized access and an investigation was launched to determine the nature and scope of the breach. The investigation revealed unauthorized individuals had access to several employee email accounts between October 1, 2020, and December 4, 2020. A comprehensive review of those accounts revealed they contained a range of protected health information that was potentially accessed and exfiltrated. The forensic investigation was unable to determine which emails, if any, were accessed and exfiltrated.


Vulnerabilities Associated with Ransomware Increased 4.5% in Q3 2021

Permalink - Posted on 2021-11-10 16:00

Ransomware groups are continuing to grow in sophistication, boldness, and volume, with numbers up across the board since Q2 2021, a report by Ivanti, Cyber Security Works and Cyware reveals. This last quarter saw a 4.5% increase in CVEs associated with ransomware, a 4.5% increase in actively exploited and trending vulnerabilities, a 3.4% increase in ransomware families, and a 1.2% increase in older vulnerabilities tied to ransomware compared to Q2 2021. The analysis uncovered 12 new vulnerabilities tied to ransomware in Q3 2021, bringing the total number of vulnerabilities associated with ransomware to 278. Out of the 12 vulnerabilities newly associated with ransomware, five are capable of remote code execution attacks and two are capable of exploiting web applications and being manipulated to launch denial-of-service attacks. The report also revealed that ransomware groups are continuing to find and leverage zero-day vulnerabilities, even before the CVEs are added to the National Vulnerability Database and patches are released.


Average Ransomware Payment for U.S. Victims More Than $6 Million

Permalink - Posted on 2021-11-10 15:00

In the "State of Ransomware Readiness" study from Mimecast, researchers spoke with 742 cybersecurity professionals and found that 80% of them had been targeted with ransomware over the last two years. Of that 80%, 39% paid a ransom, with US victims paying an average of $6,312,190. Victims in Canada paid an average of $5,347,508 while those in the UK paid nearly $850,000. Victims in South Africa, Australia, and Germany all paid less than $250,000 on average. More than 40% of respondents did not pay any ransom, and another 13% were able to negotiate the initial ransom figure down. Of the 742 experts who spoke to Mimecast, more than half said the primary source of ransomware attacks came from phishing emails with ransomware attachments, and another 47% said they originated from "web security." Phishing emails that led to drive-by downloads were also a highly-cited source of ransomware infections. Less than half of respondents said they have file backups that they could use in the event of a ransomware attack, and almost 50% said they needed bigger budgets to update their data security systems.


ICS, OT Cybersecurity Incidents Cost Some U.S. Firms Over $100 Million

Permalink - Posted on 2021-11-10 15:00

A report published on Wednesday by the Ponemon Institute and industrial cybersecurity firm Dragos shows that the average cost of a security incident impacting industrial control systems (ICS) or other operational technology (OT) systems is roughly $3 million, and some companies reported costs of over $100 million. The report is based on data from a survey of 600 IT, IT security, and OT security practitioners conducted by the Ponemon Institute in the United States. Twenty-nine percent of respondents admitted that their organization was hit by ransomware in the past two years, and more than half of them said they had paid an average ransom of more than $500,000. Some organizations reported paying more than $2 million. Nearly two-thirds of respondents said they experienced an ICS/OT cybersecurity incident in the past two years. The most common causes were negligent insiders, a maintenance-related issue, or IT security incidents “overflowing” to the OT network due to poor segmentation between IT and OT.


Taiwan Government Faces 5 Million Cyber Attacks Daily

Permalink - Posted on 2021-11-10 15:00

Taiwan's government agencies face around five million cyberattacks and probes a day, an official said Wednesday, as a report warned of increasing Chinese cyber warfare targeting the self-ruled island. Taiwanese officials have previously said the island faces millions of cyberattacks every month, with around half of them believed to originate from China. Speaking in parliament, cyber security department director Chien Hung-wei said Taiwan's government network faces "five million attacks and scans a day". The ministry's information security and protection centre detected and handled around 1.4 billion "anomalies" from 2019 to August 2021 to prevent potential hacking, according to the report.


81% of Organizations Experienced Increased Cyber Threats During COVID-19

Permalink - Posted on 2021-11-09 15:00

More than four in five (81%) organizations experienced increased cyber-threats during the COVD-19 pandemic, according to a new study by McAfee and FireEye. The global survey of 1451 IT and line of business decision-makers found that close to half (43%) have suffered from downtime due to a cyber concern. This resulted in costs of $100,000 for some organizations. Despite the increased threat landscape and the fact that over half (57%) of organizations saw a rise in online/web activity, 24% of respondents revealed they have had their technology and security budgets reduced over this period.


DDoS Attack Cost Bandwidth.com Nearly $12 Million

Permalink - Posted on 2021-11-09 15:00

VoIP giant Bandwidth.com reported its third-quarter earnings on Monday, bringing in a revenue of $131 million. But the company noted in another release that a recent DDoS attack will end up costing them "between $9 million and $12 million" for the full fiscal year. The company filed a document with the SEC on October 26 explaining that the attack caused a "decrease of approximately $700,000 in third quarter 2021 revenue from lost transaction volume and customer credits."


DDoS Attacks Shatter Records in Q3

Permalink - Posted on 2021-11-09 15:00

The latest DDoS report for Q3 from Kaspersky details a record-breaking frenzy of recent activity by threat actors. The third quarter also ushered in two new DDoS attack vectors, the analysts found. During Q3, a team from the University of Maryland and the University of Colorado at Boulder figured out how to exploit TCP protocol to attack security devices like firewalls, deep packet inspection (DPI) tools and network address translators (NAT); often called “middleboxes” because of their position between the client and server.


Robinhood Trading Platform Data Breach Hits 7 Million Customers

Permalink - Posted on 2021-11-09 15:00

nvestor trading app company Robinhood Markets has confirmed a data breach that affects the personal information of about 7 million customers – roughly a third of its user base. A cyberattacker made off with emails and more, which could lead to follow-on attacks for Robinhood customers. The trading platform, which found itself in the middle of the infamous GameStop stock price run-up in January, acknowledged that the breach was a result of a system compromise that occurred on Nov. 3. The company said that the adversary was able to target an employee to gain access to sensitive company systems. After that, the perpetrator attempted to extort the company, demanding payment in return for not releasing the stolen data.


PHI of 320,000 Patients Potentially Compromised in EHR Vendor Hacking Incident

Permalink - Posted on 2021-11-08 16:00

QRS Inc, a Tennessee-based healthcare technology services company and provider of the Paradigm practice management and electronic health records (EHR) solution, has announced a data breach involving the protected health information (PHI) of almost 320,000 individuals. The cyberattack was detected on August 26, 2021, three days after a server was breached. The compromised server contained files that included PHI such as names, addresses, dates of birth, Social Security numbers, patient identification numbers, portal usernames, and medical treatment and diagnosis information.


Maxim Healthcare Notifies Patients of Breach That Occurred in October, 2020

Permalink - Posted on 2021-11-08 16:00

Maxim Healthcare became aware of unusual activity related to several employees’ email accounts. Investigation revealed that unauthorized access to some accounts had occurred between October 1, 2020 and December 4, 2020. The types of personal information that may have been accessible to an unauthorized actor include: name, address, date of birth, contact information, medical history, medical condition or treatment information, medical record number, diagnosis code, patient account number, Medicare/Medicaid number, and username/password. For a limited number of individuals, Social Security number may also have been accessible.


$55M Stolen from Crypto Company

Permalink - Posted on 2021-11-08 16:00

Cyber-criminals have siphoned an estimated $55m from decentralized finance (DeFi) lending protocol bZx. The crypto company said that the theft occurred on Friday after one of its developers was taken in by a phishing attack and unwittingly gave up the details of some private keys. The phishing email was sent to the victim’s personal computer with a malicious macro in a Word document that was disguised as a legitimate email attachment.


India: Data Breach at CDSL's KYC Arm Exposed 4.39 Million Files of Investors' Data Twice Within 10 Days

Permalink - Posted on 2021-11-08 16:00

A vulnerability at a CDSL subsidiary, CDSL Ventures Limited (CVL), has exposed personal and financial data of over 4 crore Indian investors twice in a period of 10 days, according to cyber security consultancy startup CyberX9. The Central Depository Services (India) Limited (CDSL) is a SEBI registered depository and CDSL Ventures Ltd is a KYC registering agency separately registered with the Securities and Exchange Board of India (SEBI).


1.8 TB of Police Helicopter Surveillance Footage Leaks Online

Permalink - Posted on 2021-11-08 16:00

Law Enforcement use of surveillance drones has proliferated across the United States in recent years, sparking backlash from privacy advocates. But newly leaked aerial surveillance footage from the Dallas Police Department in Texas and what appears to be Georgia's State Patrol underscore the breadth and sophistication of footage captured by another type of aerial police vehicle: helicopters. The transparency activist group Distributed Denial of Secrets, or DDoSecrets, posted a 1.8-terabyte trove of police helicopter footage to its website on Friday. DDoSecrets cofounder Emma Best says that her group doesn’t know the identity of the source who shared the data and that no affiliation or motivation for leaking the files was given. The source simply said that the two police departments were storing the data in unsecured cloud infrastructure.


80% of Organizations Experienced Employees Misusing and Abusing Access to Business Apps

Permalink - Posted on 2021-11-08 16:00

Organizations continue to operate with limited visibility into user activity and sessions associated with web applications, despite the ever-present risk of insider threats and credential theft, a CyberArk research reveals. According to the research, in 70 percent of organizations, the average end-user has access to more than 10 business applications, many of which contain high-value data – creating ample opportunity for a malicious actor. To that end, the top-three high-value applications that organizations were most concerned with protecting against unauthorized access were IT service management apps such as ServiceNow, cloud consoles such as Amazon Web Services, Azure and Google Cloud Platform and marketing and sales enablement applications such as Salesforce.


Electronics Retail Gant MediaMarkt Hit by Ransomware Attack

Permalink - Posted on 2021-11-08 16:00

Electronics retail giant MediaMarkt has suffered a ransomware attack causing IT systems to shut down and store operations to be disrupted in Netherlands and Germany. BleepingComputer has learned that the attack has affected numerous retail stores throughout Europe, primarily those in the Netherlands. While online sales continue to function as expected, cash registers cannot accept credit cards or print receipts at affected stores. The systems outage is also preventing returns due to the inability to lookup previous purchases.


Cyber Attack Hits Multiple Greek Shipping Firms

Permalink - Posted on 2021-11-05 17:00

Multiple Greek shipping companies have been hit by a ransomware attack that spread through the systems of a popular, well-established IT consulting firm, according to Greek outlet Mononews. Danaos Management Consultants, the IT service provider whose services were affected by the hack, confirmed the incident and. The company said that Danaos' own shipping operations have not been hit, and that fewer than 10 percent of its external customers had their files encrypted by the ransomware attack.


Australia: Hackers Gained Access to mySA Gov Accounts

Permalink - Posted on 2021-11-05 17:00

Yesterday afternoon, South Australia's Department for Infrastructure and Transport confirmed that mySA Gov accounts were compromised through a cyber attack. mySA Gov is the South Australian government's online platform and app that provides residents with single account access for the state's services, such as checking into a venue or completing transactions for vehicle registration. The department said hackers accessed these accounts as account holders used the same or a similar password for their mySA Gov account as they had used for their account with an unrelated website. The hackers then used the passwords they had obtained from the unrelated website to access a number of mySA GOV accounts. The department did not provide details about the unrelated website.


Nationwide Laboratory Services Ransomware Attack Affects 33,000 Patients

Permalink - Posted on 2021-11-05 17:00

Boca Raton, FL-based Nationwide Laboratory Services, which was acquired by Quest Diagnostics in the summer, was the victim of a ransomware attack earlier this year. Nationwide Laboratory Services detected a breach of its systems on May 19, 2021, when ransomware was used to encrypt files across its network and prevent files from being accessed. Steps were immediately taken to contain the attack and a third-party cybersecurity firm was engaged to assist with the investigation and remediation efforts. The forensic investigation confirmed on August 31, 2021, that the attackers gained access to parts of its network where patients’ protected health information was stored, and potentially accessed information such as names, dates of birth, lab test results, medical record numbers, Medicare numbers, and health insurance information. A subset of the individuals affected had their Social Security numbers exposed. The types of information exposed in the attack varied from patient to patient.


U.S. Defense Contractor 'Electronic Warfare' Hit by Data Breach

Permalink - Posted on 2021-11-05 17:00

US defense contractor Electronic Warfare Associates (EWA) has disclosed a data breach after threat actors hacked their email system and stole files containing personal information. The company claims the breach's impact was limited but confirmed that the threat actor managed to exfiltrate files containing sensitive information. As detailed in a notice to the Montana Attorney General's office, EWA discovered that a threat actor took over one of their email accounts on August 2, 2021. The firm noticed the infiltration when the hacker attempted wire fraud, which appears to be the primary goal of the actor. Based on the investigation that followed, it was discovered that names, social security numbers (SSNs), and the driver's license of the notice recipients were also stolen. As such, the wire fraud attempt may have been a distraction, which is entirely plausible for sophisticated actors who are interested in targeting highly-sensitive firms of this type. It is unclear if the stolen information affects only the company's employees and whether or not technical documents have also been stolen during the incident.


PHI of 45,262 Desert Pain Institute Patients Potentially Compromised in Cyber Attack

Permalink - Posted on 2021-11-04 16:00

Baywood Medical Associates, doing business as Desert Pain Institute (DPI) in Mesa, AZ, has discovered unauthorized individuals gained access to parts of its computer network that contained the protected health information of patients. A review of the files on systems accessible to the hackers releveled the following information may have been viewed or exfiltrated: Full names, addresses, dates of birth, Social Security numbers, tax identification numbers, driver’s license/state-issued identification card numbers, military identification numbers, financial account numbers, medical information, and health insurance policy number. The types of data potentially compromised varied from patient to patient.


Jukin Media Hacked and Data Dumped

Permalink - Posted on 2021-11-04 16:00

On Wednesday, Jukin Media posted a notice on its site requiring users to reset their passwords. They said the reset was due to a “security upgrade.” Then later yesterday, it became clear that there had definitely been a security incident when a thread appeared on a popular forum dumping Jukin data for a nominal fee of 8 tokens. The fact that Jukin Media knew they were being attacked makes their “Security Upgrade” notice seem even more deceptive. Why didn’t they tell users that they knew they had been attacked and were requiring a password reset in response? And why haven’t they said anything publicly since yesterday’s leak? DataBreaches.net was able to submit a press inquiry today to Jukin Media through their web site, but no reply has been received as of the time of publication.


Cyber Attack Knocks Ohio County Library Computers Offline

Permalink - Posted on 2021-11-04 16:00

A cybersecurity incident has knocked out the Toledo Lucas County Public Library website and computer systems for the second day in a row, and officials are unsure when service might be restored. Stephanie Elton, the library's assistant manager of communications, innovation and strategy, said the service outage happened because of a "targeted cybersecurity incident, which remains under investigation by forensic experts." It is yet unknown how long it would take to resolve the issue and restore the network, she said.


State Probing LGBTQ Atraf Website for Faulty Cyber Defenses

Permalink - Posted on 2021-11-03 16:00

The Authority for the Defense of Privacy announced on Wednesday that it is probing the Atraf website for LGBTQ dating for faulty cyberdefenses that may have led to its recently being hacked. If the probe leads to real consequences, it could prove to be a game-changer in the cyber arena in motivating companies to take stronger measures regarding cyberdefense. Last weekend, Black Shadow announced its hack of Cyberserve, which hosted Atraf, and the hackers have been exposing personal information of lesbian, gay, bisexual transgender and queer clients of the website in waves during the course of this week, threatening to disclose more until they are paid a ransom. The authority said it is no coincidence that the website has been down since the hacking and that it may remain down indefinitely due to the website owner’s lack of cyber protections of their clients’ personal data. In addition, the authority noted other state agencies’ efforts to block search engines and social media sites from being able to display the personal information, warning that anyone who displays such information could be themselves guilty of a crime.


Moses Staff Hackers Strike Again, Attack Israeli Engineering Companies

Permalink - Posted on 2021-11-03 16:00

A hacker group called Moses Staff claimed on Tuesday that it had successfully conducted a cyberattack on three Israeli engineering companies, less than two weeks after it leaked files it claimed to have obtained in an attack on the Defense Ministry. The group announced on Tuesday that it had targeted Ehud Leviathan Engineering, David Engineers and HGM Engineering in its latest attack. The data leaked from the three companies include projects, maps, contracts, pictures, letters and videoconferencing images. Moses Staff stated that the information it had leaked did not include everything that they had obtained and they would gradually release the rest.


Medical School Exposes Personal Data of Thousands of Students

Permalink - Posted on 2021-11-03 16:00

A US medical training school exposed the personally identifiable information (PII) of thousands of students. On Wednesday, vpnMentor published a report on the security incident, in which an unsecured bucket was left exposed online. The server, which did not have authentication controls in place and was, therefore, accessible by anyone to view, contained 157GB of data, or just under an estimated 200,000 files. After discovering the open system, the researchers traced the owner as Phlebotomy Training Specialists. The LA-based organization offers phlebotomy certification and courses in states including Arizona, Michigan, Texas, Utah, and California.] According to vpnMentor, the records contained within were backed up from September 2020, but some were created before this time. The unsecured Amazon S3 bucket contained a variety of PII including ID card and driver license copies, as well as CVs, revealing names, dates of birth, genders, photos of students, home addresses, phone numbers, email addresses, and both professional and educational summaries. In addition, over 27,000 tracking forms were found that in some cases contained the last four digits of Social Security numbers, as well as student transcripts and training certificate scans.


Negligent Schools Continue to Cover-up Cyber Attacks; Withholding Cost of Damages from Public

Permalink - Posted on 2021-11-03 16:00

The Daily Dot submitted public records requests to 15 school districts across the country that were hit by recent cyberattacks, including the one in Fairfax. But after over a month of negotiations, only six districts have agreed to disclose how much they paid to recover from the attacks. Three districts have claimed statutory exemptions to withhold all or nearly all their records, and the rest aside from Fairfax have provided nothing more than an acknowledgment of the Daily Dot’s request. More than 830 schools have been hit by ransomware this year, according to the cybersecurity firm Emsisoft, and the FBI warns that these attacks are on the rise. From the rural Deep South to the suburbs of Los Angeles, hackers are hitting school districts across the country indiscriminately. But the numbers could be much higher because there’s no nationwide requirement that schools report ransomware attacks. Most states don’t have reporting requirements either, and the ones that do don’t enforce the mandates or won’t release the information, research by the cybersecurity firm Recorded Future shows.


Cyber Attacks Reported by Family of Woodstock and Viverant

Permalink - Posted on 2021-11-03 16:00

Family of Woodstock (FOW), a New York provider of crisis intervention, information, prevention, and support services, has suffered a cyberattack in which the protected health information of 8,214 individuals was potentially compromised. The cyberattack was detected on August 3, 2021, and rapid steps were taken to eject the attackers from its network and restore its systems and operations. Third-party forensic investigators were engaged to determine the nature and scope of the breach, with the initial phase of the investigation concluding on September 11, 2021.


Britian: ICO Collects Just 26% of Value of Fines Since 2020

Permalink - Posted on 2021-11-03 16:00

The UK’s data protection and privacy regulator is getting worse at collecting the fines it hands out to penalize erring companies, according to new data from TheSMSWorks. The SMS API provider has been tracking the progress of the Information Commissioner’s Office (ICO) in such matters since 2018. Unfortunately, it revealed that just a quarter (26%) of the monetary value of fines it issued from January 2020 to September 2021 had been paid, down from 32% during the last report period (January 2019-August 2020). That means, out of the 47 individual fines during the current period, amounting to £7m, just 19 had been successfully collected, at a value of only £1.8m. This excludes the sizeable GDPR penalties for British Airways (£20m) and Marriott International (£18.4m). These companies have reportedly agreed to pay their fines in annual installments. The news comes despite legislation that effectively makes company directors responsible for paying fines. In the past, many would declare bankruptcy to avoid the fine. According to TheSMSWorks, many directors simply refuse to pay or initiate a slow and unwieldy appeals process. It claimed that Eldon Insurance, fined £60,000 for email spam in February 2019, still has an unresolved appeal being processed. Another company, MyIML Ltd, has reportedly not yet fully paid its £80,000 nuisance call fine six years after it was issued. Over £1m in unpaid fines are said to be currently under appeal.


Annual Cost of Child Identity Fraud Almost $1 Billion

Permalink - Posted on 2021-11-03 16:00

New research published today by Javelin Strategy & Research puts the annual cost of child identity theft and fraud in the United States at nearly $1bn. The 2021 Child Identity Fraud study authored by Tracy Kitten, director of fraud & security at Javelin Strategy & Research, analyzed factors that put children at the highest risk of identity theft and fraud. Risk factors examined for the research included behaviors, characteristics, and social media platforms.The study found that children who use Twitch (31%), Twitter (30%), and Facebook (25%) were most likely to have their personal information exposed in a data breach. Another key finding was that more than 1.25 million children in the United States became victims of identity theft and fraud in the past year. Resolving the situation cost the average family more than $1,100 and was a slow process. Chillingly, the report revealed that over half of all child identity theft and fraud cases involve children ages nine and younger and that most (70%) victims know their perpetrators.


Mobile Phishing Attacks Targeting Energy Sector Surge by 161%

Permalink - Posted on 2021-11-03 16:00

Mobile phishing attacks targeting employees in the energy industry have risen by 161% compared to last year's (H2 2020) data, and the trend is showing no signs of slowing down. Mobile phishing also surged in the first half of 2021, with nearly 20% of all employees in the energy sector being targeted in mobile phishing attacks. According to the report from Lookout, the most significant attack surface stems from 56% of Android users running out-of-date and vulnerable versions of the OS.


Canada: Toronto Subways Hit by Ransomware

Permalink - Posted on 2021-11-02 14:00

The Toronto Transit Commission (TTC) -- which runs the city's public transportation system -- reported a ransomware attack this weekend that forced conductors to use radio, crippled the organization's email system and made schedule information on platforms and apps unavailable. In a statement on Friday, the TTC said it confirmed it was the victim of a ransomware attack after its IT staff "detected unusual network activity and began investigating."


42% of Healthcare Organizations Have Not Developed an Incident Response Plan

Permalink - Posted on 2021-11-02 14:00

Hacks, ransomware attacks, and other IT security incidents account for the majority of data breaches reported to the Department of Health and Human Services’ Office for Civil Rights, but data breaches involving physical records are also commonplace. According to the Verizon Data Breach Investigations Report, disclosed physical records accounted for 43% of all breaches in 2021, which highlights the need for data security measures to be implemented covering all forms of data. The survey revealed 22% of data breaches were the result of errors by employees. The biggest barriers to employees following information security policies and procedures were a lack of understanding of the threats and risks (49%), lack of accessibility or understanding of policies (41%), and a lack of consistent training and security awareness programs (10%).


40% of Organizations Suffered a Cloud-Based Data Breach in the Past 12 Months

Permalink - Posted on 2021-11-02 14:00

Despite increasing cyberattacks targeting data in the cloud, 83% of businesses are still failing to encrypt half of the sensitive data they store in the cloud, raising even greater concerns as to the impact cyber criminals can have. 40% of organizations have experienced a cloud-based data breach in the past 12 months, according to a study conducted by 451 Research. According to the study, 21% of businesses host the majority of their sensitive data in the cloud, while 40% reported a breach in the last year. There are some common trends as to where companies turn when considering how to secure their cloud infrastructure, with 33% reporting multi-factor authentication (MFA) as being a central part of their cybersecurity strategy. However, only 17% of those surveyed have encrypted more than half of the data they store in the cloud. This figure drops to 15% where organizations have adopted a multicloud approach. Even where businesses protect their data with encryption, 34% of organizations leave the control of keys to service providers rather than retaining control themselves. Where large numbers of organizations fail to protect their data sufficiently with encryption, limiting potential access points becomes even more critical. However, 48% of business leaders globally admitted their organization does not have a zero trust strategy, and 25% aren’t even considering one.


Ransomware Attack Targets Las Vegas Cancer Center Patients' Personal Information

Permalink - Posted on 2021-11-02 14:00

Current and former patients of the Las Vegas Cancer Center may have had their personal information exposed to bad actors after a ransomware attack, the center announced in a press release on Monday. LVCC administrators confirmed hackers accessed encrypted data on the center's server over Labor Day weekend and stated the security breach was discovered on Sept. 7 when staff returned after the holiday. Though LVCC’s server and computers are protected by a firewall and multiple malware defense systems, hackers may have been able to access patient names, addresses, dates of birth, social security numbers, medical records and insurance information as a result of the breach, according to the center. However, LVCC claims all patient data was stored in a proprietary format and was likely not usable by hackers.


More than 650,000 Patients of Community Medical Centers Notified About Hacking Incident

Permalink - Posted on 2021-11-01 16:00

The protected health information of more than 650,000 patients of Community Medical Centers (CMC) in California has potentially been obtained by hackers. CMC is a not-for-profit network of community health centers that serve patients in the San Joaquin, Solano, and Yolo counties in Northern California. CMC identified suspicious activity in its computer systems on October 10, 2021, and shut down its systems to prevent further unauthorized access. An investigation was launched to determine the nature and scope of the breach, with assistance provided by third-party cybersecurity experts. The forensic investigation confirmed that unauthorized individuals had gained access to parts of its network where protected health information was stored, including first and last names, mailing addresses, dates of birth, Social Security numbers, demographic information, and medical information.


Healthcare System Phishing Breach Affects 209,000

Permalink - Posted on 2021-11-01 16:00

UMass Memorial Health in its notification statement says that it determined on Jan. 27 that some employees’ email accounts may have been accessed by an unauthorized person. On Aug. 25, the healthcare entity completed the process of identifying individuals with information contained in the accounts, the statement says. For affected patients, the information involved included names, dates of birth, medical record numbers, health insurance information and clinical or treatment information, such as dates of service, provider names, diagnoses, procedure information and/or prescription information, UMass Memorial Health says. For affected health plan participants, the information involved included names, subscriber ID numbers and benefits election information. For some individuals, a Social Security number and/or driver’s license number was also involved, the statement says.


'Black Shadow' Hackers Leak Data from Israeli LGBT App

Permalink - Posted on 2021-11-01 15:00

The hacker group "Black Shadow" has leaked data from various Israeli companies, such as LGBTQ dating app "Atraf", Dan bus company and tour booking company Pegasus on Saturday night. On Friday, the group announced that they had hacked into the servers of the Israeli Internet company Cyberserve, promptly turning them off and threatening to leak data. It remains unclear if Cyberserve plans to pay Black Shadow’s desired ransom or how the hacker group plans to publicly leak the data.


Canadian Province Healthcare System Disrupted by Cyber Attack

Permalink - Posted on 2021-11-01 15:00

The Canadian provinces of Newfoundland and Labrador have suffered a cyberattack that has led to severe disruption to healthcare providers and hospitals. The attack took place on October 30th, causing regional health systems to shut down their networks and cancel thousands of medical appointments. This outage affected health systems in Central Health, Eastern Health, Western Health, and the Labrador-Grenfell Regional Health authorities. The IT outage also affected communications in the region, with people reporting an inability to reach the health care centers or 911 via phone.


Unauthorized Account Openings Increased by 21% in the Last 12 Months

Permalink - Posted on 2021-10-29 15:00

Fifty-eight million consumers had a new account opened without their authorization in the last 12 months, a 21% increase compared to 2020, yet less than half of Americans know how to protect their data and identities. Given the heavy reliance on smartphones, with 64% using their mobile phone to sign up for new service, the safety and security of the mobile channel is of critical importance to consumers and companies alike. Twenty-four percent of consumers report that their mobile devices have been compromised since the pandemic began. Consumer concern about smartphone malware attacks has increased 34% year-over-year and nearly half believe their mobile device is more vulnerable than their personal computer.


Data Breach at University of Colorado Confirmed

Permalink - Posted on 2021-10-29 15:00

An American university is notifying thousands of former and current students that their personal information may have been compromised during a recent data breach. In a security notice issued October 25, the University of Colorado Boulder (CU Boulder) attributed the breach to an unpatched vulnerability in software provided by a third-party vendor, Atlassian Corporation Plc. Some files stored in the impacted program contained personally identifiable information (PII) for current and former CU Boulder students. Included in that information were names, student ID numbers, addresses, dates of birth, phone numbers, and genders.


Security Breaches Reported by Lavaca Medical Center and Throckmorten County Memorial Hospital

Permalink - Posted on 2021-10-29 15:00

Lavaca Medical Center, a critical access hospital in Hallettsville, TX, has started notifying 48,705 patients about a security breach in which their protected health information was exposed. Lavaca Medical Center said unusual activity was detected in its computer network on August 22, 2021, indicating a potential cyberattack. Steps were immediately taken to secure its network and a third-party computer forensics firm was engaged to assist with the investigation. The forensic investigators confirmed unauthorized individuals had access to the network between August 17 and August 21.


Ransomware Attack Hits Papua New Guinea's Finance Ministry

Permalink - Posted on 2021-10-29 15:00

Ransomware infiltrated and compromised a core server at the department of finance last week, hampering the government's access to foreign aid, its ability to pay cheques and carry out other basic functions in the midst of a spiralling Covid-19 surge. The attack took place in the middle of the night on October 22.


Massachusetts Health Network Hacked; Patient Information Exposed

Permalink - Posted on 2021-10-29 15:00

UMass Memorial Health notified patients earlier this month if their information was involved in the breach, which occurred between June 2020 and January. The personal data included Social Security numbers, insurance information and medical information, The Telegram & Gazette reported Thursday. More than 200,000 patients and health plan participants could have been affected by the breach, according to a federal database of cybersecurity incidents at medical facilities. The hospital says it has investigated the incident but couldn’t determine how much of the personal information may have been stolen.


S. Korea: Facebook Recommended to Pay 300,000 Won Compensation per Victim Over Personal Data Breach

Permalink - Posted on 2021-10-29 15:00

The state watchdog on personal information protection on Friday recommended the operator of Facebook to pay 300,000 won (US$256.70) in compensation to each of 181 users demanding damages for the provision of their personal information to third parties without consent. The recommendation to Meta Platforms, Inc. was made by the Personal Information Protection Commission (PIPC)'s dispute mediation panel in charge of settling a dispute between the operator and Korean users of Facebook over the platform's breach of users' personal data. The state watchdog in November concluded that Facebook passed personal data of at least 3.3 million of its total 18 million Korean users to third parties without the users' consent between May 2012 and June 2018. The leaked data included the lists of the users' Facebook friends. The global platform giant was fined 6.7 billion won for the privacy law violations at that time.


Private Proof-of-Vaccine App Portpass Continues to Expose Personal Data Even After Relaunch and Updates

Permalink - Posted on 2021-10-29 15:00

Personal information belonging to more than 17,000 users of the private proof-of-vaccination app Portpass is still unsecured and visible online — including, in some cases, photos of drivers' licences and passports — despite assurances from the company that its data-security problems have been fixed. The Calgary-based smartphone app was temporarily taken offline in late September after CBC News initially reported that users' data was unsecured and accessible on the internet to anyone who knew where to look. The app relaunched in October and the Portpass website assured users that it protects their "health privacy and data security at the highest level" and that "your data and information is kept secure at all times." But several experts in software development have since reached out to CBC News with concerns that users' data was still accessible.


PHI Removed in Practice Management Firm's Ransomware Attack

Permalink - Posted on 2021-10-29 15:00

A ransomware attack on a medical practice management services firm that included the "removal" of files containing patient information is among the latest security incidents involving similar third-party vendors. Arizona-based PracticeMax, in sample breach notification letters being sent this month to certain members of coordination of care health plan clients Humana, Anthem and DaVita Inc., says its protected health information was affected by a ransomware attack that began on April 12 and ended on May 5. PracticeMax says it regained access to its systems on May 6, and determined that one server containing protected health information had been accessed and "certain files" had been removed. The affected individuals are all members of VillageHealth, a care coordination program for patients with chronic conditions that is run by DaVita Inc. and offered through health plans including Anthem and Humana.


Luxury Hotel Chain in Thailand Reports Data Breach

Permalink - Posted on 2021-10-29 15:00

A luxury hotel chain in Thailand is reporting a data breach thanks to a notorious group of cybercriminals who have been behind a spate of attacks in recent weeks. Thirayuth Chirathivat, CEO of Centara Hotels & Resorts, said in a statement that on October 14, they were "made aware" of a cyberattack on the hotel chain's network. An investigation confirmed that cyberattackers had in fact breached their system and accessed the data of some customers. The data accessed includes names, booking information, phone numbers, email addresses, home addresses and photos of IDs. The company did not say if the IDs accessed included passports, which are often asked for by hotels like Centara Hotels & Resorts.


Location Data Collection Firm Admits Privacy Breach

Permalink - Posted on 2021-10-29 15:00

A British firm which sells people's location data has admitted that some of its information was gained without seeking permission from users. Huq uses location data from apps on people's phones, and sells it on to clients, which include dozens of English and Scottish city councils. It told the BBC that in two cases, its app partners had not asked for consent from users. Kaibits Software, which developed one of the apps in question. admitted that there had been "problems with the permissions" but they were now resolved. The second app developer did not respond. Huq did not rule out the possibility that other apps may have failed to ask for proper consent. "It is possible that we or our partners may uncover future technical issues, but what's important is how quickly we act and how seriously we take the issue," the firm told the BBC.


Ransomware Has Disrupted Almost 1,000 Schools in the U.S. This Year

Permalink - Posted on 2021-10-29 15:00

Brett Callow, a researcher at Emsisoft shared the list with Motherboard. It includes 73 school districts, comprising 985 schools. Callow said that it’s very likely there’s some schools that are missing from the list, meaning the total number of victims is likely higher than 1,000. The list includes schools such as the Mesquite Independent School District in Texas, which comprises 49 different schools; the Haverhill Public Schools in Massachusetts, which comprises 16 schools; and the Visalia Unified School District in California, which comprises 41 schools.


Ransomware Soars 148% to Record-Breaking Levels in 2021

Permalink - Posted on 2021-10-28 15:00

The volume of ransomware attacks over the first three quarters of 2021 reached 470 million, a 148% increase on the same period last year, making 2021 already the worst year on record, according to SonicWall. The security vendor scrutinized attempts to compromise its global customers over the period and found that each company recorded 1,748 ransomware attacks in the year-to-date (YTD). That’s reportedly nearly 10 per business day. Q3 2021 saw the most significant volume of ransomware attacks recorded by the vendor – at 190.4 million. It nearly tops the 195.7 million attempts logged in the first three quarters of 2020. SonicWall predicted that by the end of 2021, the ransomware total would be near 714 million, which would be a 134% year-on-year increase.


Small Businesses Pay Up to $1 Million to Recover from Breaches

Permalink - Posted on 2021-10-28 15:00

Over half (58%) of US small businesses have suffered a security or data breach, with most paying hundreds of thousands of dollars to cover the costs, according to a new study from the Identity Theft Resource Center (ITRC). According to the US Small Business Administration, there are nearly 32 million businesses with fewer than 500 employees. To find out more about how they’re impacted by cyber-attacks, the ITRC polled 417 small business owners. The non-profit’s 2021 Business Aftermath Report revealed that many suffer a serious business impact from breaches. Of those hit by a breach, three-quarters experienced at least two, and a third said they had suffered at least three incidents. Over two-fifths (44%) spent $250,000-$500,000 to cover the costs of the breach, while 16% said they were forced to fork out between $500,000-$1m. Unsurprisingly, over a third (36%) admitted that this outlay put their business into debt, while a similar number (34%) said they had to dip into cash reserves to bail themselves out. A further 15% were forced to reduce headcount as a result. The majority of respondents said it took them several years to recover from a breach.


India's Supreme Court Orders Pegasus Probe

Permalink - Posted on 2021-10-28 15:00

India's Supreme Court has ordered an investigation to determine whether Prime Minister Narendra Modi’s administration used spyware to illegally surveil opposition leaders, journalists, activists, tycoons, and judges. In July, India’s main opposition Congress Party accused Modi of “treason” after the cell phone numbers of several Indian journalists, activists, and an opposition election strategist were included in a data leak of numbers believed to be of interest to clients of the Israel-based NSO Group Ltd., maker of the Pegasus spyware. Lawyer Tushar Mehta, representing the government, said in earlier hearings that any software used by Modi's administration to "combat terrorism" could not be publicly named for security reasons. Mehta also denied that any illegal espionage had taken place. The Supreme Court accepted petitions to launch an independent investigation after the government offered “no specific denial” that it had used Pegasus software to spy on Indian citizens but instead offered to create an in-house committee to investigate the allegations. In the Supreme Court order, which was issued earlier today, Chief Justice N.V. Ramana said that the alleged use of Pegasus Software by the Indian government to surveil its citizens “raises an Orwellian concern,” and that the court was compelled to seek the truth in a matter in which citizens’ rights to privacy and free speech may have been violated.


Medical AI Database Containing More Than 800 Million Records Exposed Online

Permalink - Posted on 2021-10-28 15:00

An unsecured database belonging to the American medical AI platform provider Deep6.ai has been identified by security researcher Jeremiah Fowler and Website Planet. The database contained more than 800 million records of patients and physicians and could be accessed over the Internet by anyone without requiring a password. The database contained 68.53 GB of data and included 886,521,320 records, most of which related to individuals in the United States. While some of the information was encrypted, physician notes and physician information were in plain text and could be viewed by anyone.


PHI of Employees Potentially Compromised in Tech Etch Ransomware Attack

Permalink - Posted on 2021-10-28 15:00

Tech Etch, a Plymouth, MA-based manufacturer of precision-engineered thin metal components, flexible printed circuits, and EMI/RFI shielding, has announced it was the victim of a ransomware attack in which the personal and protected health information of current and former employees was potentially compromised.


Seneca Family of Agencies Discloses Breach Personal and Medical Data

Permalink - Posted on 2021-10-28 15:00

In a October 22 notice of the breach on their web site, SFA writes that they discovered an unauthorized individual had access to parts of their network between August 25 and August 27. DataBreaches.net has reached out to them to get more details such as the number of individuals notified and whether there was any ransom demand.


Non-Profit Samaritan Daytop Village Discloses Breach

Permalink - Posted on 2021-10-28 15:00

Samaritan Daytop Village, Inc. has disclosed a breach that they first discovered on September 22. The not-for-profit, which started 60 years ago as an outpatient drug treatment services provider but expanded its scope, reports that they could not be sure whether data was actually viewed, exfiltrated, neither, or both. It is all still under investigation.


Washington County School District Looks into Possible Ransomware Attack

Permalink - Posted on 2021-10-28 15:00

It’s still unclear whether personal student information was stolen during a system hack. The superintendent of the Washington Central Unified Union School District says in a letter Wednesday that its information systems were compromised. Interim Superintendent Jen Miller-Arsenault sent out a letter to families saying the district’s systems have been compromised as a result of a suspected, but unconfirmed ransomware attack.


Blue Shield of California Insurance Broker Victim of Ransomware Attack

Permalink - Posted on 2021-10-28 15:00

Blue Shield of California has disclosed that a ransomware attack on an insurance broker, Team Alvarez Insurance Services, has impacted 2,858 Blue Shield members’ information including names and one or more of the following: health insurance information, health plan member ID number, date of birth, email addresses, phone numbers and physical addresses. The ransomware attack was detected on August 25, 2021.


New York Law Firms Admits to Data Breach

Permalink - Posted on 2021-10-28 15:00

Coughlin & Cerhart (C&G) law firm in New York experienced a security breach in early April. It is not clear from their press release whether this was a ransomware attack or not, and DataBreaches.net has reached out to them to ask for clarification on the nature of the attack.


Netherlands: Cyber Attack Paralyzes Eberspaecher

Permalink - Posted on 2021-10-28 15:00

Hackers paralyzed the international automotive supplier Eberspächer with a major cyber attack on Sunday morning. The website is also down.


HTTPS Threats Grow More Than 314% Through 2021

Permalink - Posted on 2021-10-28 15:00

Cybersecurity firm Zscaler has released their latest State of Encrypted Attacks Report, highlighting the growth in HTTPS threats since January as well as other attacks facing tech companies and retailers. The report found that HTTPS threats have increased by more than 314% while attacks on tech companies grew by 2,300% and retail companies saw an 800% increase in attacks. According to the report, the tech industry accounted for 50% of all attacks they tracked. Instances of malware were up 212% in the report and phishing rose by 90%. The report tracks more than 20 billion threats blocked over HTTPS and analyzes about 190 billion daily transactions through its Zero Trust Exchange that took place from January to September. From there, the Zscaler ThreatlabZ research team goes through the data to compile the report.


Sensitive Data of 400,000 German Students Exposed by API Flaw

Permalink - Posted on 2021-10-28 15:00

Approximately 400,000 users of Scoolio, a student community app widely used in Germany, had sensitive information exposed due to an API flaw in the platform. Lilith Wittmann, a security researcher from the IT security collective “Zerforchung” discovered the bug and immediately disclosed their findings to the Scoolio team. Zerforchung states that they disclosed the flaw to Scoolio on September 21, 2021, but it took the software developer until October 25, 2021 to deploy a patch.


FBI Raids Chinese POS Business Following Cyber Attack Caims

Permalink - Posted on 2021-10-27 15:00

The FBI has raided the Jacksonville warehouse of a Chinese point of sale (POS) terminal vendor after reports that the terminals were being used as part of a network distributing malware. The company in question, PAX Technology, is based in Shenzhen, China. FBI agents executed a court-authorized search at the firm’s warehouse in Jacksonville, Florida.


Schreiber Foods Hit with Cyber Attack; Dairy Plants Closed

Permalink - Posted on 2021-10-27 15:00

Milk distribution was in disarray in Wisconsin this week as one of the state’s larger milk processors, Schreiber Foods, was victimized by hackers demanding a rumored $2.5 million ransom to unlock their computer systems. Wisconsin milk handlers and haulers reported getting calls from Schreiber on Saturday (Oct. 23) saying that the company’s computer systems were down and that their plants couldn’t take the milk that had been contracted to go there. Haulers and schedulers were forced to find alternate homes for milk. As of Tuesday’s Wisconsin State Farmer deadline there had not yet been reports of milk having to be dumped. Calls to Schreiber Foods were not immediately returned.


Cyber Attack Hits U.K. Internet Phone Providers

Permalink - Posted on 2021-10-27 15:00

In a statement, Comms Council UK said that the DDoS attacks on British VoIP firms have occurred during the past four weeks and "appear to be part of a co-ordinated extortion-focused international campaign by professional cyber-criminals". A Comms Council UK spokesman told the BBC that he was unable to specify how many firms were affected and added that he would describe the scale of the attack as "unprecedented".


Californiaa: Woodlake Unified District Student and Personnel Data Dumped After Ransomware Incident

Permalink - Posted on 2021-10-26 14:00

Woodlake Unified District in California includes Castle Rock Elementary, Francis J. White Learning Center, Woodlake Educational Options Program, Woodlake Union High School, and Woodlake Valley Middle School. On April 11, the district took to Facebook to alert the community to a ransomware incident that occurred on April 9. For months, the breach did not show up anywhere, but on September 13, Pysa threat actors added it to their leak site, noting the incident as April 8. As they tend to do, Pysa dumped a lot of data. In this case, the data dump seemingly should have contained 77 parts that included more than 16 GB of files, compressed. Some parts seem to have been omitted from the dump, however, raising questions and concerns as to what might be in the parts that were not dumped. The files that were dumped contained a lot of personal and sensitive information of students and employees. The following sections describe just some of what DataBreaches.net found in plain text files available to anyone and everyone.


Central Restaurants Group in Thailand Hit by Desorden Cyber Gang

Permalink - Posted on 2021-10-26 14:00

The Desorden threat actors have been busy, it seems, as they have announced an attack on Central Restaurants Group (CRG) in Thailand. The attack, with proof of claim, was posted on a popular hacking forum and sent to DataBreaches.net. The proof of claim files included membership card details of Mister Donut, employee details, daily sales records of what they describe as thousands of restaurant outlets, and vendor purchase order details.


Colorado: Nearly 30,000 Former and Current CU Boulder Students' Personal Information Hacked

Permalink - Posted on 2021-10-26 14:00

The University of Colorado Boulder is sending emails to roughly 30,000 former and current students that have been impacted by a data breach, according to a release from the university. The university said the third-party software, provided by Atlassian, had a vulnerability that impacted a program used by the Office of Information Security. The office did an analysis that showed some data was accessed by a hacker. The personal information included names, student ID numbers, addresses, dates of birth, phone numbers and genders.


Canada: Government Data Breach Exposes Afghans to More Danger

Permalink - Posted on 2021-10-26 14:00

The names of several hundred vulnerable Afghans seeking refuge from the Taliban were recently leaked in emails sent in error by Immigration, Refugees and Citizenship Canada (IRCC), CBC News has learned. The Afghans in question fear reprisals from the Taliban, who took over the country in August. Some are in hiding because of past roles in the Afghan government, armed forces, judiciary, or as human rights or women's rights activists. One email seen by CBC News listed 200 names. Not only did names and emails appear but also, in some cases, faces could be seen. The risks of such a release are serious. It would only be necessary for the Taliban to see a single copy of the email to obtain all 200 names.


Majority of U.S. Business Executives Have Been Targeted by Malicious Cyber Actions

Permalink - Posted on 2021-10-26 14:00

A new survey suggests the majority of US executives have encountered a cybersecurity incident but this has not translated into the creation of incident response plans. On Tuesday, Deloitte published the results of a new survey, taking place between June 6 and August 24, 2021, which includes the responses of 577 C-suite executives worldwide (159 in the US) on today's cybersecurity threats. The research -- including insight from those in CEO, CISO, and other leadership roles -- suggests that nearly all US executives have come across at least one cybersecurity event over the past year, 98%, in comparison to 84% internationally. According to Deloitte's research, 86% of US executives have noticed an uptick in attack attempts, a higher climb than that experienced by 63% of leadership worldwide. Despite the ongoing risk of cyberattacks, US enterprise firms are not up to par when it comes to implementing defense and incident response initiatives. In total, 14% of US executives have no such plans, in comparison to 6% of non-US executives. Problems including data management issues, infrastructure complexities, failures to keep up with technological advances, and missteps in prioritizing cybersecurity are all cited as challenges in coming up with workable cybersecurity plans.


Third-Party Data Breach in Singapore Hits Healthcare Provider

Permalink - Posted on 2021-10-26 14:00

Fullerton Health says its third-party vendor, which platform facilitates appointment booking, had suffered a security breach first detected on October 19 that compromised patients' personal data, including name and contact details as well as bank account information.


PHI of 24,891 Specialty Surgery Center of Central New York Patients Potentially Compromised

Permalink - Posted on 2021-10-26 14:00

Syracuse ASC, dba Specialty Surgery Center of Central New York, has started notifying 24,891 patients that some of their protected health information (PHI) was potentially accessed by unauthorized individuals who gained access to its computer systems. The breach was identified by Syracuse ASC around March 31, 2021, and steps were immediately taken to secure its systems and prevent further unauthorized access. A third-party cybersecurity firm was engaged to assist with the forensic investigation, which concluded on April 30, 2021, and determined the hackers accessed parts of its systems that contained PHI. A second investigation was conducted to determine which individuals’ PHI had been exposed. A list of individuals potentially affected by the incident was obtained on August 16, 2021, with the delay in issuing notifications due to a “substantial data validation process to verify the accuracy of the data.” The file review confirmed names may have been compromised along with limited health information, but no evidence was found to indicate any actual or attempted misuse of data on the compromised systems.


Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads

Permalink - Posted on 2021-10-26 14:00

UltimaSMS leverages at least 151 apps that have been downloaded collectively more than 10 million times, to extort money through a fake premium SMS subscription service. Threat actors are using malicious Android apps to scam users into signing up for a bogus premium SMS subscription service, which results in big charges accruing on their phone bills.


72% of Organizations Hit by DNS Attacks in the Past Year

Permalink - Posted on 2021-10-26 14:00

Domain name system (DNS) attacks are impacting organizations at worrisome rates. According to a survey from the Neustar International Security Council (NISC) conducted in September 2021, 72% of study participants reported experiencing a DNS attack within the last 12 months. Among those targeted, 61% have seen multiple attacks and 11% said they have been victimized regularly. While one-third of respondents recovered within minutes, 58% saw their businesses disrupted for more than an hour, and 14% took several hours to recover.


Suspected Cyber Attack Temporarily Disrupts Gas Stations Across Iran

Permalink - Posted on 2021-10-26 14:00

A software glitch believed to have been caused by a cyberattack has disrupted gas stations across Iran and defaced gas pump screens and gas price billboards. The incident, which took place earlier this morning, impacted the IT network of NIOPDC, a state-owned gas distribution company that manages more than 3,500 gas stations across Iran.


Despite Spending Millions on Bot Mitigation, 64% of Organizations Lost Revenue Due to Bot Attacks

Permalink - Posted on 2021-10-25 13:00

A Kasada survey covers the state of bot mitigation exclusively from the perspective of organizations already using anti-bot solutions. 64% of organizations lost 6% or more of their revenue due to bot attacks, and 32% report that their organizations lost 10% or more of revenue within the last 12 months. A quarter of respondents say that on average a single bot attack costs their organization $500,000 or more, and 44% of respondents say it costs their organization $250,000 or more. 45% of companies surveyed say bot attacks result in more website downtime at their organizations, and about a third say bot attacks result in brand or reputational damage, reduction in online conversions, and more frequent data leaks. bot attacks resulted in an increase in operational or logistical bottlenecks. Researchers found that 77% of companies spent $250,000 or more on mitigating bot attacks within the past 12 months, while 27% spent in-excess of $1 million, resulting in a loss of revenue and increased operational costs. With 80% of executive teams asking about bot attacks within the past 6 months, bot attacks and their effects have become a C-Level concern. As a result, 63% of companies plan to increase their spending on bot prevention over the next 12 months.


Britian: Data Breach Leads to £10 Thousand Fine for Scottish Charity

Permalink - Posted on 2021-10-25 13:00

A prominent Scottish charity has been fined £10,000 for a data protection breach. The action was taken after HIV Scotland sent out an email containing the personal details of dozens of people. The breach involved an email to 105 people, including patient advocates representing people living in Scotland with HIV. All the email addresses were visible to recipients, and 65 identified people by name. The Information Commissioner's Office (ICO) issued the penalty, with the watchdog saying that an assumption could be made about individuals' HIV status or risk from the personal data disclosed.


44% of Healthcare Organizations Don't Have Full Visibility into Security Access

Permalink - Posted on 2021-10-25 13:00

The healthcare industry is extensively targeted by cyber actors and the industry experiences four times the number of data breaches as other industry sectors and the threat is growing. A recent Bitglass study suggests a 55% increase in healthcare data breaches in the United States during the pandemic. SecureLink’s study, the results of which were published in the report, A Matter of Life and Death: The State of Critical Access Management in Healthcare, confirmed that many of those breaches involved third-party access to systems. 44% of healthcare and pharmaceutical organizations that responded to the survey said they had suffered at least one cybersecurity incident that was either directly or indirectly caused by a third-party partner. Vendors and third parties supply many of the components that allow healthcare system to function and with so many third-party components, the attack surface is large. Even though the risk of a third-party data breach is high, the survey revealed only 41% of surveyed healthcare companies had a complete inventory of third parties that have been provided with access to their networks.


South Korea: Large DDoS Attack Shuts Down KT's Nationwide Network

Permalink - Posted on 2021-10-25 13:00

South Korea telco KT said on Monday that the temporary nationwide shutdown of its network earlier today was caused by a large-scale distributed denial-of-service (DDoS) attack. Customers who use the telco's network were unable to access the internet for around 40 minutes at around 11am on Monday. Users were unable to use credit cards, trade stocks, or access online apps during that time period. Some large commercial websites were also shut down during the outage.


Threat Actors Offer for Sale Data for 50 Millions of Moscow Drivers

Permalink - Posted on 2021-10-25 13:00

Bad news for Russian drivers, threat actors are selling a database containing 50 million records belonging to Moscow drivers on a hacking forum for only $800. The threat actors claim to have obtained the data from an insider in the local police, they published a sample of database records containing model of the car, its registration and VIN number, date of registration, engine power, name of the owner, date of birth, and phone number. Stolen data spans from 2006 and 2019, local media outlets have confirmed their authenticity. Threat actors are also offering a file containing information from 2020 to those that will buy the database.


Companies That Pay Ransomware Attackers Get Thumbs Down from Consumers

Permalink - Posted on 2021-10-25 13:00

One of the biggest questions faced by an organization hit by ransomware is whether to pay the ransom. Many do pay simply because they feel it's the quickest and easiest way of getting back to business. But that strategy is not one favored by many consumers, some of whom would avoid a company that's not only victimized by ransomware but ends up paying the ransom. Survey results released Monday by data management firm Cohesity reveal how consumers feel about organizations that suffer a ransomware attack. Commissioned by Cohesity and conducted by Propeller Insights in August 2021, the survey elicited responses from more than 1,000 U.S. consumers between the ages of 18 through 75, and older, all of whom have heard of ransomware. Among the respondents, 81% said they were familiar with the recent ransomware attacks on Colonial Pipeline, JBS Holdings, Kaseya, SolarWinds and U.S. hospitals. Some 22% said that a company with which they do business had been hit by ransomware, while 21% believe their own company had been hurt by an attack. Those surveyed pointed to government, financial services and insurance, oil and energy, healthcare and pharmaceutical, and technology as the top industries most vulnerable to ransomware. Some 40% of the respondents, said they think that organizations hit by ransomware should not pay the ransom. More than half of those surveyed said that companies that do pay the ransom encourage more ransomware and cybercriminals. And 43% believe that ransom payments increase the prices consumers pay for goods and services. An organization that pays a ransom risks a bad reputation with consumers. Some 23% of those surveyed said they'd stop doing business with a company that paid a ransom. Further 48% couldn't say whether or not they'd stop doing business but indicated this as a great concern and would give it a lot of thought.


44% of Healthcare, Pharmaceutical Organizations Experienced Breaches Caused by Third-Parties in Last Year

Permalink - Posted on 2021-10-22 15:00

SecureLink, a leader in critical access management, has released a new report titled “A Matter of Life And Death: The State of Critical Access Management in Healthcare,” revealing that third-party attacks in healthcare are on the rise and fundamentally threaten not just highly sensitive medical data, but patient care. The report, which includes data from research conducted in partnership with Ponemon Institute, reveals that within the last year, 44% of healthcare and pharmaceutical organizations experienced a data breach caused by a third party – posing compliance, reputational, and financial risks.


170,000 Patients Exposed in Alliance Dental Practices Breach Caused by Vendor

Permalink - Posted on 2021-10-22 16:00

For the second time in the past year, an alliance serving dental practices has been hit with a cyberattack. Last year’s attack impacted patients at Kids First Dentistry & Orthodontics, a subsidiary of Professional Dental Alliance of Connecticut. They reported a ransomware attack on First Impressions Orthodontics impacted their patients. So far, more than 170,000 patients have reportedly been notified of the NADM breach. It is not yet clear why it took six months from the incident to provide notice to patients and HHS.


Swiss Exhibitions Organizer MCH Group Hit by Cyber Attack

Permalink - Posted on 2021-10-22 15:00

Swiss events organizer and marketing company MCH Group was hit by a malware attack on Wednesday (October 20), and says it is working to get systems up and running again. This is just the latest in a series of cyber-attacks to hit targets in Switzerland in recent weeks. Earlier this week, the Easygov federal portal was hacked, and the names of around 130,000 companies who applied for emergency financial credit during the pandemic were accessed. The municipal authorities of the Swiss town of Montreux, Stadler Rail, and price comparison website Comparis have also been targeted, and in August the personal data of the entire population of the town of Rolle was reportedly exposed online.


Customer Services Firm Atento Hit by Cyber Attack

Permalink - Posted on 2021-10-22 15:00

Business process outsourcing (BPO) and customer relationship management multinational Atento has been hit by a cyberattack, with the greatest impact seen in Brazil, its largest operation in Latin America. The Madrid-headquartered firm informed its customers on Sunday (17) about the attack against its systems in Brazil, which caused an interruption of service as the company sought to contain and evaluate the extent of the threat, according to local news website Neofeed.


Italian Celebs' Data Exposed in Ransomware Attack on SIAE

Permalink - Posted on 2021-10-22 15:00

The Italian data protection authority Garante per la Protezione dei Dati Personali (GPDP) has announced an investigation into a data breach of the country’s copyright protection agency. SIAE has not answered BleepingComputer's emails asking for clarifications on the scale of the impact. However, BleepingComputer has found a listing on the extortion portal of the Everest ransomware gang, where the actors claimed to have breached SIAE and have leaked 60 GB of stolen data. The data leaked by the Everest gang includes national ID and driver's license scans and documents relevant to contract agreements between SIAE and its members.


SCUF Gaming Store Hacked to Steal Credit Card Information of 32,000 Customers

Permalink - Posted on 2021-10-22 15:00

SCUF Gaming International, a leading manufacturer of custom PC and console controllers, is notifying customers that its website was hacked in February to plant a malicious script used to steal their credit card information. While the company didn't disclose the number of impacted people in the notification letters, it told the Office of the Maine Attorney General that 32,645 individuals were affected in total.


Data Scrapers Expose 2.6 Million Instagram and TikTok Users

Permalink - Posted on 2021-10-21 15:00

Security researchers have discovered over two million social media user profiles scraped from the internet after they were unwittingly exposed online by an analytics firm, Infosecurity can reveal. A team at reviews site SafetyDetectives led by Anurag Sen found the data located on a misconfigured Elasticsearch server, left exposed without any password protection or encryption in place. It quickly traced the 3.6GB trove of more than 2.6 million TikTok and Instagram profiles to IGBlade, a firm that provides marketing insights on social media users for its customers.


72% of Organizations Experienced a DNS Attack in the Last Year

Permalink - Posted on 2021-10-21 15:00

Nearly three-quarters (72%) of organizations have suffered a domain name system (DNS) attack in the last 12 months, according to a new study by the Neustar International Security Council (NISC). Of those organizations affected, 61% were targeted on multiple occasions, while 11% have been victimized regularly. While Neustar noted that DNS attacks are generally a lower concern for security pros than vectors like ransomware, distributed denial-of-service (DDoS) and targeted account hacking, they are becoming increasingly menacing to organizations. According to its latest study, 55% of security professionals consider DNS compromise an increasing threat; this compares to 47% in October 2020. The most common types of DNS attacks experienced were DNS hijacking (47%), DNS flood, reflection or amplification attacks that segued into DDoS (46%), DNS tunneling (35%) and cache poisoning (33%). The 302 security professionals from six EMEA and US markets included in the survey were also asked about the damage caused by these incidents. Among those organizations targeted, 58% saw their businesses disrupted for over an hour, 14% took several hours to recover. However, around one-third were able to recover within minutes.


Ransomware Hits U.S. Candymaker Ahead of Halloween

Permalink - Posted on 2021-10-21 15:00

A major U.S. candy company is struggling to fill orders before Halloween after ransomware hackers encrypted its systems. Ferrara, the Chicago-based manufacturer of candies like SweeTarts, Laffy Taffy, Nerds, Red Hots, Lemonhead candies, Boston Baked Beans, Atomic Fireballs, Pixy Stix and Everlasting Gobstoppers, has been able to resume production only “in select manufacturing facilities,” a spokesperson said in an emailed statement Wednesday.


Canada: Hackers Leak Police Takedown Video, Medical Records in Durham Region Breach

Permalink - Posted on 2021-10-20 14:00

A CTV News Toronto investigation has discovered that a data breach at the Durham Regional government is much larger than already known, including medical reports, complaints about medical treatment, and potential evidence in a criminal case. That data, including security camera video that shows a man’s arrest on a Durham Regional Transit bus by Toronto Police officers, is the kind of thing that should have been encrypted to protect privacy in case of a hostile cyberattack, says Ontario’s former information and privacy commissioner, Ann Cavoukian.


Organizations Lack Basic Cyber Security Practices to Combat the Growing Tide of Ransomware

Permalink - Posted on 2021-10-20 14:00

Organizations are not equipped to defend against ransomware due to deficiencies in implementing and sustaining basic cybersecurity practices, including managing privileged administrator credentials and ensuring visibility of supply chain risk, an Axio research report reveals. Overall, most organizations surveyed are not adequately prepared to manage the risk associated with a ransomware attack. Key data findings include: Nearly 80% of organizations responded that they have not implemented or have only partially implemented a privileged access management solution; Only 36% of respondents indicated that they audit the use of service accounts, a type of privileged account, on a regular basis; Only 26% of respondents deny the use of command-line scripting tools (such as PowerShell) by default; 69% of organizations indicated that they do not limit access to the internet for their Windows domain controller hosts; Only 29% of respondents evaluate the cybersecurity posture of external parties prior to allowing them access to the organization’s network; Only 50% of respondents conduct user awareness training for employees on email and web-based threats, such as spear-phishing and watering hole attacks, on an annual basis.


Cyber Incident Impact Sits at Over $500,000 for Half of Small to Medium APAC Businesses

Permalink - Posted on 2021-10-20 14:00

51% of Asia Pacific small to medium-sized businesses that were hit with a cyber incident in the past year saw the cost of that incident exceed $500,000, according to a survey conducted by Cisco. Sampling 3,750 businesses employing between 10 and 999 employees in 14 countries around the region, Cisco said 83% reported an incident in excess of $100,000, and 13% had an incident cost more than $1 million. The survey was conducted between April and July. In Australia, where 306 qualifying businesses responded, the numbers were more stark, with 64% reporting an incident costing over $500,000, and 33% saying they were hit more than $1 million in cost. For businesses that ran simulation exercises, Cisco said 85% of respondents found issues in their defences.


Acer Confirms Breach of Servers in Taiwan

Permalink - Posted on 2021-10-20 14:00

Taiwanese tech giant Acer has confirmed that, in addition to servers in India, hackers breached some of its systems in Taiwan. Acer initially confirmed that some of its servers in India had been hacked after a group called Desorden claimed to have stolen more than 60 gigabytes of data from Acer India. The hackers claimed to have obtained information on millions of customers, login credentials used by thousands of retailers and distributors, and various corporate and financial documents. Acer immediately confirmed the breach of its Indian servers, but described it as an isolated attack targeting its after-sales service systems in India.


Missouri Budget Officials Outline $50 Million Cost of Data Breach

Permalink - Posted on 2021-10-20 14:00

Help for roughly 100,000 teachers whose Social Security numbers were made vulnerable in a massive state data breach could cost Missouri as much as $50 million, the governor’s office confirmed Tuesday. The estimate includes the cost of credit monitoring and a call center to help affected teachers.


Data Breaches Reported by PracticeMax and UMass Memorial Health

Permalink - Posted on 2021-10-20 14:00

Anthem health plan members with End Stage Kidney Disease who are enrolled in the VillageHealth program have been notified that some of their protected health information has potentially been compromised in a ransomware attack. VillageHealth helps Anthem plan members through care coordination between the dialysis center, nephrologists, and providers and shares the results with Anthem via its vendor, PracticeMax. PracticeMax, a provider of business management and information technology solutions to healthcare organizations, identified the attack on May 1, 2021. The investigation revealed the attackers gained access to its systems on April 17, 2021, with access possible until May 5, 2021. PracticeMax said it regained access to its IT systems the following day. A forensic investigation of the attack confirmed one server was affected that contained protected health information (PHI) which may have been accessed and acquired by the attackers.


81% of U.K. Healthcare Organizations Hit by Ransomware in Last Year

Permalink - Posted on 2021-10-20 14:00

More than four-fifths (81%) of UK healthcare organizations suffered a ransomware attack in the last year, according to a new study by Obrela Security Industries. The survey of 100 cybersecurity managers in the health sector found that 38% of UK healthcare organizations have elected to pay a ransom demand to get their files back. However, 44% revealed they had refused to pay a demand but lost their healthcare data as a result. The study also examined the broader consequences of cyber-attacks on healthcare organizations. Close to two-thirds (64%) of respondents admitted their organization has had to cancel in-person appointments because of a cyber-attack. Even more worryingly, 65% believe that a cyber-attack on their systems could lead to loss of life.


England: Center for Computing History Exposes Customer Data

Permalink - Posted on 2021-10-20 14:00

The Centre for Computing History (CCH) in Cambridge, England, has apologised for an "embarrassing" breach in its online customer datafile, though thankfully no payment card information was exposed. The museum for computers and video games said it was notified that a unique email address used to book tickets via its website "has subsequently received a phishing email that looked like it came from HSBC." The Information Commissioner's Office was informed of the breach yesterday morning, confirmed receipt of the notification and is processing this.


VPN Provider's Misconfiguration Exposes One Million Users

Permalink - Posted on 2021-10-20 14:00

At least one million users of a Chinese-run VPN service have had their personally identifiable information (PII) exposed due to a misconfigured Elasticsearch server, Infosecurity can reveal. The privacy concern affects Quickfox, a free VPN used mainly by the Chinese diaspora to visit sites otherwise inaccessible from outside mainland China, according to reviews site WizCase. Unfortunately, Quickfox owner Fuzhou Zixun Network Technology had not adequately configured its Elastic Stack security, leaving an Elasticsearch server exposed and accessible – with no password–protection or encryption enforced. The 100GB trove found by the researchers contained 500 million records, including PII on one million users and system data on 300,000 customers. WizCase told Infosecurity that the server has yet to be secure.


Kemper Proposes $17.6 Million Settlement of Data Breach Claims

Permalink - Posted on 2021-10-19 15:00

Kemper Insurance has proposed to settle a class action stemming from two data breaches in a deal valued at about $17.6 million. The dual breaches could have compromised the personal information of an estimated 6.1 million customers and employees. The breach incidents occurred on December 14, 2020 and March 25, 2021 and were announced by the insurer in March and May 25, 2021. The class action and settlement also involve Infinity Insurance Co., a subsidiary that sells nonstandard auto policies and was acquired by Kemper in 2018. Kemper offers home, life, auto, business, property and umbrella insurance. The settlement has been accepted by the plaintiffs but must still be approved by Judge Martha M. Pacold of the federal court for the Northern District of Illinois.


Hacker Steals Government ID Database for Argentina's Entire Population

Permalink - Posted on 2021-10-19 15:00

A hacker has breached the Argentinian government’s IT network and stolen ID card details for the country’s entire population, data that is now being sold in private circles. The hack, which took place last month, targeted RENAPER, which stands for Registro Nacional de las Personas, translated as National Registry of Persons. The first evidence that someone breached RENAPER surfaced earlier this month on Twitter when a newly registered account named @AnibalLeaks published ID card photos and personal details for 44 Argentinian celebrities. This included details for the country’s president Alberto Fernández, multiple journalists and political figures, and even data for soccer superstars Lionel Messi and Sergio Aguero. A day after the images and personal details were published on Twitter, the hacker also posted an ad on a well-known hacking forum, offering to look up the personal details of any Argentinian user.


University Hospital Newark Notifies 9,000 Individuals About Historic Insider Data Breach

Permalink - Posted on 2021-10-19 15:00

University Hospital Newark (NY) has discovered the protected health information of thousands of patients has been accessed by a former employee without authorization over the course of a year. That information was subsequently disclosed to other individuals who were also not authorized to view the information. Insider breaches such as this are fairly common, although what makes this case stand out is when the access occurred. In its substitute breach notice, University Hospital Newark said the unauthorized access occurred between January 1, 2016, and December 31, 2017.


83% of Ransomware Victims Pay the Demand

Permalink - Posted on 2021-10-19 15:00

More than four in five (83%) ransomware victims in the last 12 months felt they had no option but to pay the extortion demand to restore their data, according to a new report by ThycoticCentrify. The study, which was based on a survey of 300 US IT business decision-makers, also found that close to two-thirds (64%) of companies were victims of ransomware attacks in the last 12 months. The latest research demonstrates rising ransomware cases and extortion payments since the start of the COVID-19 pandemic. These findings are particularly worrying given so many victim organizations didn't feel like they had any choice other than pay the demand once their data was encrypted, showing how effective this tactic is. The research further highlighted the substantial damage caused to organizations by ransomware attacks. Half (50%) of respondents said their company had experienced a loss of revenue and reputational damage from an attack, and 42% admitted they lost customers due to an attack. Additionally, around one-third attributed the ransomware attack as the cause for employee layoffs. The most vulnerable vectors for ransomware attacks are email (53%), applications (41%) and the cloud (38%), according to the IT business decision-makers surveyed.


Phishing Attack on Business Associate Affects Tens of Thousands of Professional Dental Alliance Patients

Permalink - Posted on 2021-10-18 14:00

Professional Dental Alliance, a network of dental practices affiliated with the North American Dental Group, has notified tens of thousands of patients that some of their protected health information was stored in email accounts that were accessed by an unauthorized individual between March 31 and April 1, 2021. Professional Dental Alliance says the breach occurred at its vendor North American Dental Management. Steps were immediately taken to secure the affected accounts and prevent further unauthorized access. An investigation was launched which revealed several email accounts were accessed by an unauthorized individual after employees responded to phishing emails.


Popular Student Monitoring Software Could Have Exposed Thousands to Hacks

Permalink - Posted on 2021-10-18 14:00

A monitoring company that thousands of schools used during remote and hybrid learning to ensure students were on task may have inadvertently exposed millions of kids to hackers online, according to a September report by the security software company McAfee. The research, conducted by the McAfee Enterprise Advanced Threat Research team, discovered the bug in the Netop Vision Pro Education software, which is used by some 3 million teachers and students across 9,000 school systems globally, including in the U.S. The software allows teachers to monitor and control how students use school-issued computers in real time, block websites, and freeze their computer screens if they’re found to be off task. This is the second time in less than a year that McAfee researchers have found vulnerabilities in Netop’s education software—glitches that hackers could exploit to gain control over students’ computers, including their webcams and microphones. It’s unclear whether the software had been breached by anyone other than the researchers.


Sinclair TV Stations Crippled by Ransomware Attack

Permalink - Posted on 2021-10-18 14:00

Sinclair Broadcast Group has confirmed that it was hit by a ransomware attack over the weekend detailed in a press release and SEC filing. Sinclair also said attackers have also stolen data from the company's network. Sources have told BleepingComputer that a ransomware attack caused these significant technical issues. The attackers have been able to impact many TV stations via Sinclair's corporate Active Directory domain.


Ransomware Stole $590m in the First Half of 2021

Permalink - Posted on 2021-10-18 14:00

Ransomware extracted at least $590 million for the miscreants who create and distribute it in the first half of 2021 alone – more than the $416 million tracked in all of 2020, according to the US government’s Financial Crimes Enforcement Network (FinCEN). Total ransomware-related financial activity may have reached $5.2 billion.


3D Printing Site Thingiverse Suffers Major User Data Breach

Permalink - Posted on 2021-10-15 15:00

About 228,000 users of popular 3D printing platform Thingiverse have reportedly had their authentication details stolen and published on the dark web. The news of the leak doesn’t come from Thingiverse itself, but rather from Have I Been Pwned (HIBP), which got hold of the leaked details of the compromised accounts after receiving a tip last week.


Brazilian Insurance Giant Porto Seguro Hit by Cyber Attack

Permalink - Posted on 2021-10-15 15:00

The company reported the incident to the Securities and Exchange Commission (CVM) on Thursday (14), saying that it "promptly activated all security protocols" and that it has been gradually restoring its operating environment and working towards resuming normal business as soon as possible. Third largest insurance company in Brazil, Porto Seguro leads the car and residential insurance segments in Brazil and has around 10 million clients across its various business lines including credit provision. The company is the latest of a list of major Brazilian organizations suffering major security incidents over recent weeks. Earlier this month, CVC, one of the country's largest travel operators, was hit by a ransomware attack that brought its operations to a standstill.


70% of Businesses Can't Ensure the Same Level of Protection for Every Endpoint

Permalink - Posted on 2021-10-15 14:00

A Deep Instinct research, which seeks to discover the cybersecurity concerns keeping CISO’s and SecOps professional up at night, found that 86% of UK respondents believe it is not possible to fully prevent ransomware and malware attacks from compromising their organizations defenses. It also found that the rise in the number of endpoints that businesses need to protect continues to be a key source of risk exposure. When examining the challenges facing organizations in detecting threats present within the network, 24 percent of respondents cited the volume of false positives as being one of the biggest barriers, – higher than the global average of 18 percent. However, 47% said that the lack of threat prevention specific to the volume of never-before-seen malware was the top concern.


Ransomware Hit SCADA Systems at 3 Water Facilities in U.S.

Permalink - Posted on 2021-10-15 14:00

Several U.S. government agencies issued a joint alert on Thursday to warn organizations in the water and wastewater sector about ongoing cyberattacks. The alert also describes three previously unreported ransomware attacks that impacted industrial control systems (ICS) at water facilities.


Olympus Investigates Potential Cyber Attack

Permalink - Posted on 2021-10-15 14:00

Olympus has launched an investigation after detecting a potential cybersecurity incident in part of its IT system. The Japanese manufacturer of optics and reprography products said that suspicious activity was spotted on October 10. The possible threat affects the company’s systems in the United States, Canada, and Latin America. Digital forensics experts are looking into the security issue, which Olympus said is “working with the highest priority to resolve.” While the company has not confirmed the specific nature of the cybersecurity incident, Olympus said it was working to contain the threat. Part of the company’s response has been to shut down the systems that were affected.


Osteopathic Professional Group Reports Year-Old Breach

Permalink - Posted on 2021-10-15 14:00

The American Osteopathic Association has just begun notifying nearly 28,000 individuals about a June 2020 data exfiltration incident involving their personal information. The medical professional organization says workforce challenges during the pandemic led to the delayed identification of people affected by the data breach. In a breach report submitted on Wednesday to the state of Maine's attorney general office, AOA says the incident affected about 27,500 individuals, including 209 Maine residents. The Chicago-based non-profit professional association says it represents 151,000 osteopathic physicians and medical students across the U.S.


Accenture Confirms Data Breach After August Ransomware Attack

Permalink - Posted on 2021-10-15 14:00

Global IT consultancy giant Accenture confirmed that LockBit ransomware operators stole data from its systems during an attack that hit the company's systems in August 2021. This was revealed in the company's financial report for the fourth quarter and full fiscal year, which ended on August 31, 2021. ven though Accenture has now confirmed that the attackers stole information from its systems and leaked it online, the company has not yet publicly acknowledged the data breach outside SEC filings or filed data breach notification letters with relevant authorities.


Missouri Teachers' Social Security Numbers Exposed on State Website

Permalink - Posted on 2021-10-14 15:00

The Social Security numbers of school teachers, administrators and counselors across Missouri were vulnerable to public exposure due to flaws on a website maintained by the state’s Department of Elementary and Secondary Education. The Post-Dispatch discovered the vulnerability in a web application that allowed the public to search teacher certifications and credentials.


Israeli Hospital Cancels Procedures Following Ransomware Attack

Permalink - Posted on 2021-10-14 15:00

Hillel Yaffe resorts to logging admissions with pen and paper while being unable to conduct non-urgent procedures. With patients being turned away, the Laniado Hospital in Netanya said it was coordinating with the Magen David Adom ambulance service and was ready to receive those who needed treatment that was not available at Hillel Yaffe due to the attack.


Thingiverse Data Leak Affects 228,000 Subscribers

Permalink - Posted on 2021-10-14 15:00

Thingiverse, a website dedicated to sharing user-created digital design files, has reportedly leaked a 36GB backup file that contains 228,000 unique email addresses and other personally identifiable information, confirms Troy Hunt, creator of the Have I Been Pwned data breach notification service, citing the circulation of this data set on a popular hacking forum. After analyzing the data file from the hacking forum, Hunt tells Information Security Media Group that the backup file was dumped publicly exactly a year ago on Oct. 13, 2020, and has remained exposed ever since. He adds that the leaked data appears to be a MySQL database that contains more than 255 million lines of data. "The earliest date stamps in the data set appear to go back about a decade, however, I’ve not analyzed it closely enough," says Hunt. Hunt says of the leaked data, "There is data on the 3D models that are publicly accessible, but there are also email and IP addresses, usernames, physical addresses and full names."


7-Eleven Breached Customer Privacy by Collecting Facial Imagery Without Consent

Permalink - Posted on 2021-10-14 15:00

In Australia, the country's information commissioner has found that 7-Eleven breached customers' privacy by collecting their sensitive biometric information without adequate notice or consent. From June 2020 to August 2021, 7-Eleven conducted surveys that required customers to fill out information on tablets with built-in cameras. These tablets, which were installed in 700 stores, captured customers' facial images at two points during the survey-taking process -- when the individual first engaged with the tablet, and after they completed the survey. After becoming aware of this activity in July last year, the Office of the Australian Information Commissioner (OAIC) commended an investigation into 7-Eleven's survey. During the investigation, the OAIC found 7-Eleven stored the facial images on tablets for around 20 seconds before uploading them to a secure server hosted in Australia within the Microsoft Azure infrastructure. The facial images were then retained on the server, as an algorithmic representation, for seven days to allow 7-Eleven to identify and correct any issues, and reprocess survey responses, the convenience store giant claimed.


Acer Confirms Breach of After-Sales Service Systems in India

Permalink - Posted on 2021-10-14 15:00

Taiwanese computer giant Acer has confirmed that its after-sales service systems in India were recently breached in what the company called "an isolated attack." While Acer didn't provide details regarding the attackers' identity behind this incident, a threat actor has already claimed the attack on a popular hacker forum, saying that they stole more than 60GB of files and databases from Acer's servers. The allegedly stolen data includes client, corporate, and financial data and login details belonging to Acer retailers and distributors from India. As proof, the threat actor provided a video showcasing the stolen files and databases, the records of 10,000 customers, and stolen credentials for 3,000 Indian Acer distributors and retailers.


University of Sunderland Announces Outage Following Cyber Attack

Permalink - Posted on 2021-10-14 15:00

The University of Sunderland in the UK has announced extensive operational issues that have taken most of its IT systems down, attributing the problem to a cyber-attack. The first signs of disruption for the university’s IT systems appeared in Tuesday morning, but remain widely impactful and unresolved. The attack appears to have taken down all telephone lines, the official website, the main email servers, library WiFi, on-premise PC/laptop access, printing, and all online portals that students use for accessing eBooks, journals, and other services.


Ransomware Attacks Preparedness Lagging, Despite Organizations Being Aware of the Risks

Permalink - Posted on 2021-10-13 15:00

Hornetsecurity released the results of a global study of IT professionals on their preparedness for ransomware attacks. Survey data showed that although companies are increasingly aware of the risks ransomware poses, many organizations lack proper protection and prevention measures. 1 in every 5 companies falls victim to ransomware attacks – Twenty-one percent of respondents indicated that their organization has suffered a ransomware attack, confirming that it remains one of the most prolific forms of cybercrime. In addition to system downtime, ransomware attacks can be costly. Attacks often require ransom payments, lengthy data recovery efforts, and long-term damage to companies’ reputations. Half of respondents indicated that their management team delegates cyber preparedness to its IT department – Although 86.9% of respondents indicated that their senior leadership team is aware of ransomware risks, nearly half reported that preparation and prevention measures are delegated to the company’s IT department. Because of the significant risks ransomware attacks pose, cyber protection and prevention policies should be company-wide priorities and not relegated to the IT department.


New Jersey: Settlement Reached with Fertility Clinic Over Cyber Security Lapses and Data Breach

Permalink - Posted on 2021-10-13 14:00

Acting Attorney General Andrew J. Bruck and the Division of Consumer Affairs today announced that a healthcare provider focused on the diagnosis and treatment of infertility will pay $495,000 and implement new data security measures following a data breach that compromised the personal information of 14,663 patients, including 11,071 New Jersey residents. The settlement resolves the state’s investigation into Diamond Institute for Infertility and Menopause, LLC (“Diamond”), which is based in Millburn, Essex County. Diamond operates two healthcare practices in New Jersey (in Millburn and Dover) and one in New York, and offers consultation services in Bermuda. The data breach allowed multiple instances of unauthorized access to Diamond’s network between August 2016 and January 2017, giving at least one intruder access to consumer electronic protected health information (“ePHI”).


Verizon-Owned Visible Network Suffers Suspected Data Breach

Permalink - Posted on 2021-10-13 14:00

Social media sites, especially the Visible subreddit, are currently flooded with reports of Visible accounts being hijacked. In most cases, the email address associated with the account is reset by an unknown attacker, then the payment method on the account is used to order a phone.


350,000 Patients of ReproSource Fertility Diagnostics Affected by Ransomware Attack

Permalink - Posted on 2021-10-13 14:00

Malborough, MA-based ReproSource Fertility Diagnostics has suffered a ransomware attack in which hackers gained access to systems containing the protected health information of approximately 350,000 patients. ReproSource is a leading laboratory for reproductive health that is owned by Quest Diagnostics. ReproSource discovered the ransomware attack on August 10, 2021 and promptly severed network connections to contained the incident. An investigation into the security breach confirmed the attack occurred on August 8. While it is possible that patient data was exfiltrated by the attackers prior to the deployment of ransomware, at this stage no evidence of data theft has been identified. A review of the files on the affected systems was completed on September 24 and revealed they contained the following types of protected health information: Names, phone numbers, addresses, email addresses, dates of birth, billing and health information (CPT codes, diagnosis codes, test requisitions and results, test reports and/or medical history information), health insurance or group plan identification names and numbers, and other information provided by individuals or by treating physicians. A small subset of individuals may have had driver’s license number, passport number, Social Security number, financial account number, and/or credit card number exposed.


Password-Stealing Attacks Surge 45% in Six Months

Permalink - Posted on 2021-10-13 14:00

Attacks using password-stealing malware have surged by 45% over the past six months, highlighting the continued need for additional log-in security measures, according to Kaspersky. The Russian AV vendor analyzed incidents of Trojan-PSW – a specialized stealer capable of gathering login and other account information. It noted 160,000 more targets in September 2021 than April, with the total number reaching nearly half a million. That’s an increase of 45%.


Former Executive Accessed PHI of Nearly 38,000 Individuals

Permalink - Posted on 2021-10-13 14:00

Texas-based accountable care organization Premier Patient Healthcare in a report filed on Friday to the Maine attorney general's office, described the June 2020 incident - discovered in April 2021 - as "insider wrongdoing, loss or theft of device or media (computer, laptop, external hard drive, thumb drive, CD, tape, etc.).” An attorney representing Premier declined Information Security Media Group's request for clarification about the incident, including whether the breach involved both a former company executive and a vendor, and whether the incident involved access to PHI contained on a mobile computing/storage device, as indicated in the report submitted to Maine's attorney general.


Customers on Alert as E-Commerce Player Leaks 1.7+ Billion Records

Permalink - Posted on 2021-10-13 14:00

A Brazilian e-commerce firm has unwittingly exposed close to 1.8 billion records, including customers’ and sellers’ personal information, after misconfiguring an Elasticsearch server, according to researchers. A team at SafetyDetectives led by Anurag Sen made the discovery in June and quickly traced the leak back to Hariexpress — a firm that allows vendors to manage and automate their activity across multiple marketplaces, including Facebook and Amazon. Although the firm replied to the researchers just four days after they alerted it to the leak in early July, it was subsequently uncontactable. Infosecurity is currently trying to confirm if the issue has been fixed or not.] The server was left unencrypted with no password protection in place. It contained 610GB of data, including customers’ full names, home and delivery addresses, phone numbers and billing details. Also exposed were sellers’ full names, email and business/home addresses, phone numbers and business/tax IDs (CNPJ/CPF). SafetyDetectives could not confirm the total number of those affected due to the size of the trove and the potential for duplicate email addresses.


Over 90% of Firms Suffered Supply Chain Breaches Last Year

Permalink - Posted on 2021-10-12 15:00

Some 93% of global organizations have suffered a direct breach due to weaknesses in their supply chains over the past year, according to BlueVoyant. The cybersecurity services company polled 1200 IT and procurement leaders responsible for supply chain and cyber-risk management from global companies with 1,000+ employees to compile its report: Managing Cyber Risk Across the Extended Vendor Ecosystem. It revealed the average number of breaches experienced in the past 12 months grew from 2.7 in 2020 to 3.7 in 2021 – a 37% year-on-year increase. Although the percentage of companies that don’t consider third-party risk a priority has fallen from 31% last year to 13% in 2021, the number who admit they have no way of knowing if an incident has occurred in their supply chain rose from 31% to 38%. In addition, while 91% of respondents said budgets were increasing this year to help tackle the risk, investments don’t seem to be making an impact.


Cyber Attack Shuts Down Ecuador's Largest Bank, Banco Pichincha

Permalink - Posted on 2021-10-12 15:00

Ecuador's largest private bank Banco Pichincha has suffered a cyberattack that disrupted operations and taken the ATM and online banking portal offline. The cyberattack occurred over the weekend, causing the bank to shut down portions of their network to prevent the attack's spread to other systems. The shut down of systems has led to widespread disruption for the bank, with ATMs no longer working and the online banking portals showing maintenance messages.


Quest-Owned Fertility Clinic Announces Data Breach After August Ransomware Attack

Permalink - Posted on 2021-10-12 15:00

Quest Diagnostics has informed the SEC about a ransomware attack in August that hit ReproSource, a fertility clinic owned by the company. The ransomware attack led to a data breach, exposing a significant amount of health and financial information for about 350,000 ReproSource patients. In a statement to ZDNet, Quest said ReproSource provided notice that it experienced a data security incident in which an unauthorized party may have accessed or acquired the protected health information and personally identifiable information of some patients.


Olympus U.S. Systems Hit by Cyber Attack Over the Weekend

Permalink - Posted on 2021-10-12 15:00

Olympus, a leading medical technology company, was forced to take down IT systems in the Americas (U.S., Canada, and Latin America) following a cyberattack that hit its network Sunday, October 10, 2021. The company did not disclose if customer or company data was accessed or stolen during the "potential cybersecurity incident," but said that it would provide new information regarding the attack as soon as it's available.


Ransomware Cost U.S. Companies Almost $21 Billion in Downtime in 2020

Permalink - Posted on 2021-10-12 15:00

An analysis of 186 successful ransomware attacks against businesses in the United States in 2020 has shown that the companies lost almost US$21 billion due to attack-induced downtime, according to technology website Comparitech. Compared to 2019, the number of disclosed ransomware attacks skyrocketed – by 245%. “Our team sifted through several different resources—specialist IT news, data breach reports, and state reporting tools—to collate as much data as possible on ransomware attacks on US businesses. We then applied data from studies on the cost of downtime to estimate a range for the likely cost of ransomware attacks to businesses,” Comparitech said explaining its approach. However, it did concede that the figures may be merely a scratch on the surface of the ransomware problem. On average, the affected companies lost nine days in downtime and it took them about two-and-a-half months to investigate the attacks and their impact on the company’s data and its systems. To put into context, Comparitech estimates that, when combined, ransomware attacks caused 340.5 days of downtime and a whopping 4,414 days of investigation. However, the downtimes varied, ranging from recovery efforts taking several months to minimal disruptions especially thanks to solid backup plans. Cybercriminals usually requested ransoms ranging from half a million dollars all the way up to US$21 million. Some attackers also upped the ante by carrying out double-extortion attacks, where they pilfer data from the victims’ systems before going on to encrypt them with ransomware. With researchers estimating that the average cost per minute of downtime is US$8,662 and adding in the reputational damage, it’s no wonder some companies are willing to pay the ransoms as a way to fix the problem quickly. Based on the estimate, the cost of downtime to American business was US$20.9 billion. The analysis also found that the ransomware attacks resulted in over 7 million individual records being pilfered or/and abused, an almost 800% increase compared to the previous years.


Engineering Company Weir Group Discloses Ransomware Hack

Permalink - Posted on 2021-10-11 14:00

Engineering company Weir Group has acknowledged it was the victim of a ransomware attack that will likely affect revenue for the third quarter of the year. The attack took place in the second half of September and forced the company to isolate and shut down some of its systems, including “core Enterprise Resource Planning (ERP) and engineering applications.” The Glasgow, UK-based company says that, while the action it took to contain the incident was prompt and robust, some of the affected applications have not yet been fully restored.


New Mexico: Hospital Hacker Steals Patients’ Data

Permalink - Posted on 2021-10-11 14:00

The IT network of San Juan Regional Medical Center in Farmington was breached by an unauthorized individual in September last year. The attack was reported to the United States Department of Health and Human Services' Office for Civil Rights on June 4 as a network server security incident impacting 68,792 individuals. SJRMC undertook a manual review of the files that had been removed in the cyber-attack. The hospital discovered on July 13, 2021, that those files had contained "the personal and protected health information of certain patients."


Oregon Eye Specialists Discloses Data Breach Following Employee Email Compromise

Permalink - Posted on 2021-10-11 14:00

A US optometry group has disclosed a data breach related to unauthorized activity on internal email accounts. Oregon Eye Specialists, which runs six clinics throughout Portland, said the exposed data includes customers’ names and one or more of the following: dates of birth, dates of service, medical record numbers, financial account information, and health insurance provider names and/or policy numbers.


Pacific City Bank Discloses Ransomware Attack Claimed by AvosLocker

Permalink - Posted on 2021-10-11 14:00

Pacific City Bank (PCB), one of the largest Korean-American community banking service providers in America, has disclosed a ransomware incident that took place last month. PCB’s internal investigation on what happened was concluded on September 7, 2021, and it revealed that ransomware actors had unfortunately obtained the following information from its systems: Loan application forms; Tax return documents; W-2 information of client firms; Payroll records of client firms; Full names; Addresses; Social Security Numbers; Wage and tax details


Data Breach Reports Rise as Supply Chain Attacks Surge

Permalink - Posted on 2021-10-11 14:00

The Identity Theft Resource Center, a nonprofit organization based in San Diego, says that in the first three quarters of this year, the number of publicly reported data breaches was 17% higher than what was seen for all of 2020. While the number of breach reports issued this year did decline from Q2 to Q3 by 9%, "the trendline continues to point to a record-breaking year for data compromises," it says. Blame breaches that trace to online attacks in particular. For the first three quarters of this year, ITRC saw a 27% rise in breaches attributed to online attacks - and especially due to phishing and ransomware - compared with all of 2020.


The Dallas Independent School District Breach Impacted Almost 800,000

Permalink - Posted on 2021-10-08 15:00

On September 3, this site reported on a breach involving Dallas ISD in Texas. As noted at the time, details were lacking. But now their external counsel has provided notification to the Maine Attorney General’s Office and so we now know more: The breach, which reportedly occurred on June 8, impacted 795,497 individuals.


Silicon Valley VC Firm Leaked "Deal Flow" Data

Permalink - Posted on 2021-10-08 15:00

A Silicon Valley venture capital firm that runs a matchmaking service linking investors with startups exposed 6GB of data, including deal flow information pertaining to investors and startups. The data belongs to Plug and Play Ventures, which is headquartered in Sunnyvale, California, and has offices around the world. Plug and Play helps startups get off the ground and match those companies with investors. The firm itself says it has benefited from early investments in PayPal and Dropbox. The leaked data appears to be a PostgreSQL database for Playbook.vc, a networking and deal flow application from Plug and Play.


Data Breach Reports Rise as Supply Chain Attacks Surge

Permalink - Posted on 2021-10-08 15:00

The Identity Theft Resource Center, a nonprofit organization based in San Diego, says that in the first three quarters of this year, the number of publicly reported data breaches was 17% higher than what was seen for all of 2020. While the number of breach reports issued this year did decline from Q2 to Q3 by 9%, "the trendline continues to point to a record-breaking year for data compromises," it says. Blame breaches that trace to online attacks in particular. For the first three quarters of this year, ITRC saw a 27% rise in breaches attributed to online attacks - and especially due to phishing and ransomware - compared with all of 2020.


Elekta Faces Class Action Lawsuit over Ransomware Attack and Data Breach

Permalink - Posted on 2021-10-08 15:00

A lawsuit has been filed on behalf of a former patient of Northwestern Memorial HealthCare (NMHC) against Elekta Inc. over its April 2021 ransomware attack and data breach. Elekta, a Swedish provider of radiation medical therapies and related equipment data services, is a business associate of many U.S. healthcare providers. Hackers targeted the company’s cloud-based platform that is used to store and transmit healthcare data and were able to access the platform between April 2 and April 20, 2021. The breach was detected when the hackers deployed ransomware.


BrewDog Exposed Data for Over 200,000 Shareholders and Customers

Permalink - Posted on 2021-10-08 15:00

The exposure lasted for over 18 months and the point of the leak was the firm’s mobile app, which gives the ‘Equity Punks’ community access to information, discounts at bars, and more. As detailed in a PenTestPartners report, the problem lies in the app’s API, and more specifically, its token-based authentication system. The security blunder comes from the fact that these tokens were hard-coded into the mobile application instead of being transmitted to it following a successful user authentication event. As such, anyone was free to append any customer ID to the end of the API endpoint URL, and access sensitive PII (personally identifiable information) for that customer.


Engineering Firm Weir Hit by Major Ransomware Attack

Permalink - Posted on 2021-10-08 15:00

One of Scotland's biggest engineering firms has been hit by a hack of its IT systems, costing it millions of pounds. The ransomware attack on Glasgow-based Weir took place last month, forcing it to shut down some operations. In a statement, the mining equipment firm said it had reacted quickly to the "sophisticated" attack, but had been forced to delay shipments worth more than £50m in revenue. It estimated that the incident could cost it as much as £5m.


Almost 54,000 Patients Affected by OSF HealthCare Ransomware Attack

Permalink - Posted on 2021-10-07 15:00

The Peoria, IL-based not-for-profit catholic health system OSF HealthCare has started notifying 53,907 patients about a cyberattack that was discovered on April 23, 2021. OSF HealthCare said upon discovery of the breach, steps were taken to prevent further unauthorized access and a third-party forensic investigator was engaged to conduct an investigation into the attack to determine the extent of the breach. The investigator confirmed the attackers first accessed its systems on March 7, 2021 and access remained possible until April 23, 2021. OSF HealthCare said the attackers accessed certain files on its system that related to patients of OSF HealthCare Little Company of Mary Medical Center and OSF HealthCare Saint Paul Medical Center. On August 24 it was determined the following types of patient data may have been compromised: Names, contact information, dates of birth, Social Security numbers, driver’s license numbers, state/government ID numbers, treatment information, diagnosis information and codes, physician names, dates of service, hospital units, prescription information, medical record numbers, and Medicare/Medicaid or other health insurance information. A subset of patients also had financial account information, credit/debit card information or credentials for an online financial account exposed.


Eskenazi Health Confirms Patient Data Was Stolen in August Ransomware Attack

Permalink - Posted on 2021-10-07 15:00

ndianapolis, IN-based Eskenazi Health has announced it was the victim of a ransomware attack that was detected on or around August 4, 2021. Suspicious activity was detected and the IT team immediately shut down systems to contain the attack. Emergency protocols were implemented, with staff reverting to pen and paper to record patient data. Without access to critical IT systems the decision was taken to go on diversion and ambulances were re-routed from Health & Hospital Corporation of Marion County to alternative facilities.


Ransomware Deployed 2 Minutes After Hackers Gained Access to Johnson Memorial Health's Network

Permalink - Posted on 2021-10-07 15:00

Johnson Memorial Health has announced it was the victim of a ransomware attack on October 1, 2021. The attack saw files encrypted which crippled its IT systems. The attack on Johnson Memorial Healthcare occurred at lightning speed. According to Dr. David Dunkle, President and CEO of Johnson Memorial Health, the hackers gained access to its IT systems at 10:31 p.m. on Friday night and deployed ransomware 2 minutes later at 10:33 p.m. The hospital’s IT department detected abnormal activity around 10:40 p.m. the same evening and shut down its network at 10:45 p.m. to minimize the damage caused. A ransom demand was issued by the attackers, but Dunkie says no payment has been made. An investigation is now underway to determine the extent of the encryption and which systems and files have been affected.


Texas: Ransomware Actor Tries to Pressure Allen ISD by Emailing Parents

Permalink - Posted on 2021-10-07 15:00

The malicious actors behind a ransomware attack against a school district in Texas attempted to extract payment this week with what one analyst said appears to be an entirely new tactic: emailing parents of students with a threat that if school officials do not pay up, their kids’ personal information may be published online.


U.S. Gov't to Sue Contractors Who Hide Breach Incidents

Permalink - Posted on 2021-10-07 15:00

Led by the Civil Division’s Commercial Litigation Branch, Fraud Section, the initiative will use the False Claims Act (FCA), which makes liable anyone who knowingly submits false claims to the government. A whistleblower provision in the Act allows private parties to identify and pursue fraudulent conduct. Whistleblowers benefit from protection and receive a significant part of any recovered funds. The Civil Cyber-Fraud Initiative aims to strengthen defenses and minimize the risk of intrusion on government networks due to poor cybersecurity practices from external partners.


91.5% of Malware Arrived Over Encrypted Connections During Q2 2021

Permalink - Posted on 2021-10-06 14:00

The latest report from the WatchGuard shows an astonishing 91.5% of malware arriving over encrypted connections during Q2 2021. This is a dramatic increase over the previous quarter and means that any organization that isn’t examining encrypted HTTPS traffic at the perimeter is missing 9/10 of all malware.


Squid Game Scenes Cut Over Data Exposure

Permalink - Posted on 2021-10-06 14:00

Netflix has axed some scenes from its hit show Squid Game because the phone numbers it featured turned out to be genuine and in use by people in the real world. The deletions were made after the owners of the phone numbers received thousands of text messages and phone calls from curious Squid Game fans located around the globe.


Fired IT Administrator Revenge-Hacks School by Wiping Data, Changing Passwords

Permalink - Posted on 2021-10-06 14:00

A 29-year old wiped data on systems of a secondary school in the U.K. and changed the passwords at an IT company, in retaliatory cyber attacks for being fired. As a result of his actions, the school’s systems could no longer be accessed and remote learning was impacted at a time when pupils were at home due to the Covid-19 pandemic.


U.S. Clothing Brand Next Level Apparel Reports Phishing-Related Data Breach

Permalink - Posted on 2021-10-06 14:00

Next Level Apparel, a US clothing manufacturer and e-commerce operator, has alerted customers to a data breach connected to the compromise of employee mailboxes. “A limited number of employees’ email accounts” were compromised via phishing, which gave cybercriminals “access to the contents of the accounts at various times between February 17, 2021 and April 28, 2021,” said Next Level Apparel in a press release issued yesterday (October 5). This “resulted in unauthorized access to information contained in some email accounts, including names accompanied by Social Security numbers, financial/checking account numbers, payment card numbers, driver’s license numbers, and limited medical/health information”.


ATO Attacks Increased 307% Between 2019 and 2021

Permalink - Posted on 2021-10-06 14:00

Sift released a report which details the evolving methods fraudsters employ to launch account takeover (ATO) attacks against consumers and businesses. The report details a sophisticated fraud ring that sought to overwhelm e-commerce merchants by innovating upon typical credential stuffing campaigns. Specifically, the fraud ring, dubbed Proxy Phantom, used a massive cluster of connected, rotating IP addresses in carrying out automated credential stuffing attacks to hack user accounts on merchant websites. Using over 1.5 million stolen username and password combinations, the group flooded businesses with bot-based login attempts to conduct as many as 2,691 login attempts per second—all coming from seemingly different locations.


Hong Kong Firm Becomes Latest Marketing Company Hit with REvil Ransomware

Permalink - Posted on 2021-10-06 14:00

Hong Kong marketing firm Fimmick has been hit with a ransomware attack. Fimmick has offices in Hong Kong and across China, serving several high-profile clients like McDonalds, Coca-Cola, Shell, Asus and others. On Tuesday, it was discovered that REvil had breached Fimmick's databases and claimed to have data from a number of global brands. Lane shared screenshots showing REvil's threatening posts toward Fimmick that included information stolen from the company's website.


Massive Twitch Hack: Source Code and Payment Reports Leaked

Permalink - Posted on 2021-10-06 14:00

Twitch source code and streamers' and users' sensitive information were allegedly leaked online by an anonymous user on the 4chan imageboard. The leaker shared a torrent link leading to a 125GB archive containing data allegedly stolen from roughly 6,000 internal Twitch Git repositories.


Medtronic Urgently Recalls Insulin Pump Controllers Over Hacking Concerns

Permalink - Posted on 2021-10-06 14:00

Medtronic is urgently recalling remote controllers for insulin pumps belonging to the ‘MiniMed Paradigm’ family of products, due to severe cybersecurity risks. The controllers that should be returned to the vendor are models MMT-500 and MMT-503, used with Medtronic MiniMed 508 insulin pump and the MiniMed Paradigm family of insulin pumps. These devices were sold in the United States between August 1999 and July 2018, and it is estimated that there are 31,310 vulnerable units in use by diabetic patients in the country at the moment.


24% of Healthcare Employees Have Had No Security Awareness Training

Permalink - Posted on 2021-10-05 14:00

The security awareness training and phishing simulation platform provider KnowBe4 commissioned Osterman Research to conduct a survey on 1,000 U.S. employees to determine their level of knowledge about security threats and how much training they have been given. The findings of the survey were published in the KnowBe4 2021 State of Privacy and Security Awareness Report. The survey revealed employees are generally confident about password best practices but lacked confidence in other areas of cybersecurity such as identifying social engineering attacks. Only a minority understood threats such as phishing, even though phishing is one of the most common ways that hackers gain access to business networks and corporate data. Worryingly, less than half of respondents believed clicking a link in an email or opening an attachment could result in their mobile device being infected with malware, and 45% of respondents believe they do not need to implement additional cybersecurity safeguards because they do not work in the IT department.


The Telegraph Exposes 10 TB Database with Subscriber iInformation

Permalink - Posted on 2021-10-05 14:00

‘The Telegraph’, one of the UK’s largest newspapers and online media outlets, has leaked 10 TB of data after failing to properly secure one of its databases. The exposed information includes internal logs, full subscriber names, email addresses, device info, URL requests, IP addresses, authentication tokens, and unique reader identifiers.


Cyber Attacks Disable IT Networks at 2 Indiana Hospitals

Permalink - Posted on 2021-10-05 14:00

Both hospitals in recent weeks have had to divert patients or postpone elective procedures as COVID-19 cases surged in the state, but so far neither have said whether patient care is being affected as they deal with the data security incidents. The two hospitals - Johnson Memorial Health in Franklin and Schneck Medical Center, located about 40 miles away in Seymour - are also the latest healthcare providers in Indiana to be hit with cyberattacks suspected to potentially involve ransomware. Indianapolis, Indiana-based Eskenazi Health, which operates a public healthcare system, was hit in early August with a ransomware attack that also involved the exfiltration of patient and employee data, some of which was later posted by hackers on the dark web.


Company That Routes Billions of Text Messages Quietly Says It Was Hacked

Permalink - Posted on 2021-10-05 14:00

A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide. The company, Syniverse, revealed in a filing dated September 27 with the U.S. Security and Exchange Commission that an unknown "individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (EDT) environment was compromised for approximately 235 of its customers. A former Syniverse employee who worked on the EDT systems told Motherboard that those systems have information on all types of call records.


Barclays Hacked by Cyber Thieves Using Monzo Account

Permalink - Posted on 2021-10-04 14:00

Millions of pounds were swiped from Barclays accounts in a series of coordinated cyberattacks by a fraudster using a Monzo account and a payments initiation service provider (PISP), The Telegraph reported. The cyberattack comes on the heels of an antitrust probe into Monzo by the Financial Conduct Authority (FCA). Monzo, a London challenger bank, is accused of being in violation of financial crime controls and anti-money laundering (AML) mandates.


Sandhills Shut Down by Ransomware Attack

Permalink - Posted on 2021-10-04 14:00

Sandhills Global’s website, as well as all of their hosted publications, went offline recently, and their phones stopped working. When users tried to visit websites hosted on Sandhills’ platform, they were greeted with a Cloudflare Origin DNS error page, indicating that Cloudflare is unable to connect to Sandhills’ servers. The outages are thought to be the outcome of a Conti ransomware attack.


LockBit 2.0 Ransomware Hit Israeli Defense Firm E.M.I.T. Aviation Consulting

Permalink - Posted on 2021-10-04 14:00

LockBit 2.0 ransomware operators hit the Israeli aerospace and defense firm E.M.I.T. Aviation Consulting Ltd, threat actors claim to have stolen data from the company and are threatening to leak them on the dark web leak site of the group in case the company will not pay the ransom. It is not clear how the threat actors breached the company and when the security breach took place.


Ransomware Attack on Florida Behavioral Health Service Provider Affects 19,000 Individuals

Permalink - Posted on 2021-10-01 15:00

The Clearwater, FL-based non-profit behavioral health service provider Directions for Living was the victim of a ransomware attack on July 17, 2021. Upon detection of the attack, law enforcement was notified and third-party computer forensics experts were engaged to investigate the scope of the attack and assist with remediation efforts. The investigation concluded on August 30, 2021. A review of servers potentially accessed by the attackers confirmed they contained personal and protected health information of current and former clients, including names, addresses, dates of birth, Social Security numbers, diagnostic codes, claims information, insurance information, healthcare provider names, date of service, and certain health information. Directions for Living said its electronic medical record system was not affected and could not be accessed by the attackers and clients’ financial information was not stored on the affected servers.


Kansas: Pottawatomie County Pays Hackers to Restore Computer Systems After Cyber Attack

Permalink - Posted on 2021-10-01 15:00

Officials in Pottawatomie County say computer systems are slowly being restored after a ransom was paid to hackers. County officials say several of their servers were encrypted during a cyber attack on September 17, 2021. The county was able to resolve the attack by paying less than 10% of the hacker’s original demands. “The ransom was reduced by more than 90 percent from hackers’ original demand, an almost unheard-of outcome, every saved dollar of which is taxpayer revenue the county keeps to serve our citizens,” said County Administrator Chad Kinsley. The amount paid was not disclosed, however, WIBW-TV has filed an open records request to determine the specific amount that Pottawatomie Co. paid to resolve the ransomware attack.


Another Malaysia Carrier Allegedly Hacked and Data Exfiltrated

Permalink - Posted on 2021-10-01 15:00

Desorden Group, who recently claimed to have successfully breached ABX Express, has contacted DataBreaches.net to report yet another logistics firm breach. This time, the claimed victim is Skynet.com.my. Skynet is a carrier company in Malaysia that provides domestic and international carrier services. Desorden Group provided DataBreaches.net with proof of claim — a video taken showing Skynet’s folders, and some of the files within the folders. One file included 10,000 airwaybill records, while another .csv file contained information on 3,600 employees. Personal information in the files included names, date of birth, account numbers, phone numbers, address, email addresses, encrypted passwords but also passwords in plaintext, and more.


Former OnlyFans Employees Could Access Users' and Models' Personal Information

Permalink - Posted on 2021-10-01 15:00

Some former OnlyFans support staff employees still had access to users' data—including sensitive financial and personal information—even after they stopped working for the company used by sex workers to sell nudes and porn videos. According to a former OnlyFans employee who asked to remain anonymous because they feared retaliation, some ex-employees still had access to Zendesk, a popular customer service software used by many companies including OnlyFans, to track and respond to customer support tickets, long after leaving the company. OnlyFans uses Zendesk to respond to both users who post content and those who just pay to view that content. Motherboard was able to corroborate this with more than one former employee's access.


Neiman Marcus Data Breach Impacts 4.6 Million Customers

Permalink - Posted on 2021-10-01 15:00

Neiman Marcus disclosed that its 2020 data breach impacted about 4.6 million customers with Neiman Marcus online accounts. The personal information of these customers was potentially compromised during the incident. The bits of information include: Names, addresses, contact information; Usernames and passwords of Neiman Marcus online accounts; Payment card numbers and expiration dates (although no CVV numbers); Neiman Marcus virtual gift card numbers (without PINs); Security questions of Neiman Marcus online accounts


IKEA Admits Cameras Were Hidden in the Ceiling Above Warehouse Toilets

Permalink - Posted on 2021-10-01 15:00

IKEA has removed hidden security cameras from its warehouse in Peterborough, England, after an employee spotted one in the ceiling void while using the toilet. Workers at the Swedish flat-pack furniture giant were concerned that they may have been spied on while in the bathroom. The discovery was made last week when the lights were switched off. A member of staff spotted what appeared to be a small red light between the panels of a suspended ceiling. When they investigated, they found the hidden camera. When they looked further, they found a number of other cameras above both the men's and ladies' toilets. One worker told the Peterborough Telegraph: "They were not wireless cameras, there is a whole network of cable." IKEA admitted they had been in place since 2015. The company did not say when they were last used.


Popular Android Apps with 142.5 Million Collective Installs Leak User Data

Permalink - Posted on 2021-10-01 15:00

CyberNews security researchers found that 14 top Android apps, downloaded by more than 140 million people in total, are leaking user data due to Firebase misconfigurations. Exposed data potentially includes users’ names, emails, usernames, and more.


Thousands Affected by Ransomware Attack on Hawaii Company

Permalink - Posted on 2021-10-01 15:00

About 4,500 customers of a Honolulu payroll processing company were potentially affected by a ransomware attack that exposed Social Security numbers, dates of birth, the full names of clients and bank account information. In mid-February, Hawaii Payroll Services LLC discovered its servers and databases had been breached by an unauthorized user. The prohibited access of the servers maintaining company information happened from Feb. 15 to 16, likely by someone "able to gain access to Hawaii Payroll's systems through a compromised client account and execute a privilege escalation attack that enabled the intruder to disable and remove security software and encrypt all data residing in Hawaii Payroll's servers," according to the company.


Ransomware Attack Disrupts Hundreds of Bookstores Across France, Belgium, and the Netherlands

Permalink - Posted on 2021-09-30 15:00

Hundreds of bookstores across France, Belgium, and the Netherlands have had their operations disrupted this week after a ransomware attack crippled the IT systems of TiteLive, a French company that operates a SaaS platform for book sales and inventory management. The incident, which took place earlier this week, has impacted bookstore chains such as Libris, Aquarius, Malperthuis, Donner, Atheneum Boekhandels, and others, according to reports from news outlets in France, Belgium, and the Netherlands. This resulted in a days-long downtime of MediaLog, the company’s primary product, used by more than 1,000 bookstores, according to TiteLive’s website. The company told local news outlets on Wednesday that the entry point for the attack was a Windows-based server, that the attackers requested a huge ransom, but they don’t plan to pay.


Baby's Death Alleged to Be Linked to Ransomware

Permalink - Posted on 2021-09-30 15:00

A U.S. hospital paralyzed by ransomware in 2019 will be defending itself in court in November over the death of a newborn, allegedly caused by the cyberattack. As the Wall Street Journal reported on Thursday, the baby’s mother, Teiranni Kidd, gave birth to her daughter, Nicko Silar, on July 16, 2019, without knowing that the hospital was entering its eighth day of clawing its way back from the attack. According to court filings, health records at the hospital – Springhill Medical Center, in Mobile, Ala. – were inaccessible. A wireless tracking system for locating medical staff was still down. And, in the labor-and-delivery unit, staff were cut off from the equipment that monitors fetal heartbeats, which are normally tracked on a large screen at the nurses’ station and in the delivery room.


Data Breaches Reported by Horizon House and Samaritan Center of Puget Sound

Permalink - Posted on 2021-09-29 15:00

Horizon House, Inc., a Philadelphia, PA-based provider of mental health and residential treatment services has announced its IT systems have been hacked and the protected health information of 27,823 individuals has potentially been compromised. Suspicious activity was detected in its computer systems on March 5, 2021. An investigation was launched to determine the nature and scope of the breach, which revealed an unauthorized individual had access to its systems between March 2 and March 5, 2021. A review of files stored on the compromised systems was completed around September 3, 2021. The files contained protected health information such names, addresses, Social Security numbers, driver’s license numbers, state identification card numbers, dates of birth, financial account information, medical claim information, medical record numbers, patient account numbers, medical diagnoses, medical treatment information, medical information, health insurance information, and medical claims information.


PHI of 29,000 Patients Exposed in McAllen Surgical Specialty Center Ransomware Attack

Permalink - Posted on 2021-09-29 15:00

McAllen Surgical Specialty Center in Texas has started notifying patients about a ransomware attack that was detected on May 14, 2021. Third-party computer forensics specialists were engaged to investigate the breach and determine the nature and scope of the attack. The investigators determined unauthorized individuals had gained access to certain computers and servers on May 12, 2021 and deployed ransomware. Unauthorized access to its network was blocked on May 14. A comprehensive analysis was conducted to determine the servers and computers that had been affected, and which had potentially been accessed by the hackers. On July 22, it was determined patient data had potentially been compromised in the attack. The affected computers and servers contained a range of patient information, with the types of exposed data varying from patient to patient. Data potentially affected included names, addresses, Social Security numbers, dates of service, health insurance information, provider name, patient numbers, and medical record numbers.


Mental Healthcare Providers Report Data Breaches

Permalink - Posted on 2021-09-29 15:00

Data breaches at two American mental healthcare providers may have exposed thousands of individuals’ personal health information (PHI). Horizon House, Inc., which is in Philadelphia, Pennsylvania, warned that 27,823 people might have been impacted by a cyber-attack that took place in the late winter. A review of the files compromised in the incident determined that the unknown cyber-attacker gained access to data including names, addresses, Social Security numbers, driver’s license numbers, state identification card numbers, dates of birth, financial account information, medical claim information, medical record numbers, patient account numbers, medical diagnoses, medical treatment information, and health insurance information.


More Than Two-Thirds of Organizations Are Targets of at Least One Ransomware Attack

Permalink - Posted on 2021-09-29 15:00

Most organizations are more concerned about ransomware than other cyber-threats. This is a key finding from the 2021 Global State of Ransomware Report by cybersecurity company Fortinet. Unveiled today, the survey also reveals that while the majority of organizations surveyed indicated they are well prepared for a ransomware attack, including employee cyber training, risk assessment plans and cybersecurity insurance, there was a clear gap in what many respondents viewed as essential technology solutions. Based on the technologies viewed as essential, organizations were most concerned about remote workers and devices, with Secure Web Gateway, VPN and Network Access Control amongst the top choices. While ZTNA is an emerging technology, it should be considered a replacement for traditional VPN technology. However, the low importance of segmentation (31%) was most concerning, a critical technology solution that prevents intruders from moving laterally across the network to access critical data and IP. Likewise, UEBA and sandboxing play a crucial role in identifying intrusions and new malware strains, yet both were lower on the list. Another surprise was secure email gateway at 33%, given phishing was reported as a common entry method of attackers.


Trucking Giant Forward Air Reports Ransomware Data Breach

Permalink - Posted on 2021-09-29 15:00

Trucking giant Forward Air has disclosed a data breach after a ransomware attack that allowed threat actors to access employees' personal information. In December 2020, Forward Air suffered a ransomware attack by what was believed to be a new cybercrime gang known as Hades. This attack caused Forward Air to shut down its network, which led to business disruption and the inability to release freight for transport. An SEC filing by Forward Air states that the company lost $7.5 million of less than load (LTL) freight revenue "primarily because of the Company’s need to temporarily suspend its electronic data interfaces with its customers."


Navistar Confirms Data Breach Involved Employee Healthcare Information

Permalink - Posted on 2021-09-29 15:00

An investigation at US truck maker Navistar has revealed that a data breach on its systems exposed employee healthcare information. On June 7, Navistar filed 8-K papers with the US Security and Exchange Commission, warning investors about the incident. The notification generated press coverage about the incident from Reuters and other outlets, as investigators continued to access the scope and impact of the incident. By August 20, Navistar’s team had confirmed that attackers had “accessed and taken” the personal information of participants to its healthcare and life insurance plans. The potentially compromised data included the full names, addresses, dates of birth, and Social Security numbers of an unspecified number of Navistar employees past and present, according to an updated statement by Navistar on the breach.


Hackers Targeting Brazil's PIX Payment System to Drain Users' Bank Accounts

Permalink - Posted on 2021-09-29 15:00

Two newly discovered malicious Android applications on Google Play Store have been used to target users of Brazil's instant payment ecosystem in a likely attempt to lure victims into fraudulently transferring their entire account balances into another bank account under cybercriminals' control. Launched in November 2020 by the Central Bank of Brazil, the country's monetary authority, Pix is a state-owned payments platform that enables consumers and companies to make money transfers from their bank accounts without requiring debit or credit cards. PixStealer, which was found distributed on Google Play as a fake PagBank Cashback service app, is designed to empty a victim's funds to an actor-controlled account, while MalRhino — masquerading as a mobile token app for Brazil's Inter bank — comes with advanced features necessary to collect the list of installed apps and retrieve PIN for specific banks.


Canada: Portpass App for Vaccines Accused of Exposing User Data

Permalink - Posted on 2021-09-28 15:00

Private proof-of-vaccination app Portpass exposed personal information, including the driver's licences, of what could be as many as hundreds of thousands of users by leaving its website unsecured. On Monday evening, CBC News received a tip that the user profiles on the app's website could be accessed by members of the public. CBC is not sharing how to access those profiles, in order to protect users' personal information, but has verified that email addresses, names, blood types, phone numbers, birthdays, as well as photos of identification like driver's licences and passports can easily be viewed by reviewing dozens of users' profiles. The information was not encrypted and could be viewed in plain text.


Colossus Ransomware Hits Automotive Company in the U.S.

Permalink - Posted on 2021-09-28 15:00

A new ransomware family called Colossus has snagged at least one victim in the United States as of last week, according to security researchers at ZeroFox. Targeting Windows systems, the Colossus ransomware was used in an attack on an automotive group of dealerships based in the U.S., with its operators threatening to leak 200 GB of stolen data. The cybercriminals, who were demanding $400,000 to be paid in exchange for the decryption key, have directed the victim to contact them via a “support page” on a custom domain.


Class Action Lawsuits Filed Against San Diego Health Over Phishing Attack

Permalink - Posted on 2021-09-28 15:00

Multiple class action lawsuits have been filed against the Californian healthcare provider San Diego Health over a data breach involving the protected health information of 496,949 patients. On March 12, 2021, San Diego Health identified suspicious activity in employee email accounts and launched an investigation. On April 8, 2021, it was determined multiple email accounts containing patients’ protected health information had been accessed by unauthorized individuals between December 2, 2020 and April 8, 2021. A review of the compromised email accounts confirmed them to contain protected health information such as names, addresses, dates of birth, email addresses, medical record numbers, government ID numbers, Social Security numbers, financial account numbers, and health information such as test results, diagnoses, and prescription information.


69% of All Malware Is Ransomware

Permalink - Posted on 2021-09-28 15:00

Eighty-seven percent of ransomware attacks were aimed at servers, network equipment, and computers. In Q1, it was 71%; Financially-motivated attacks accounted for a whopping 59%; In Q2 2021, ransomware attacks increased to 69% from 63% in the previous quarter. The most common targets include education, medical, government, industrial, and scientific firms and institutions; A report by Cybereason states that 80% of organizations that paid a ransom were targeted for a second time. Among those, 46% surmised that they were attacked by the same threat actor.


Bandwidth.com Is Latest Victim of DDoS Attacks Against VoIP Providers

Permalink - Posted on 2021-09-28 15:00

Bandwidth.com has become the latest victim of distributed denial of service attacks targeting VoIP providers this month, leading to nationwide voice outages over the past few days. Earlier this month, VoIP provider VoIP.ms suffered a catastrophic week-long DDoS attack that took down almost all of their services and portals, leaving their customers without voice services. The VoIP.ms attack was an extortion DDoS attack where threat actors impersonating the ransomware group 'REvil' initially demanded one bitcoin ($45,000) to halt their attacks but later increased it to 100 bitcoins ($4.5 million).


U.K. umbrella Payroll Firm GiantPay Confirms Cyber Attack

Permalink - Posted on 2021-09-28 15:00

Giant Group, the umbrella company that has thousands of contractors on its books, has been targeted by a "sophisticated" cyber-attack that floored systems and left workers out in the cold, the biz has now confirmed. The attack happened last Wednesday (September 22) and forced the outfit – known to many as Giant Pay – to shut down its whole network, including its phone and email systems, as well as its IT infrastructure. It said last night it was still working on a "technical issue that is preventing us from getting the giant umbrella and giant accounts portals back up and running." The incident blew up last week when contractors, many of whom work in IT, were unable to contact the company or carry out payroll-related tasks.


3.8 Billion Users' Combined Clubhouse, Facebook Data Up for Sale

Permalink - Posted on 2021-09-27 15:00

On its own, the database of 3.8 billion phone numbers leaked from social-media platform Clubhouse didn’t have much value on the underground market. In fact, they were eventually dumped in a hacker forum for free. But an enterprising threat actor has reportedly combined those phone numbers with 533 million Facebook profiles leaked last April and is selling that enhanced trove of personal identifiable information (PII) to the highest bidder on the underground market. According to CyberNews, the combined Clubhouse-Facebook database includes names, phone numbers and other data, and is listed on an underground forum for $100,000 for all 3.8 billion entries, with smaller chunks of data available for less. Reportedly, the seller is still looking for buyers.


Vice Society Ransomware Gang Attacks United Health Centers of San Joaquin Valley

Permalink - Posted on 2021-09-27 15:00

The Vice Society ransomware gang claims to have conducted a ransomware attack on the California healthcare provider United Health Centers of San Joaquin Valley. United Health Centers operates more than 20 community health centers in Fresno, Kings, and Tulare counties. The cyberattack has yet to appear on the HHS’ Office for Civil Rights Breach Portal or the website of the California Attorney General and United Health Centers has not published any notification on its website at the time of writing. Under HIPAA, regulated entities have up to 60 days to issue notifications about a data breach. Bleeping Computer reports the Vice Society gang has already leaked data allegedly obtained in the attack on its data leak website, some of which contains patients’ protected health information (PHI). Databreaches.net has reviewed some of the dumped files and confirmed they contained PHI such as names, dates of birth, insurance information, dates of service, diagnostic codes, and treatment and service codes, along with a folder containing files of patients who had fallen into arrears on their accounts and were referred to debt collection agencies in 2012. Some of those files included patients’ Social Security numbers, diagnosis information, and other types of PHI.


Data Breaches Reported by Vista Radiology, Indian Creek Foundation & Mankato Clinic

Permalink - Posted on 2021-09-27 15:00

Knoxville, TN-based Vista Radiology has notified 3,634 patients about a ransomware attack experienced on July 11, 2021 which took part of its network offline. A leading computer forensics firm was engaged to conduct a full investigation into the attack. And the initial investigation appeared to suggest the sole purpose of the attack was to encrypt its systems, and that data exfiltration was not involved. However, Vista Radiology was informed on July 15 that some evidence had been found that files or folders containing patient data had been accessed and viewed. The investigation confirmed files were encrypted in the evening of July 10 with a subset of those files accessed prior to encryption.


Fifth of Healthcare Providers Report Increase in Patient Mortality After a Ransomware Attack

Permalink - Posted on 2021-09-27 15:00

According to a recent survey conducted by the Ponemon Institute, more than one fifth (22%) of healthcare organizations said patient mortality increased after a ransomware attack. Ransomware attacks on healthcare providers often result in IT systems being taken offline, phone and voicemail systems can be disrupted, emergency patients are often redirected to other facilities, and routine appointments are commonly postponed. The recovery process can take several weeks, during which time services continue to be disrupted. While some ransomware gangs have a policy of not attacking healthcare organizations, many ransomware operations target healthcare. For instance, the Vice Society ransomware operation has conducted around 20% of its attacks on the healthcare sector and attacks on healthcare organizations have been increasing. During the past 2 years, 43% of respondents said their organization had suffered a ransomware attack, and out of those, 67% said they had one while 33% said they had more than one.


Mexico: El Instituto Nacional de Medicina Genómica (Inmegen) Hit by Cyber Attack

Permalink - Posted on 2021-09-27 15:00

The same group of threat actors who recently hit the South African National Space Agency (SANSA), are now claiming to have hit a Mexican government health agency that is involved in COVID testing or research: El Instituto Nacional de Medicina Genómica. Limited data has been publicly dumped so far, but it appears to include a database called “COVID” that has a number of tables relating to collection of information on COVID-19 patients. One table, as an example, includes 400 records with fields like name, age, date of birth, email, phone, and other details. Other files in the dump contain testing results on named patients.


Two in Three Indian SMBs Paying Just Under $500,000 per Cyber Attack

Permalink - Posted on 2021-09-27 15:00

A new study by Cisco titled Cybersecurity for SMBs: Asia Pacific Businesses Prepare for Digital Defense shows that small and medium-sized businesses (SMBs) in India are exposed, under attack, and more worried about cybersecurity threats than before. According to the study, three in four (74%) SMBs in India suffered a cyber incident in the past year, resulting in 85% losing customer information to malicious actors, in addition to a tangible impact on business. More than half (62%) of SMBs in India that suffered cyber incidents in the past 12 months said that cyber-attacks cost their business more than INR 3.5 crore. Of these, 13% say that the cost was over INR 7 crore.


K and B Surgical Center & Healthpointe Medical Group Notify Patients of Hack

Permalink - Posted on 2021-09-24 15:00

K and B Surgical Center in Beverley Hills, CA has discovered an unauthorized individual gained access to its computer network. The security breach was detected on March 30, 2021, with the third-party forensic investigation confirming its network was compromised between March 25 and March 30. Upon discovery of the breach, steps were taken to prevent further unauthorized access and an investigation was launched to determine the extent of the breach. The investigation concluded on April 27, 2021 that the attacker gained access to parts of the network that contained the protected health information of patients.


Email Breaches Reported by Eastern Los Angeles Regional Center

Permalink - Posted on 2021-09-24 15:00

Eastern Los Angeles Regional Center has discovered the email account of an employee has been accessed by an unauthorized individual. Suspicious activity was detected in the email account on July 15, 2021. A password reset was performed to prevent further unauthorized access and an investigation was launched to determine the nature and scope of the breach. It was confirmed that the account was accessed for a limited period of time on July 15, 2021 and that the email account contained the protected health information of 12,921 individuals, including first and last names, Social Security numbers, ELARC-issued client identifier numbers, Tax ID numbers, medical histories, treatment or diagnosis information, and health insurance information.


Indiana: Carmel Clay Schools Notifying 15,817 After Compromise of Employee Email Accounts

Permalink - Posted on 2021-09-24 15:00

Investigation revealed that there had been unauthorized access between February 15 – February 24. It took the district, working with third-party forensic specialists, until August 31 to determine everyone who may have had personal information in the compromised accounts. On September 20, letters went out to 15,817 people who had their personal information in those compromised email accounts.


S. African Debt Firm Exposes Millions of South Africans to Harm After Data Breach

Permalink - Posted on 2021-09-24 15:00

More than a million South African citizens have potentially had their personal data exposed after a ransomware attack at a debt recovery services firm. The company in question, Debt-IN Consultants, confirmed this week (September 22) that it had been the victim of a cyber-attack which resulted in a “significant data breach” of consumer and employee personal information. More than 1.4 million South Africans are suspected to have been impacted by the incident, after Debt-IN says their data was illegally accessed from servers in April this year. Compromised information may include customer names and contact details, employment and salary information, and debt-related information including payments and balance owed to Debt-IN.


Virginia: Greensville County Public Schools Hit by Grief Threat Actors

Permalink - Posted on 2021-09-24 15:00

Grief threat actors have added another k-12 district to their list of victims who have refused to pay their ransom demands. Greensville County Public Schools in Emporia, Virginia was added to Grief’s dark web leak site on September 21. But by September 15, the district had already disclosed that they were dealing with a cyberware attack.


Illinois Discloses Breach Involving Access Control to Illinois Integrated Eligibility System

Permalink - Posted on 2021-09-23 15:00

KHQA reports that ten months after a data breach involving the Illinois Integrated Eligibility System (IES), the state is now disclosing the incident.


E.U. Chief Announces Cyber Security Law for Connected Devices

Permalink - Posted on 2021-09-23 15:00

The Commission initiative adds to an existing proposal for a Directive on Security of Network and Information Systems, commonly known as the NIS2 Directive. NIS2 expands the scope of the previous directive, by raising the cyber security requirements for digital services employed in critical sectors of the economy and society. Bart Groothuis, the lawmaker leading on the NIS2 file in the European Parliament, emphasises the complementarity of the two EU laws. While NIS2 addresses the security of critical supply chains, he says connected devices are a blind spot in the EU cybersecurity arsenal.


African Bank Warns of Data Breach with Personal Details Compromised

Permalink - Posted on 2021-09-23 15:00

African Bank has confirmed that one of its appointed professional debt recovery partners, Debt-IN, was targeted by cybercriminals in April 2021. At the time, expert security advice concluded that there was no evidence that the ransomware attack had resulted in a data breach – however, Debt-IN is now aware that the personal data of certain customers, including a number of African Bank Loan customers under debt review, has been compromised.


More Afghan Citizens' Data Exposed in Second MoD Breach

Permalink - Posted on 2021-09-23 15:00

The UK’s Ministry of Defence (MoD) has reportedly suffered a second data breach that has exposed details of more Afghan citizens who may be at risk of reprisals from Taliban forces. Earlier this week, the government department was forced to apologize for sending an email that exposed the data of more than 250 Afghan interpreters who worked for British forces during the allied occupation of the country. This included their email addresses, names and LinkedIn profile images, putting them at risk of reprisals from the Taliban, who recently retook control of Afghanistan 20 years after being ousted by British and US forces. A second data breach involving Afghan citizens who may be eligible to relocate to the UK has now been uncovered by the BBC, who revealed MoD officials sent an email earlier this month that mistakenly copied in dozens of people. This displayed the email addresses and some names of 55 Afghanis, including those from the Afghan National Army. The email informed the recipients that UK relocation officials had been unable to contact them and requested updated details.


DDoS Attacks Increased 11% in 1H 2021, Fueling a Global Security Crisis

Permalink - Posted on 2021-09-23 15:00

NETSCOUT announced findings from its report that underscore the dramatic impact cyberattacks continue to have on private and public organizations and governments worldwide. In the first half of 2021, cybercriminals launched approximately 5.4 million Distributed Denial of Services (DDoS) attacks, increasing 11% over 1H 2020 figures. Additionally, data projections point to 2021 as another record-setting year on track to surpass 11 million global DDoS attacks. This long tail of attacker innovation is expected to last, fueling a growing cybersecurity crisis that will continue to impact public and private organizations.


Colombian Real Estate Agency Leak Exposes Records of Over 100,000 Buyers

Permalink - Posted on 2021-09-23 15:00

More than one terabyte of data containing 5.5 million files has been left exposed, leaking personal information of over 100,000 customers of a Colombian real estate firm, according to cybersecurity company WizCase. The breach was discovered by Ata Hakçıl and his team in a database owned by Coninsa Ramon H, a company that specializes in architecture, engineering, construction, and real estate services. "There was no need for a password or login credentials to see this information, and the data was not encrypted," the researchers said in an exclusive report shared with The Hacker News. The data exposure is the result of a misconfigured Amazon Web Services (AWS) Simple Storage Service (S3) bucket, causing sensitive information such as clients' names, photos, and addresses to be disclosed. The details stored in the bucket range from invoices and income documents to quotes and account statements dating between 2014 and 2021.


Ransomware Attack Levels Soaring, Now Accounting for 69% of All Attacks Involving Malware

Permalink - Posted on 2021-09-23 15:00

Ransomware attacks have reached ‘stratospheric’ levels in Q2 2021, now accounting for 69% of all attacks involving malware. That is among the most disturbing finding in the latest report from Positive Technologies. The research also reveals that the volume of attacks on governmental institutions in particular soared from 12% in Q1 2021 to 20% in Q2. And the company’s Expert Security Center during the quarter discovered the emergence of B-JDUN, a new RAT used in attacks on energy companies, and Tomiris, new malware that comes with functions for gaining persistence and can send encrypted information about the workstation to an attacker-controlled server.


ANZ Reports a 73% Year-on-Year Increase in Scams for the First Eight Months of 2021

Permalink - Posted on 2021-09-23 15:00

Australia and New Zealand Group (ANZ) chief executive Shayne Elliot has encouraged the Standing Committee of Economics to prioritise the need to raise further awareness, as well as recommend additional steps industry and government could take, to address the rising number of scams. In fronting the committee, which is currently undertaking a review of the four major banks and other financial institutions, Elliot highlighted that for the first eights months of 2021, ANZ had seen a 73% increase in scams being detected or reported by customers, compared to the same time last year. Over the same period, ANZ retail customers sent AU$77 million to scammers, of which the bank was able to claw back almost AU$19 million, Elliot said.


More Than 1 in 3 People Have Tried to Guess Someone Else's Password: 3 in 4 Succeed

Permalink - Posted on 2021-09-22 15:00

New York, NY-based digital identity firm Beyond Identity spoke with 1,015 people in the US to learn more about their password-making strategies and how they generally conduct themselves in regards to online safety. Many of us already share our account passwords. Over half of us (50.1%) share our video streaming account, and almost as many share our music streaming accounts (44.9%). One in four of us (25.7%) share passwords to our online banking. On average, we share three of our passwords with other people. The study revealed that many people try to guess others' passwords and are often successful. Over 73% managed to guess someone's passwords. Over half (51.6%) try to guess their romantic partner's passwords, and almost one in four (24.6%) try to guess their child's password. Over one in five (22%) try to guess their co-worker's password, and one in five (19.9%) try to guess their ex-partner's or boss' password. The most common tactic is using information known about the other person (39.2%), while 18.4% check the person's social media profiles to try and guess. Over two in five (43.7%) try to guess passwords for personal email accounts, and almost one in three (32.6%) try to guess phone passwords.


Kansas: Pottawatomie County Cyber Attack Encrypts Multiple Servers

Permalink - Posted on 2021-09-22 15:00

Officials in Pottawatomie County are assessing the extent of a cyber attack discovered last week. Pottawatomie Co. Public Information Officer Becky Ryan confirms that county IT staff discovered an active cyber attack on Friday, September, 17. Ryan says the breach encrypted multiple servers, which prevented the access of many systems used every day. Those specific systems were not identified.


Half of Web Owners Don't Know If Their Site Has Been Attacked

Permalink - Posted on 2021-09-22 15:00

Nearly half of US website owners have so little insight into third-party code that they can’t say definitively if their site has suffered a cyber breach, according to new research from PerimeterX. According to the vendor, the challenge for these firms is the extensive use of third-party sources for code, many of which obtain their code in turn from other third parties. It claimed that 99% of firms use this extensive software supply chain for web functionality, including ad tracking, payments, customer reviews, chatbots, tag management, social media integration, and helper libraries that simplify common functions. What’s more, almost 80% of respondents said that these third-party scripts and open source libraries account for 50-70% of the capability in their website. The organizations polled recognized the potential risks involved in severe attacks on their web infrastructure, citing damage to brand and corporate reputation, loss of future revenue and potential lawsuits as potentially “huge” or “major” problems. However, 48% could not say whether their site had been attacked, up from 40% in 2020. PerimeterX argued that shadow code — scripts and libraries added without IT oversight or security vetting — is a challenge that could introduce hidden risks to the organization. Although respondents claimed to understand shadow code, only a quarter (25%) said they perform a security review for every script modification, and only a third (33%) automatically detect potential problems.


Vermont Radio Stations Dealing with Fallout from Cyber Attack

Permalink - Posted on 2021-09-22 15:00

Marketron is a national company that helps companies manage their advertisements using automation to make a once lengthy process much faster. But a cyberattack launched by the Russian outfit BlackMatter is impacting thousands of Marketron’s customers, including several stations in Vermont. Marketron says they are in talks with the Russian hackers at BlackMatter as well as the FBI to help rectify the situation as quickly as possible.


Ukrainian Hackers Hit Michigan Health Company with Ransomware

Permalink - Posted on 2021-09-22 15:00

A health care company with several locations throughout Monroe County was the target of a sophisticated cyber attack and is advising those potentially impacted to monitor their financial credit data. Earlier this month, Family Medical Center of Michigan contacted its customers to advise them of a data breach that occurred July 2020. A group of hackers based in Ukraine targeted the company in a ransomware attack, taking control of the company's financial files and encrypting them so employees would be unable to access patients' financial information. The hackers demanded FMC officials pay a sum of $30,000 to unlock those files. The company complied with the demand, said Ed Larkins, CEO of FMC.


Ransomware Victims Panicked While FBI Secretly Held REvil Decryption Key

Permalink - Posted on 2021-09-22 15:00

For three weeks during the REvil ransomware attack this summer, the FBI secretly withheld the key that would have decrypted data and computers on up to 1,500 networks, including those run by hospitals, schools, and businesses. The FBI had penetrated the REvil gang’s servers to obtain the key, but after discussing it with other agencies, the bureau decided to wait before sending it to victims for fear of tipping off the criminals, The Washington Post reports. The FBI hadn’t wanted to tip-off the REvil gang and had hoped to take down their operations, sources told the Post. Instead, REvil went dark on July 13 before the FBI could step in. For reasons that haven’t been explained, the FBI didn’t cough up the key until July 21.


Second Farming Cooperative Shut Down by Ransomware This Week

Permalink - Posted on 2021-09-22 15:00

Minnesota farming supply cooperative Crystal Valley has suffered a ransomware attack, making it the second farming cooperative attacked this weekend. At this time, it is not known what ransomware operation is behind the attack. BleepingComputer contacted Crystal Valley yesterday about the attack but has not heard back.


Microsoft Exchange Autodiscover Bugs Leak 100,000 Windows Credentials

Permalink - Posted on 2021-09-22 15:00

Bugs in the implementation of Microsoft Exchange's Autodiscover feature have leaked approximately 100,000 login names and passwords for Windows domains worldwide. In a new report by Amit Serper, Guardicore's AVP of Security Research, the researcher reveals how the incorrect implementation of the Autodiscover protocol, rather than a bug in Microsoft Exchange, is causing Windows credentials to be sent to third-party untrusted websites.


Afghan Interpreters' Data Exposed in MoD Breach

Permalink - Posted on 2021-09-21 15:00

The United Kingdom's Ministry of Defense has apologized for sending an email that exposed the data of more than 250 Afghan interpreters who worked for British forces. The email – in which the interpreters' email addresses, names, and some linked profile images were exposed – was sent by the team in charge of the UK's Afghan Relocations and Assistance Policy (ARAP) to Afghan interpreters who have either left Afghanistan or who remain in the country.


Hacker Steals $12 Million from DeFi Platform

Permalink - Posted on 2021-09-21 15:00

Wrapped Bitcoin worth more than $12m has been stolen from the decentralized finance protocol pNetwork. The cross-chain project announced the theft of 277 BTC on September 19 via Twitter, ascribing the hack to a codebase vulnerability. The theft was executed on Binance Smart Chain, which featured in the biggest ever DeFi heist in history – the $610m Poly Network hack that took place in August.


Marketron Marketing Services Hit by Blackmatter Ransomware

Permalink - Posted on 2021-09-21 15:00

On Monday, Marketron announced the incident saying that it was dealing with a “cyber event” that disrupted some of its business operations and impacted all its customers. “Currently, all Marketron services are offline,” the company announced, adding that the attack affected the Marketron Traffic, Visual Traffic Cloud, Exchange, and Advertiser Portal services. The BlackMatter ransomware is believed to be a rebrand of the DarkSide ransomware operation, which shut down after attacking Colonial Pipeline in May.


BlackMatter Hits Grain Cooperative with Ransomware Attack

Permalink - Posted on 2021-09-20 15:00

Iowa-based grain cooperative New Cooperative Inc. was struck by ransomware in recent days and has shut down its computer systems as it tries to mitigate the attack. The attack occurred on or around Friday, according to Allan Liska, senior threat analyst at the cybersecurity firm Recorded Future Inc. The ransomware gang, which goes by the name BlackMatter, is demanding a $5.9 million ransom, Liska said.


France: CMA CGM Hit by Another Cyber Attack

Permalink - Posted on 2021-09-20 14:00

CMA CGM has been hit by another cyber attack, just under one year since its last big breach. The French containerline told customers today that it had suffered a leak of data on limited customer information involving first and last names, employer, position, email address and phone number. CMA CGM said its IT teams have immediately developed and installed security patches.


Pennsylvania: Horizon House Notifying Patients of Ransomware Attack in March

Permalink - Posted on 2021-09-20 14:00

"The following types of information were present in the impacted systems and therefore potentially viewed or acquired by the unknown actor during this incident: name, address, Social Security number, driver’s license and/or state identification card number, date of birth, financial account information, medical claim information, medical record number, patient account number, medical diagnosis, medical treatment information, medical information, health insurance information, and medical claim information. Horizon House is unaware that any of the information was misused or disseminated by the unknown actor and is therefore providing this notice in an abundance of caution."


Epik Data Breach Impacts 15 Million Users, Including Non-Customers

Permalink - Posted on 2021-09-20 14:00

Epik has now confirmed that an "unauthorized intrusion" did in fact occur into its systems. The announcement follows last week's incident of hacktivist collective Anonymous leaking 180 GB of data stolen from online service provider Epik. To mock the company's initial response to the data breach claims, Anonymous had altered Epik's official knowledge base, as reported by Ars. Turns out, the leaked data dump contains 15,003,961 email addresses belonging to both Epik's customers and non-customers, and not everyone is pleased with the news. This occurred as Epik had scraped WHOIS records of domains, even those not owned by the company, and stored these records. In doing so, the contact information of those who have never transacted with Epik directly was also retained in Epik's systems.


Data of 106 Million Visitors to Thailand Breached

Permalink - Posted on 2021-09-20 14:00

A British cybersecurity researcher stumbled across his own personal data online after discovering an unsecured database containing the personal information of millions of visitors to Thailand. Bob Diachenko, leader of cybersecurity research at Comparitech, found the unprotected Elasticsearch database on August 22, 2021. Inside the 200GB digital index were records dating back ten years containing the personal details of more than 106 million international travelers. Information exposed in the publicly accessible database consisted of full names, arrival dates, gender, residency status, passport numbers, visa information, and Thai arrival card numbers.


Hacked Simon Eye Management Email Accounts Contained PHI of More Than 144,000 Patients

Permalink - Posted on 2021-09-20 14:00

Wilmington, DE-based Simon Eye Management has suffered a breach of its email environment and hackers potentially gained access to the protected health information of 144,373 patients. A comprehensive review was conducted to identify patients whose PHI was contained in emails and email attachments. The review confirmed the following types of patient data were present in the accounts: name, medical history, treatment/diagnosis information, health information, health insurance information, and insurance application and/or claims information. A subset of individuals also had their Social Security number, date of birth, and/or financial account information exposed.


EventBuilder Misconfiguration Exposes Microsoft Event Registrant Data

Permalink - Posted on 2021-09-20 14:00

Personal details of registrants to virtual events available through the EventBuilder platform have stayed accessible over the public internet, open to indexing by various engines. A report from security researcher Bob Diachenko in partnership with Clario Tech reveals that EventBuilder exposed more than one million CSV and JSON files with personal information belonging to registrants to events through Microsoft Teams. Publicly exposed details included full names, email addresses, company names and registrant’s position, phone numbers, and questionnaire feedback. The data was discovered using the Grayhat Warfare search engine.


Netherlands: Scoupy Warns of Knowledge Breach

Permalink - Posted on 2021-09-20 14:00

The Dutch cashback app Scoupy warned of a knowledge breach of its 2 million customers. Private information resembling identify, handle, place of residence, cellphone quantity, e mail handle, date of beginning, receipt and encrypted password, and encrypted checking account quantity (IBAN) seem to have been stolen.


Update: Dotty Data Breach of PII/PHI Information Confirmed

Permalink - Posted on 2021-09-17 15:00

The breach involved customer driver's license numbers, passport numbers, financial account and routing numbers, taxpayer identification numbers and credit card numbers, as well as expiration dates.


Alaska Department of Health Reveals Data Breach

Permalink - Posted on 2021-09-17 15:00

The Alaska Department of Health and Social Services (DHSS) has warned that a “highly sophisticated” cyber-attack may have exposed residents’ personal data, including financial information. Before systems were shut down attackers potentially had access to full names, dates of birth, Social Security numbers, addresses, phone numbers, driver’s license numbers, health information, and financial information. Internal identifying numbers such as for Medicaid or case reports, and historical information concerning individuals’ interaction with DHSS were also potentially exposed.


New York: Yonkers Attacked by Ransomware But Refuses to Pay Ransom

Permalink - Posted on 2021-09-17 15:00

Government employees at the City of Yonkers were denied access to their computers last week, after cyber criminals launched a ransomware attack. The city said that it refused to pay the ransom and would restore as much data as possible from backups. In the meantime, employees have been doing as much work as possible manually. This often means keeping pen and paper records that are transferred into databases when the systems are back online.


Cyber Attack Led to IT Outage at 8 Texas Cancer Clinics: 36,000 Exposed

Permalink - Posted on 2021-09-17 15:00

The cancer treatment network, which has eight locations, discovered Aug. 4 that hackers had deployed malware onto its systems, according to an Aug. 27 news release. The chain of cancer centers immediately shut down its IT network and law enforcement was contacted. Exposed information may include Social Security numbers, names, addresses, birthdates, credit card numbers and health-related information. Its experts worked daily to fully restore its IT systems and restore operations, according to an Aug. 27 data breach notification letter.


Cryptocurrency Launchpad Hit by $3 Million Supply Chain Attack

Permalink - Posted on 2021-09-17 15:00

In a Twitter thread today, SushiSwap CTO Joseph Delong announced that an auction on MISO launchpad had been hijacked via a supply chain attack. An "anonymous contractor" with the GitHub handle AristoK3 and access to the project's code repository had pushed a malicious code commit that was distributed on the platform's front end. A rogue contractor AristoK3 pushed malicious code commit 46da2b4420b34dfba894e4634273ea68039836f1 to Sushi's "miso-studio" repository. As the repository appears to be private, GitHub is throwing a 404 "not found" error to those not authorized to view the repository. So how did the "anonymous contractor" get access to the project repository in the first place? Surely there must be a vetting process somewhere at SushiSwap.


Britian: Banks Slammed for Low Fraud Reimbursement Rates

Permalink - Posted on 2021-09-16 15:00

The UK’s high street banks have been called out for “shockingly low” reimbursement rates for Authorized Push Payment (APP) fraud. APP fraud is an increasingly popular type of scam in which the fraudster — posing as a trusted entity such as a family member or business — tricks the victim into transferring money to a bank account under their control. It cost an estimated £479m in 2020. Until a voluntary banking code of conduct was recently introduced, victims had no course to reclaim funds because they technically initiated the payment. When the code was rolled out 14 months ago — in combination with pop-up warnings online if payee names and account details don’t match — it was hoped things would change. However, that doesn’t appear to have been the case, according to consumer rights group 'Which?.'


HP Omen Hub Exposes Millions of Gamers to Cyber Attack

Permalink - Posted on 2021-09-16 16:00

Millions of devices running the HP Omen Gaming Hub were using on a driver with a bug that could give attackers kernel-mode access without administrator privileges. HP has since released a patch, but a new report on the flaw (CVE-2021-3437) from researchers from SentinelLabs details how the gaming software was built in part by copying code from a problematic open-source driver called WinRing0.sys.


Customer Care Giant TTEC Hit by Ransomware

Permalink - Posted on 2021-09-16 15:00

On Sept. 14, KrebsOnSecurity heard from a reader who passed on an internal message apparently sent by TTEC to certain employees regarding the status of a widespread system outage that began on Sunday, Sept. 12. TTEC’s own message to employees suggests the company’s network may have been hit by the ransomware group “Ragnar Locker,” (or else by a rival ransomware gang pretending to be Ragnar). The message urged employees to avoid clicking on a file that suddenly may have appeared in their Windows start menu called “!RA!G!N!A!R!”


FTC: Health App and Connected Device Makers Must Disclose Data Breaches

Permalink - Posted on 2021-09-16 15:00

The Federal Trade Commission approved a policy statement Wednesday that warns makers of health apps and connected devices that collect health-related information to comply with a decade-old data breach notification rule. The policy is part of a shift towards more aggressive enforcement on technology issues at the agency under the leadership of Chair Lina Khan, who signalled more scrutiny of data-based ecosystems connected to such apps and devices may be down the line.


India Reported 11.8% Rise in Cyber Crime in 2020

Permalink - Posted on 2021-09-16 15:00

India recorded 50,035 cases of cyber crime in 2020, with a 11.8 per cent surge in such offences over the previous year, as 578 incidents of "fake news on social media" were also reported, official data showed on Wednesday. The rate of cyber crime (incidents per lakh population) also increased from 3.3 per cent in 2019 to 3.7 per cent in 2020 in the country, according to the National Crime Records Bureau (NCRB) data. In 2019, the country recorded 44,735 cases of cyber crime, while the figures stood at 27,248 in 2018, the data from corresponding years showed.


Mass Personal Data Theft from Paris Covid Tests

Permalink - Posted on 2021-09-16 15:00

Hackers stole the personal data of around 1.4 million people who took Covid-19 tests in the Paris region in the middle of 2020, hospital officials in the French capital disclosed on Wednesday. Stolen were the identities, social security numbers and contact details of people tested as well as the identities and contact details of health professionals who dealt with them, along with the test results, the hospital organisation said.


Ransomware Preparedness Is Low Despite Executives' Concerns

Permalink - Posted on 2021-09-15 15:00

86.7% of C-suite and other executives say they expect the number of cyberattacks targeting their organizations to increase over the next 12 months, according to a recent Deloitte poll. And while 64.8% of polled executives say that ransomware is a cyber threat posing major concern to their organizations over the next 12 months, only 33.3% say that their organizations have simulated ransomware attacks to prepare for such an incident.


Execs Concerned About Software Supply Chain Security, But Not Taking Action

Permalink - Posted on 2021-09-15 15:00

Venafi announced survey results highlighting the challenges of improving software supply chain security. The survey evaluated the opinions of more than 1,000 IT and development professionals, including 193 executives with responsibility for both security and software development, and revealed a glaring disconnect between executive concern and executive action. While 94% of executives believe there should be clear consequences (fines, greater legal liability for companies proven to be negligent) for software vendors that fail to protect the integrity of their software build pipelines, most have done little to change the way they evaluate the security of the software they purchase and the assurances they demand from software providers.


Walgreens' Covid-19 Test Registration System Exposed

Permalink - Posted on 2021-09-15 15:00

"If you got a Covid-19 test at Walgreens, your personal data — including your name, date of birth, gender identity, phone number, address, and email — was left on the open web for potentially anyone to see and for the multiple ad trackers on Walgreens’ site to collect. In some cases, even the results of these tests could be gleaned from that data. The data exposure potentially affects millions of people who used — or continue to use — Walgreens’ Covid-19 testing services over the course of the pandemic."


Class Action Lawsuit Filed Against St. Joseph's/Candler Over Ransomware Attack Affecting 1.4 Million Patients

Permalink - Posted on 2021-09-15 15:00

A class action lawsuit has been filed against St. Joseph’s/Candler Hospital Health System in response to a ransomware attack that occurred on June 17, 2021. The attack resulted in the encryption of files and forced the hospital’s IT systems offline. The systems accessed by the hackers contained the protected health information of 1.4 million patients, including names, Social Security numbers, driver license numbers, health insurance information, healthcare data, and financial information. St. Joseph’s/Candler offered affected patients a one-year membership to the Experian IdentityWorks credit monitoring and identity theft protection service. The investigation into the ransomware attack confirmed the hackers first accessed its network on December 18, 2020, 6 months prior to the ransomware being deployed. During that time the hackers had access to patient data stored on its systems.


Improper Disposal Incident Affecting 117,000 HealthReach Patients

Permalink - Posted on 2021-09-15 15:00

The protected health information (PHI) of 116,898 patients of Waterville, MA-based HealthReach Community Health Centers has been exposed and potentially compromised. HealthReach Community Health Centers, which operates 11 community health centers in Central and Western Maine, discovered a worker at a third-party data storage facility had improperly disposed of hard drives that contained the data of patients.


Software Supply Chain Attacks Surge 650% in a Year

Permalink - Posted on 2021-09-15 15:00

The insatiable global demand for open source code packages has led to a triple-digit year-on-year surge in upstream software supply chain attacks, according to Sonatype. The supply chain management specialist compiled its 2021 State of the Software Supply Chain report from publicly available and proprietary data. It claimed that global developers would borrow over 2.2 trillion open-source packages or components from third-party ecosystems to accelerate time-to-market. This includes Java downloaded from the Maven Central Repository, Python packages downloaded from PyPi, JavaScript from npmjs and .NET NuGet packages.


Misconfigured Firebase Databases Causing Massive Leaks

Permalink - Posted on 2021-09-15 15:00

Database security has caught the limelight as data breach incidents continue to escalate. Despite multiple warnings in the past to secure crucial databases with passwords, it appears that Firebase administrators have failed to follow the protocols and sensitive user data can still be found online. In a research project conducted in July, Avast found that around 19,300 Firebase databases from a total of 180,300 were left exposed to the internet without authentication.


Desert Wells EHR Data Too Damaged to Recover Post-Attack

Permalink - Posted on 2021-09-15 15:00

An Arizona-based family medical practice says it is attempting to reconstruct thousands of patients' electronic health records following a May ransomware attack that badly corrupted the records as well as backup data. In a Sept. 3 notification letter and data security incident notice posted on its website, 20-year-old Queens Creek, Arizona-based Desert Wells Family Medicine says a May 21 ransomware attack affected many of its IT systems, including badly corrupting patient EHRs and backup data.


Massachusetts Is Probing Huge T-Mobile Data Breach

Permalink - Posted on 2021-09-15 15:00

Massachusetts' attorney general said on Tuesday she will investigate the cyberattack against T-Mobile US Inc that exposed personal information of more than 53 million people. Maura Healey, the attorney general, announced the probe after the third-largest U.S. wireless carrier disclosed the breach on Aug. 16. read more The breach exposed names, birthdays, social security numbers, driver's license information, PIN numbers and other data belonging to an estimated 13.1 million current and 40 million former and prospective T-Mobile customers.


Pennsylvania: Indian Creek Foundation Provides Notification Ransomware Incident

Permalink - Posted on 2021-09-14 15:00

On February 6, 2021, ICF discovered that portions of its computer network were infected with malware that encrypted certain systems. ICF promptly took the affected systems offline, initiated other containment measures, and with the assistance of third-party forensic specialists, launched an investigation into the nature and scope of the incident. The investigation confirmed that certain folders may have been accessed or removed from ICF systems without authorization on February 6, 2021. ICF therefore undertook a lengthy, time-intensive, and thorough review of the potentially impacted folders and its internal files and systems in order to identify the information that was potentially impacted and to whom it related. In conjunction with this review, on or about April 15, 2021, a third-party firm was engaged to programmatically and manually review the information at issue in order to identify impacted individuals and the types of data associated with those individuals. Concurrently, ICF internally reviewed its databases. and, on or about July 14, 2021, first determined that one or more of the potentially impacted folders included protected information related to individuals. ICF continued to diligently review and reconcile the information with its internal records in furtherance of identifying the individuals to whom the data related and the appropriate contact information for those individuals. Those efforts were completed on or around August 24, 2021, at which time ICF determined the scope of impacted individuals and the types of data associated with those individuals as a result of the extensive internal review. ICF thereafter worked to provide notification to potentially impacted individuals as quickly as possible. Although the information varies by individual, the involved ICF systems contained the following types of information at the time of the incident: name, Social Security number, driver’s license number, health insurance information, medical treatment/diagnosis information, and financial account information.


Texas Medical Provider Waited Months to Send Patients Letters About Ransomware Attack

Permalink - Posted on 2021-09-14 15:00

A local health care provider attacked by a ransomware virus did not send letters to patients informing them of the data breach for months, KHOU 11 Investigates has confirmed. Gastroenterology Consultants mailed notices to more than 161,000 patients on Aug. 6, informing them of a “data security incident” that occurred on Jan. 10.


Hacker Compromises Personal Data of NEISD Employees

Permalink - Posted on 2021-09-14 15:00

The North East ISD is alerting current and former employees that a hacker has compromised their personal information. District officials say the cyberattack in late August hacked the email of an employee who handles wire transfers in the payroll department. The hacker tried to have the money wired to a different bank, but the district’s systems detected the irregularity before the funds were transferred. But the hacked employee had access to about five-thousand other employees’ personal information.


Patients Sue DuPage Medical Group Over July 2021 Ransomware Attack

Permalink - Posted on 2021-09-14 15:00

Two DuPage Medical Group patients are taking legal action against the healthcare provider following a July 2021 ransomware attack in which patients’ protected health information was exposed. DuPage Medical Group suffered the ransomware attack in mid-July. The forensic investigation determined unauthorized individuals had gained access to its computer network between July 12 and July 13, and deployed ransomware in an attempt to extort money. The attack caused a major computer and phone outage that lasted around a week. On August 17, the forensic investigators confirmed hackers had gained access to parts of the computer network that contained the protected health information of 655,384 patients, and potentially viewed or obtained patient names, addresses, dates of birth, diagnosis codes, medical procedure codes, and treatment dates. Some Social Security numbers may also have been compromised.


Bot Attacks Grow 41% in First Half of 2021

Permalink - Posted on 2021-09-14 14:00

A new cybercrime report from LexisNexis Risk Solutions has found that bot attacks are up significantly in 2021, growing by 41% in the first half of the year. The biannual report found that the financial services industry and media businesses are facing the brunt of bot attacks while human-initiated attacks fell by 29%. According to the report, financial services companies saw 683 million bot attacks from January to June, while media companies dealt with 351 million, up 174% year over year. The LexisNexis Risk Solutions Cybercrime report is compiled by analysing 28.7 billion transactions over the six-month period through LexisNexis' Digital Identity Network. Digital transactions overall are up nearly 30% this year.


Close to Half of On-Prem Databases Contain Vulnerabilities with Many Critical Flaws

Permalink - Posted on 2021-09-14 14:00

Imperva released the results of the study on Tuesday, which analyzed roughly 27,000 databases and their security posture. In total, 46% of on-premises databases worldwide, accounted for in the scan, contained known vulnerabilities. On average, each database contained 26 security flaws, with 56% ranked as a "high" or "critical" severity bug -- including code execution vulnerabilities that can be used to hijack an entire database and the information contained within. France was the worst offender for unprotected databases, with 84% of those scanned containing at least one vulnerability -- and the average number of bugs per database was 72. Australia followed with 65% (20 vulnerabilities on average), and then Singapore (64%, 62 security flaws per database), the United Kingdom (61%, 37 bugs on average), and China (52%, 74 security issues per database). In total, 37% of databases in the United States contained at least one known vulnerability, and these databases contained an average of 25 bugs.


Financial Services Firms Spend Over $2 Million on Ransomware Recovery

Permalink - Posted on 2021-09-14 14:00

Global financial services firms spent more than $2m on average recovering from a ransomware attack last year, according to new data from Sophos. The UK security vendor polled 550 IT decision-makers in mid-sized financial sector firms around the globe to compile its State of Ransomware in Financial Services 2021 report. It found that a third (34%) of firms in the vertical were hit by ransomware in 2020, with half (51%) admitting their attackers managed to encrypt data. However, although most (62%) were able to restore scrambled data from backups, the recovery costs ascribed to victim organizations from the sector were much higher than the average across all verticals ($1.85m). The figure is also surprising considering that only a quarter (25%) of financial services victims paid the ransom demand — the second-lowest payment rate of all industries surveyed and below the global average of 32%.


Only 30% of Enterprises Use Cloud Services with E2E Encryption for External File Sharing

Permalink - Posted on 2021-09-13 15:00

A recent study of enterprise IT security decision makers conducted by Tresorit shows that majority of enterprises use additional encryption methods to boost the security of cloud collaboration and file transfer, however, tools with built-in end-to-end encryption are still less frequent despite the growing popularity of this privacy and security enhancing technology. Close to three quarters of respondents feel that having an ultra-secure solution to share files externally is more important in the hybrid work era. Their top three concerns when it comes to external file sharing are: government surveillance, the ability to control granular user permission to files, and unintentional errors by employees such as accidentally sending a confidential file in an email to a wrong recipient.


UAE: Moorfields Eye Hospital in Dubai Sees More Staff and Patient Data Dumped

Permalink - Posted on 2021-09-13 15:00

In August, threat actors calling themselves AvosLocker announced that they had attacked Moorfields NHS UK & Dubai. DataBreaches.net’s investigation at that point indicated that the data they provided as proof came from the Dubai hospital and did not involve any UK personnel or patients. In a statement to this site, Moorfields confirmed that there had been a breach but that it only impacted Dubai, and those Dubai patients who had some identity information stolen had been notified. On September 1, the threat actors dumped the remainder of the data they had exfiltrated from the specialty eye hospital.


Fitness Tracker Data Breach Exposed 61 Million Records and User Data Online

Permalink - Posted on 2021-09-13 15:00

On June 30th, 2021 the WebsitePlanet research team in cooperation with Security Researcher Jeremiah Fowler discovered a non-password protected database that contained over 61 million records belonging to users around the world. The massive amount of exposed records were related to IOT health and fitness tracking devices. Upon further investigation there were multiple references to “GetHealth”, a New York City based company that offers a unified solution to access health and wellness data from hundreds of wearables, medical devices and apps.


Department of Justice and Constitutional Development of South Africa Hit by a Ransomware Attack

Permalink - Posted on 2021-09-13 15:00

A ransomware attack hit the Department of Justice and Constitutional Development of South Africa, multiple services, including email and bail services have been impacted. The department revealed that the security breach took place on September 6, the IT staff notified law enforcement and is working with them to quickly restore the operations. At the time of this writing there, the DOJCD has yet to reveal the ransomware family that infected its systems.


BlackMatter Ransomware Hits Medical Technology Giant Olympus

Permalink - Posted on 2021-09-13 15:00

A ransom note left behind on infected computers claimed to be from the BlackMatter ransomware group. “Your network is encrypted, and not currently operational,” it reads. “If you pay, we will provide you the programs for decryption.” The ransom note also included a web address to a site accessible only through the Tor Browser that’s known to be used by BlackMatter to communicate with its victims.


HBP Financial Services Group Notice of Breach

Permalink - Posted on 2021-09-10 15:00

HBP Financial Services Group, LTD (HBP), which serves as the practice administrator for Pathology Consultants of New London, PC (PCNL), was the victim of an IT incident that resulted in the unauthorized access to two HBP email accounts. The investigation revealed that the first sign of unauthorized access occurred between April 30, 2021 and May 20, 2021. The investigation also revealed that the hackers sole focus was to commit financial fraud against HBP.


Philadelphia Mental Health Service Provider Breach Affects 29,000 Patients

Permalink - Posted on 2021-09-10 15:00

The Wedge Recovery Centers, a mental health service provider based in Philadelphia, Pennsylvania, discovered suspicious activity within the computer network on June 25, 2021 which indicated unauthorized individuals had breached the security defenses. Steps were immediately taken to block further access and an investigation was launched to determine the nature and scope of the breach. The investigation confirmed an unauthorized actor had gained access to its network on June 25, 2021; however, no evidence was uncovered during the course of the investigation to suggest any individual’s information had been subjected to actual or attempted misuse as a result of the security breach. A comprehensive review was conducted of all data potentially affected and that process is ongoing; however, it has now been confirmed that the following types of information were stored in files on parts of the network that were compromised: Name, address, date of birth, Social Security number, and treatment and health insurance information.


Singapore: MyRepublic Discloses Data Breach Exposing Government ID Cards

Permalink - Posted on 2021-09-10 15:00

MyRepublic Singapore has disclosed a data breach exposing the personal information of approximately 80,000 mobile subscribers. MyRepublic states that the data storage has since been secured, but not before an unauthorized person had accessed the data of 79,388 mobile subscribers based in Singapore. The exposed data include identity verification documents for applications for mobile services, including: For affected Singapore citizens, permanent residents, and employment and dependent pass holders — scanned copies of both sides of NRICs; For affected foreigners — proof of residential address documents e.g., scanned copies of a utility bill; and


Organizations Struggling to Develop Cloud Applications That Meet Security Requirements

Permalink - Posted on 2021-09-09 15:00

According to a Security Compass research, in mid-sized to large enterprises, 50% of the software applications being developed are cloud based, and another 30% are expected to migrate to the cloud within the next two years. However, ensuring a secure cloud infrastructure requires a substantial investment in skills and dedication to designing processes that take both risks and business needs into account.


91% of IT Teams Have Felt "Forced" to Trade Security for Business Operations

Permalink - Posted on 2021-09-09 15:00

HP Wolf Security published a new study, the Security Rebellions & Rejections report, which combines data from an online YouGov survey targeting office workers that adopted WFH and global research conducted with IT decision-makers. In total, 91% of those surveyed said that they have felt "pressured" to compromise security due to the need for business continuity during the COVID-19 pandemic. 76% of respondents said that security had taken a backseat, and furthermore, 83% believe that working from home has created a "ticking time bomb" for corporate security incidents.


Israel: Mass Data Leak After Bar Ilan University Refuses to Pay Hacker $2.5 Million

Permalink - Posted on 2021-09-09 15:00

Hundreds of thousands of documents and lists containing personal details of students and lecturers at Bar Ilan University have been leaked online, after the institution refused to pay some $2.5 million demanded by a hacker. After the money wasn’t paid, the hacker leaked research, lab documents, papers and lists containing personal information of thousands of people — totaling some 20 terabytes — on the hacker’s website and in a Telegram group.


S. Carolina: Dorchester County Government Notice of February Security Incident

Permalink - Posted on 2021-09-09 15:00

Dorchester County Government (“Dorchester“) announced today a phishing incident involving email accounts within its email environment. The phishing incident resulted in unauthorized access to certain information collected and maintained by the County for a variety of reasons, including names, addresses, email addresses, dates of birth, Social Security numbers, driver’s license numbers, financial account numbers, credit card and debit card numbers, usernames and passwords, and medical information. Dorchester is issuing this notice to inform individuals of this incident and provide some recommendations on ways to protect personal information.


S. Africa: International Hacker Group Claims Responsibility for Space Agency Leak

Permalink - Posted on 2021-09-09 15:00

A new internet hacking group has claimed responsibility for a data breach at the South African National Space Agency (SANSA). The group, CoomingProject, emerged recently and according to claims made on its website, it has a list of victims across the world. SANSA confirmed that a data breach took place and said the situation is under control on 6 September. The Agency said it caught wind of a possible breach to its IT system when a file containing SANSA information was found in the public domain.


U.N. Computer Networks Breached by Hackers Earlier This Year

Permalink - Posted on 2021-09-09 15:00

Hackers breached the United Nations’ computer networks earlier this year and made off with a trove of data that could be used to target agencies within the intergovernmental organization. The hackers’ method for gaining access to the UN network appears to be unsophisticated: They likely got in using the stolen username and password of a UN employee purchased off the dark web. The credentials belonged to an account on the UN’s proprietary project management software, called Umoja. From there, the hackers were able to gain deeper access to the UN’s network, according to cybersecurity firm Resecurity, which discovered the breach. The earliest known date the hackers obtained access to the UN’s systems was April 5, and they were still active on the network as of Aug. 7.


Data Breach Lawsuit Against Sonic Will Proceed

Permalink - Posted on 2021-09-09 15:00

Litigation filed against American fast-food chain Sonic over a 2017 data breach has been allowed to proceed. Financial institutions brought a lawsuit against Sonic Corp after it emerged that financial data belonging to customers of the restaurant had been stolen in a cyber-attack. The attacker(s) installed malware on a point-of-sale system used at hundreds of Sonic franchises. In a data breach notice issued at the time of the attack, Sonic stated: “Sonic Drive-In has discovered that credit and debit card numbers may have been acquired without authorization as part of a malware attack experienced at certain Sonic Drive-In locations.” Sonic is based in Oklahoma City and has nearly 3,600 locations across 45 US states. An investigation into the attack found that customers’ payment card data had been exposed at more than 700 Sonic franchised drive-in locations. Under Sonic’s franchise agreement, the franchisees were required to give Sonic access to their transaction data through a Sonic-managed virtual private network (VPN). Hackers accessed this data using VPN credentials issued to a transaction-processing service by Sonic.


Attacker Breakout Time Now Less Than 30 Minutes

Permalink - Posted on 2021-09-09 15:00

The average time it takes threat actors to move from initial access to lateral movement has fallen by 67% over the past year, putting extra pressure on security operations (SecOps) teams, according to CrowdStrike. The findings come from the security firm’s own investigations with customers across around 248,000 unique global endpoints. For incidents where this “breakout time” could be derived over the past year, it averaged just 1 hour 32 minutes. However, in over a third (36%) of intrusions, adversaries managed to move laterally to additional hosts in under 30 minutes.


Hackers Leak Passwords for 500,000 Fortinet VPN Accounts

Permalink - Posted on 2021-09-09 15:00

A threat actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer. While the threat actor states that the exploited Fortinet vulnerability has since been patched, they claim that many VPN credentials are still valid. This leak is a serious incident as the VPN credentials could allow threat actors to access a network to perform data exfiltration, install malware, and perform ransomware attacks.


New Mēris Botnet Breaks DDoS Record with 21.8 Million RPS Attack

Permalink - Posted on 2021-09-09 15:00

News about a massive DDoS attack hitting Yandex broke this week in the Russian media, which described it as being the largest in the history of the Russian internet, the so-called RuNet. Details have emerged today in joint research from Yandex and its partner in providing DDoS protection services, Qrator Labs. Information collected separately from several attacks deployed by the new Mēris (Latvian for ‘plague’) botnet, showed a striking force of more than 30,000 devices. From the data that Yandex observed, assaults on its servers relied on about 56,000 attacking hosts. However, the researchers have seen indications that the number of compromised devices may be closer to 250,000.


Thailand: Hacker Steals 40,000 Patients' Data from Kidney Hospital

Permalink - Posted on 2021-09-08 15:00

The personal details of more than 40,000 patients at Bhumirajanagarindra Kidney Institute Hospital have been stolen by a hacker, hospital director Thirachai Chantharotsiri said on Wednesday. Dr Thirachai said staff of the hospital in Ratchathewi district of Bangkok could not access the database of patients on Monday. A check on the system found that the information had been stolen. The stolen data included patients' personal information and treatment history, he said.


W. Virginia: Bridgeport City Government Hacked, Residents Put on Notice

Permalink - Posted on 2021-09-08 15:00

Residents of Bridgeport have been notified city government was hacked in late May of this year. A five-page letter to residents said city IT systems were encrypted by ransomware that lets hackers hold data until a ransom is paid. There is no proof hackers were able to access information, but information that was available includes social security numbers, birth dates, addresses, driver’s license numbers and any other information used to establish any city account.


New Zealand Banks, Post Office Hit by Outages in Apparent Cyber Attack

Permalink - Posted on 2021-09-08 15:00

Websites of a number of financial institutions in New Zealand and its national postal service were briefly down on Wednesday, with officials saying they were battling a cyber attack. The country's Computer Emergency Response Team (CERT) said it was aware of a DDoS (distributed denial of service) attack targeting a number of organisations in the country. It was "monitoring the situation and are working with affected parties where we can," CERT said on its website. Some of the affected websites affected by the attack according to local media reports included Australia and New Zealand Banking Group's New Zealand site and NZ Post.


Howard University Announces Ransomware Attack, Shuts Down Classes on Tuesday

Permalink - Posted on 2021-09-07 15:00

Howard University announced on Monday that it has been hit with a ransomware attack, forcing the school to shut down classes on Tuesday, according to a statement from the prominent HBCU. The school said that on September 3, members of their technology team noticed "unusual activity" on the university's network and shut it down in order to investigate the problem. They later confirmed it was a ransomware attack but did not say which group was behind the attack. The school was forced to cancel all classes on Tuesday in order to address the issue and the campus is only open to essential employees. Even the campus Wi-Fi is down. They noted that some cloud applications will remain accessible to students and that they will continue to update students and faculty at 2pm each day.


Nevada Restaurant Services, Inc. Provides Notice of Data Privacy Event

Permalink - Posted on 2021-09-07 15:00

Scope of information potentially involved includes individuals’ name, date of birth, Social Security number, driver’s license number or state ID number, passport number, financial account and/or routing number, health insurance information, treatment information, biometric data, medical record, taxpayer identification number, and credit card number and/or expiration date.


Thailand: 10,000 Patients Have Data Stolen After Medical Sector Breach

Permalink - Posted on 2021-09-07 15:00

Officials have rushed to downplay the theft by a hacker of more than 10,000 patients' personal details from Phetchabun Hospital, describing the information as "not important". Phetchabun governor Krit Kongmuang was among those who responded to initial reports on social media that the data of 16 million patients of the Public Health Ministry had been hacked and put up for sale on Sunday. On Tuesday morning Mr Krit quoted the Phetchabun public health office as reporting that data was lost from Phetchabun Hospital, but involved nowhere near as many as 16 million patients. It was only records of patient admissions and discharges, he said. It was not important.


Pennsylvania: Penelec Customers Must Reset Passwords After Security Breach

Permalink - Posted on 2021-09-07 15:00

The parent company of Penelec and other electric companies in our state, the First Energy Corporation, is requiring all customers to reset their passwords due to a security breach. First Energy disabled the online accounts and asked customers to reset the passwords on Friday after detecting hackers making numerous unauthorized attempts to log into customer accounts. Although the majority of the hacking attempts were unsuccessful, some of the logins were completed.


Netherlands: Hacker Puts Stolen Data Online Because College Refuses to Pay

Permalink - Posted on 2021-09-07 15:00

The hacker who earlier this month stole data from students and employees of the Hogeschool van Arnhem en Nijmegen (HAN) has put it on the internet. RTL Nieuws reports this on Tuesday after viewing the data. The hacker demanded a ransom, but the university previously said it would not pay. The person, who uses the pseudonym ‘masterballz’ on the internet, then decided to put the data online. According to RTL News, the stolen data is now distributed via a popular download service.


Ireland: Credit Unions Demand Assurances from Central Bank After Data Leak Blunder

Permalink - Posted on 2021-09-07 15:00

A leading credit union body is seeking assurances from the Central Bank that it can protect the personal data of people who have to register with it. The call from the Irish League of Credit Unions comes after the Central Bank mistakenly gave out the names and home addresses of credit union bosses. The data breach has forced the bank to apologise after it messed up by releasing the personal information to a third party. Names and addresses of around 50 credit union chairpersons and chief executives, many of whom hold keys to credit union premises, were given out in error. The league has also questioned the move by the Central Bank to seek to record more personal information from credit union leaders.


Data Breaches at Business Associates Affect LifeLong Medical Care & Beaumont Health Patients

Permalink - Posted on 2021-09-07 15:00

LifeLong Medical Care, a Californian healthcare provider serving patients in Alameda, Contra Costa, and Marin Counties, has notified certain patients whose protected health information was impacted in a ransomware attack on the third-party vendor Netgain Technologies. Netgain Technologies discovered a security breach on November 24, 2020 involving ransomware. An internal investigation into the breach determined on February 25, 2021 that the attackers had accessed and obtained files containing the information of its customers. The attackers first breached its systems on November 15, 2020. LifeLong Medical Care said it launched a comprehensive investigation into the breach and discovered on August 9, 2021 that the personal and protected health information of patients was accessed and/or exfiltrated from Netgain’s network. Affected patients had their full name compromised along with one or more of the following data elements: Social Security number, date of birth, patient cardholder number, and/or treatment and diagnosis information.


Jenkins Hit as Atlassian Confluence Cyber Attacks Widen

Permalink - Posted on 2021-09-07 15:00

A just-patched, critical remote code-execution (RCE) vulnerability in the Atlassian Confluence server platform is suffering wide-scale exploitation, the Feds have warned – as evidenced by an attack on the popular Jenkins open-source automation engine. In July, Atlassian patched a serious flaw in its Jira platform, which is a proprietary bug-tracking and agile project-management tool used for software development. It’s often tied to the Confluence platform through single sign-on (SSO) capabilities. The issue tracked as CVE-2020-36239 could enable remote, unauthenticated attackers to execute arbitrary code in some Jira Data Center products, thanks to a missing authentication check in Jira’s implementation of Ehcache, which is an open-source, Java distributed cache for general-purpose caching.


Cyber Attack on Washington D.C. University Confirmed

Permalink - Posted on 2021-09-07 15:00

Classes were canceled at a private university in Washington DC today following a cyber-attack. Unusual activity was discovered on the Howard University (HU) network last Friday by HU's information technology team. On Monday, the university announced that it was working with forensic experts and law enforcement to investigate a suspected ransomware attack. While the investigation is ongoing, HU's Enterprise Technology Services (ETS) shut down the university's network.


Dotty Cyber Incident May Have Leaked Sensitive Customer Information

Permalink - Posted on 2021-09-07 15:00

A cyber-attack on US fast food and gambling chain Dotty’s has exposed the personal data of customers, the company has warned. Dotty’s, a fast food chain which offers gambling services across 175 locations, is owned and operated by Nevada Restaurant Services (NRS). NRS said that malware was discovered on “certain computer systems” on January 16, 2021, allowing an unauthorized individual to gain access to, and copy, data. Potential datasets that were accessed include customer names, dates of birth, Social Security numbers, driver’s license or state ID numbers, passport numbers, financial account and/or routing numbers, health insurance information, treatment information, biometric data, medical records, taxpayer identification numbers, and credit card numbers and/or expiration dates.


Personal Data of 2 Million Moroccans Leaked Online

Permalink - Posted on 2021-09-07 15:00

Personal data of more than 2 million Moroccans was leaked by hackers, said the French cyber security website Zataz, on September 3. Cyber-snooping into people’s personal information is a very concerning matter. According to Zataz, the intentional release of private and personal data took place on Friday night. The cyber-attack exposed the identity, profession, employer name, and email address of 2 million Moroccan netizens. The hacker’s invasion of privacy includes illegally sharing postal addresses, photographs, and emails of students in electrical, civil, and industrial engineering, computer engineering, mechanics, computer modeling, and telecommunications engineering.


Germany Admits Police Used Controversial Pegasus Spyware

Permalink - Posted on 2021-09-07 15:00

The German government admitted Tuesday that its federal police service used controversial Israeli spyware known as Pegasus, parliamentary sources told AFP, drawing immediate criticism from rights groups. Germany's BKA federal police bought the software from Israel's NSO Group in late 2019, a closed-door parliamentary committee heard from government officials. The admission, recounted to AFP by sources at the meeting, confirmed earlier reports in German media outlets Zeit, Sueddeutsche, NDR and WDR.


Personal Details of 8,700 French Visa Applicants Exposed by Hackers

Permalink - Posted on 2021-09-07 15:00

The Ministry of Foreign Affairs and the Ministry of the Interior – who jointly manage France-Visas – announced on Friday (August 3) that the cyber-attack had targeted a section of the site, which receives approximately 1.5 million applications per month. Those whose details were revealed have been sent messages “containing safety recommendations and precautionary measures.” The French information science commission, Cnil, was informed about the attack and a judicial investigation is currently underway.


39% of All Internet Traffic Is from Bad Bots

Permalink - Posted on 2021-09-07 15:00

Automated traffic takes up 64% of internet traffic – and whilst just 25% of automated traffic was made up by good bots, such as search engine crawlers and social network bots, 39% of all traffic was from bad bots, a Barracuda report reveals. The report also included a breakdown of bad bot traffic by location. It revealed that North America accounts for 67% of bad bot traffic, followed by Europe (22%) and then Asia (7.5%).


IoT Attacks Skyrocket, Doubling in 6 Months

Permalink - Posted on 2021-09-07 15:00

The first six months of 2021 have seen a more than 100-percent growth in cyberattacks against internet-of-things (IoT) devices, researchers have found. According to a Kaspersky analysis of its telemetry from honeypots shared with Threatpost, the firm detected more than 1.5 billion IoT attacks – up from 639 million during the previous half year, which is more than twice the volume.


McDonald's Leaks Password for Monopoly VIP Database to Winners

Permalink - Posted on 2021-09-07 15:00

A bug in the McDonald's Monopoly VIP game in the United Kingdom caused the login names and passwords for the game's database to be sent to all winners. After skipping a year due to COVID-19, McDonald's UK launched their popular Monopoly VIP game on August 25th, where customers can enter codes found on purchase food items for a chance to win a prize. These prizes include £100,000 in cash, an Ibiza villa or UK getaway holiday, Lay-Z Spa hot tubs, and more. Unfortunately, the game hit a snag over the weekend after a bug caused the user name and passwords for both the production and staging database servers to be in prize redemption emails sent to prize winners. An unredacted screenshot of the email sent to prize winners was shared with BleepingComputer by Troy Hunt that shows an exception error, including sensitive information for the web application. This information included hostnames for Azure SQL databases and the databases' login names and passwords, as displayed in the redacted email below sent to a Monopoly VIP winner.


New York: Student Sues Syracuse University Over Data Breach

Permalink - Posted on 2021-09-03 15:00

A private university in New York State is being sued for negligence by one of its students over a data breach that may have exposed thousands of Social Security numbers. Syracuse University (SU) suffered a data breach on September 25 last year after an employee fell victim to a phishing attack and clicked on a malicious link. The compromised account was secured by September 28, but the security incident may have exposed the names and social security numbers of nearly 10,000 students, alumni and university applicants. An investigation into the security incident, which finished on January 14, was reportedly unable to definitively state whether files containing names and security numbers had been accessed by an unauthorized third party.


Maine: Town of Deerfield Notifies of Breach

Permalink - Posted on 2021-09-03 15:00

An unauthorized third party viewed or acquired the personal information of several residents in a March 25 data breach. Springbrook Software, Deerfield’s data storage provider, notified the town of the incident after it completed an investigation May 6 and the town made a formal announcement Aug. 31 after residents received notification of the breach. This incident had actually been reported to the Maine Attorney General’s Office on August 26 as impacting 8,104 individuals. That notification also indicated that driver’s license information “or Non-Driver Identification Card Number” may have been involved for individuals.


Texas: Dallas Independent School District Reveals Breach

Permalink - Posted on 2021-09-03 15:00

The Dallas Independent School District recently received notice of a data security incident involving the district’s electronic records that may affect former and current students, alumni, parents, and district employees. Texas school districts have been frequent targets of ransomware threat actors (in fact, the whole k-12 sector has been frequently attacked). The district reports that it became aware of an incident on August 8th.


New Zealand: Vocus Internet Service Taken Down in DDoS Attack

Permalink - Posted on 2021-09-03 15:00

New Zealand's third largest internet provider Vocus NZ said on Friday its response to a cyberattack temporary triggered a widespread internet outage. The company said its systems blocked a denial of service (DDoS) attack on one user but in doing so caused some Vocus customers in the country's largest cities - Auckland, Wellington and Christchurch - to suffer outages.


Earnings Transcripts Mention Cyber Security 33% More in First Half of 2021

Permalink - Posted on 2021-09-02 16:00

Companies are increasingly mentioning cybersecurity in their earnings reports, according to a new study from analytics company GlobalData. In the first half of 2021, mentions of 'cybersecurity' in earnings transcripts grew by 33%, with particularly stark growth since Q2 2020. Cybersecurity-related risk mentions grew at a similar pace in 2020, increasing by about 30% compared to 2019.


U.S. Farm Loses $9 Million in the Aftermath of a Ransomware Attack

Permalink - Posted on 2021-09-02 16:00

A US farm lost a whopping $9 million due to a temporary shutdown of its farming operations following a ransomware attack earlier this year, the FBI said this week. The incident, which took place in January 2021 after hackers gained access to the farm’s internal network through compromised admin credentials, is part of a series of examples the FBI included in a private security alert the agency sent on Wednesday to organizations in the US food and agriculture sector.


FTC Bans SpyFone Company, CEO From Surveillance Business

Permalink - Posted on 2021-09-02 15:00

The U.S. Federal Trade Commission has, for the first time ever, banned a company and its CEO from the surveillance business in the U.S. Stalkerware service provider company SpyFone and its CEO, Scott Zuckerman, were banned for allegedly harvesting and sharing data through a hidden backdoor. The FTC approved the ban after it had lodged an administrative complaint against Support King LLC, a Puerto Rico-based limited liability company that formerly did business as SpyFone.com.


WhatsApp Issued Second-Largest GDPR Fine of €225 Million

Permalink - Posted on 2021-09-02 15:00

It is the largest fine ever from the Irish Data Protection Commission, and the second-highest under EU GDPR rules. Facebook, which owns WhatsApp, has its EU headquarters is in Ireland, and the Irish regulator is the lead authority for the tech giant in Europe. WhatsApp said it disagrees with the decision, and the severity of the fine, and plans to appeal. The fine relates to an investigation which began in 2018, about whether WhatsApp had been transparent enough about how it handles information. The issues involved were highly technical, including whether WhatsApp supplied enough information to users about how their data was processed and if its privacy policies were clear enough.


Finance Firms Faced Up to £760,000 Costs per DNS Attack During Pandemic

Permalink - Posted on 2021-09-02 15:00

Figures from research firm IDC showed that during the pandemic, 91% of financial services companies across the world were hit by DNS attacks in the form of phishing, distributed denial of service (DDoS) and DNS-based malware. According to the IDC 2021 Global DNS threat report, research carried out with network security company EfficientIP found that 52% of finance firms were hit by phishing attacks and 42% were hit by DNS-based malware. Individually, financial services firms faced an average of 8.3 attacks each over the past 12 months, compared with the global average of 7.6 attacks. It took financial services companies more than six hours on average to mitigate attacks, compared with just over five and a half hours for companies across all sectors. The biggest problems caused to them included cloud service and application downtime, which have high recovery costs and reputational damage associated with them.


Career Group, Inc. Notifies More Than 49,000 After Paying Ransom to Threat Actors

Permalink - Posted on 2021-09-01 15:00

Career Group Inc. suffered a ransomware attack recently and is notifying those impacted. In a copy of the notification submitted to the Maine Attorney General’s Office, they report that on July 2, Career Group Companies detected potential unauthorized access to its network. Investigation confirmed unauthorized access and some data exfiltration between June 28, 2021 and July 7, 2021. They paid the unidentified threat actors an undisclosed amount, because their notification states.


Wawa Paying $9 Million in Data Breach Settlement

Permalink - Posted on 2021-09-01 15:00

Wawa is paying out up to $9-million in cash and gift cards related to a data breach that exposed customers' credit and debit card numbers and names. The breach happened between March 4, 2019 and December 12, 2019. If you can show proof that the breach cost you money, you can be reimbursed up to $500. "The Settlement Class consists of all customers who reside in the United States and who used a credit or debit card at a Wawa convenience store or fuel pump at any time during the Period of the Security Incident," the Wawa Consumer Data Security Settlement Website says.


Dallas Police Data Loss Nearly Triple Initial Estimate

Permalink - Posted on 2021-09-01 15:00

The Associated Press reports that the amount of data missing from Dallas’s computer database is almost triple the initial estimate of files lost during a data migration involving Dallas Police files. About 15 terabytes of police data are missing besides the 7.5 terabytes initially thought to be lost, city spokeswoman Janella Newsome said.


SEC Sanctions Eight Firms Over Deficient Cybersecurity Procedures

Permalink - Posted on 2021-09-01 15:00

The United States Securities and Exchange Commission (SEC) has charged eight companies with cybersecurity failures that led to the exposure of personal information. Sanctions against the firms were announced on Monday in the form of three actions against Cetera Advisor Networks LLC, Cetera Investment Services LLC, Cetera Financial Specialists LLC, Cetera Advisors LLC, and Cetera Investment Advisers LLC (collectively, the Cetera Entities); Cambridge Investment Research Inc. and Cambridge Investment Research Advisors Inc. (collectively, Cambridge); and KMS Financial Services Inc. (KMS). In a statement released August 30, the SEC said: "The Securities and Exchange Commission today sanctioned eight firms in three actions for failures in their cybersecurity policies and procedures that resulted in email account takeovers exposing the personal information of thousands of customers and clients at each firm." All the accused firms were Commission-registered as investment advisory firms, broker dealers, or both. They have all entered into agreements with the SEC to settle the charges laid against them.


Ransomware Attacks Soar 288% in First Half of 2021

Permalink - Posted on 2021-09-01 15:00

The number of ransomware attacks surged by 288% between the first and second quarters of 2021 as double extortion attempts grew, according to the latest data from NCC Group. Analyzing incidents dealt with by its own Research Intelligence and Fusion Team (RIFT) throughout 2021, the firm claimed nearly a quarter (22%) of data leaks in the second quarter came from the Conti group. Conti typically gains initial network access to victim organizations via phishing emails, it claimed. Next came Avaddon, which accounted for 17% of incidents, although this variant is now thought to be inactive. Unsurprisingly, nearly half (49%) of victims with known locations in Q2 were based in the US, followed by 7% in France and 4% in Germany.


600,000 DuPage Medical Group Patients Notified About PHI Breach

Permalink - Posted on 2021-09-01 15:00

DuPage Medical Group, the largest independent physician group in the state of Illinois, has started notifying approximately 600,000 patients about a security breach in which their personal and protected health information may have been compromised. DuPage Medical Group identified suspicious activity in its computer network on July 13, 2021 and engaged cyber forensic specialists to conduct an investigation to determine the full nature and scope of the breach. They determined unauthorized actors had gained access to its IT systems on July 12 and access remained possible until the breach was detected on July 13 and its network was secured. A comprehensive review was conducted of all files on the systems that were accessible to the hackers and, on August 17, 2021, DuPage Medical Group confirmed that files containing patient information had potentially been impacted. The types of information potentially compromised in the security breach varied from patient to patient and may have included the following data elements: Names, address­es, dates of birth, diag­no­sis codes, Cur­rent Pro­ce­dur­al Ter­mi­nol­o­gy (CPT) codes, and treat­ment dates. The Social Security numbers of a small subset of patients were affected, but no financial information was exposed.


France: 700,000 French Pharmacy Covid Test Results Left Publicly Available

Permalink - Posted on 2021-09-01 15:00

A data leak involving an online platform used to transfer data from antigen tests carried out at pharmacies to the government platform SI-DEP has made 700,000 covid test results public, along with personal information. The platform known as Francetest was alerted to the bug in its system by the online investigative journal Mediapart and it was fixed overnight on August 27. In the meantime, patients’ full names, genders, dates of birth, social security numbers, contact details (including email address, telephone number and postal address) and test results were "accessible to all in a few clicks”, Mediapart said.


Sturdy Hospital in Attleboro Sued Over Data Breach

Permalink - Posted on 2021-09-01 15:00

A class action lawsuit has been filed against Sturdy Memorial Hospital alleging it failed to properly protect personal patient information that was stolen in a ransomware attack earlier this year. The suit was filed Thursday in Plymouth Superior Court by attorneys for Barbara Ragan Bennett, a resident of Plymouth County, and on behalf of “all others similarly situated.” It was estimated there are 35,271 others affected by the hack attack, which took place Feb. 9, 2021. The suit is seeking an unspecified amount of damages including extended credit monitoring, “actual damages, compensatory damages, statutory damages and statutory penalties, punitive damages and attorneys’ fees and costs.”


Fired New York Credit Union Employee Nukes 21GB of Data in Revenge

Permalink - Posted on 2021-09-01 15:00

According to court documents, the defendant worked remotely as a part-time employee for the credit union until May 19, 2021, when she was fired. Even though a credit union employee asked the bank's information technology support firm to disable Barile's remote access credentials, that access was not removed. Two days later, on May 21, Barile logged on for roughly 40 minutes. The defendant deleted over 20,000 files and around 3,500 directories during that time, totaling roughly 21.3 gigabytes of data stored on the bank's share drive. The wiped included files related to customers' mortgage loan applications and the financial institution's anti-ransomware protection software. Besides deleting documents with customer and company data, Barile also opened various confidential Word documents, including files containing board minutes for the credit union. Five days later, on May 26, she also told a friend via text messages how she was able to destroy thousands of documents on her former employer's servers, saying, "They didn't revoke my access so I deleted p drift lol. [..] I deleted their shared network documents."


Switzerland: Citizen and Municipality Data Published on Darknet

Permalink - Posted on 2021-08-31 15:00

At the end of May, the municipal administration of the tranquil town of Rolle in French-speaking Switzerland was the victim of a cyber attack. This became known to the public recently through research on the news portal watson.ch. The result of the attack: The data of all residents and other documents have been quite easy to find on the Darknet since mid-June, according to Watson. Rolle local authority, which has filed criminal charges in the case, recently admitted it “underestimated the severity of the attack (and) the potential use of the data.” She admitted “with humility a certain naivety about what is at stake in dealing with the Darknet and malicious hacks” and said she had set up a task force to deal with the crisis. Yahoo and Nissan, among others, have their European headquarters in Rolle on Lake Geneva.


Indian Companies Go Scot-Free Despite Breach of Customer Data

Permalink - Posted on 2021-08-31 15:00

Companies like Byju’s, Bigbasket, MobiKwik and several others have had a data breach, at least once. None of them were penalised due to the lack of a specific provision against data breach in the Information Technology Act of 2000 and a separate comprehensive statute on data protection laws. All these companies didn’t notify their customers of the data breaches; it was either cybersecurity firms or independent security researchers or the media who made them public. The I-T Act, 2000 lacks a provision making reporting of data breach by a company mandatory. Hacked companies take advantage of this flaw and never report such breaches to avoid judicial proceedings. Section 43A only prescribes a penalty or compensation to be paid by a company for its failure to protect customer data. The compensation amount or penalty will be decided by an adjudicating officer appointed under Section 46.


Texas: Public Health, Vaccination Records Exposed in Denton County Data Breach

Permalink - Posted on 2021-08-31 15:00

Hundreds of thousands of public health records, including COVID-19 vaccination details, were exposed in a data breach that was linked to an app that is used at Denton County vaccine clinics, officials say. A malfunction in the third-party software revealed contact and identifying information, as well as COVID-19 vaccination types and appointment dates and times, on the internet, officials said in a written notification that was sent to people who were affected. The county learned of the breach in early July and discontinued use of the app at vaccine clinics until the malfunction was resolved. The county said it has resumed using the app. It is unclear how many people were affected, but 1,286,106 records were exposed, according to a report from UpGuard Research, a cybersecurity firm that first notified Microsoft of the problem. However, Denton County said Monday evening that the actual number of records involved, after duplicates were eliminated, was 326,415.


Beaumont Health Notifies Patients of Accellion Breach

Permalink - Posted on 2021-08-31 15:00

On February 5, 2021, Goodwin Procter LLP (“Goodwin”) notified Beaumont Health (“Beaumont”) of a security incident at Accellion, a third-party vendor whose File Transfer software was used by Goodwin for large file transfers on behalf of clients, including Beaumont. Goodwin received some personal and protected health information from Beaumont in connection with legal services provided to Beaumont by Goodwin. The security incident at Accellion impacted the File Transfer software, which put a limited amount of patient information at risk.


Indonesia Probes Suspected Data Breach on COVID-19 App

Permalink - Posted on 2021-08-31 15:00

Indonesia is investigating a suspected security flaw in a COVID-19 test-and-trace app that left exposed personal information and the health status of 1.3 million people, a health ministry official said on Tuesday. Researchers from encryption provider vpnMentor said personal information in the Indonesia Health Alert Card (eHAC) app, often required to be used by travellers, was accessible "due to the lack of protocols put in place by the app's developers." The eHAC system is now part of the Peduli Lindungi (Care Protect) app, which the government has promoted for various tracing purposes, including entry at malls.


Illinois Physicians Notify 600,000 Patients of Data Breach

Permalink - Posted on 2021-08-31 15:00

The largest independent group of physicians in Illinois is notifying hundreds of thousands of patients that their personal information may have been exposed. DuPage Medical Group (DMG) said that patient data could have been compromised when its computer network was hacked last month. On Monday, DMG announced that it would be mailing letters to 600,000 patients to warn them of the potential threat to their data's security. Patient information that may have been accessed by the hackers includes names, addresses, dates of birth, diagnosis codes, information on medical procedures, and treatment dates. For some patients, there is a chance that their Social Security number may also have been compromised. The cyber-attack, which took place on July 13, caused a network outage at DMG. Third-party cyber-forensic specialists hired to investigate the security incident determined that unauthorized actors had gained access to the DMG network between July 12, 2021, and July 13, 2021, and that it was they who had caused the outage.


Ransomware May Have Cost US Schools Over $6 Billion in 2020

Permalink - Posted on 2021-08-31 15:00

Scores of ransomware attacks on US schools and colleges last year may have cost them over $6bn, according to a new report published today. Security testing site Comparitech analyzed the 77 attacks reported by educational institutions nationwide in 2020 and calculated the cost to these victims from estimated downtime and recovery time. Rransom costs are difficult to gauge given most schools kept their payments secret. However, the research team was able to work out average downtime (seven days) and recovery time (55.4 days) from roughly half of all incidents. It then applied a third-party 2017 estimate for the cost of downtime averaged across 20 sectors. While the eventual figure of $6.6bn for total downtime cost in 2020 is speculative, it can be used to provide interesting comparisons with 2019 ($8.2bn) and 2018 ($623.7m). Comparitech claimed that 2020 saw 1,740 schools and colleges and potentially 1.4m students affected, an increase of 39% and 67% respectively on 2019 figures. This is despite the actual number of attacks in 2020 coming in 20% lower than the figure for the previous year.


Cyber Attackers Are Now Quietly Selling Off Their Victim's Internet Bandwidth

Permalink - Posted on 2021-08-31 15:00

Cyberattackers are now targeting their victim's internet connection to quietly generate illicit revenue following a malware infection. On Tuesday, researchers from Cisco Talos said "proxyware" is becoming noticed in the cybercrime ecosystem and, as a result, is being twisted for illegal purposes. According to the researchers, proxyware is being abused in the same way as legitimate cryptocurrency mining software: quietly installed -- either as a side component or as a main payload -- and with efforts taken to try and stop a victim from noticing its presence, such as through resource use control and obfuscation.


Fujitsu Says Stolen Data Being Sold on Dark Web

Permalink - Posted on 2021-08-31 15:00

Data from Japanese tech giant Fujitsu is being sold on the dark web by a group called Marketo, but the company said the information "appears related to customers" and not their own systems. On August 26, Marketo wrote on its leak site that it had 4 GB of stolen data and was selling it. They provided samples of the data and claimed they had confidential customer information, company data, budget data, reports and other company documents including information on projects. A Fujitsu spokesperson downplayed the incident and told ZDNet that there was no indication it was connected to a situation in May when hackers stole data from Japanese government entities through Fujitsu's ProjectWEB platform.


San Andreas Regional Center Victim of Ransomware Attack

Permalink - Posted on 2021-08-30 14:00

San Andreas Regional Center in San Jose, CA has started notifying patients that their PHI may have been compromised in a July 2021 ransomware attack. On July 5, its networks and servers were taken out of action as a result of the attack. Steps were rapidly taken to remediate the attack and third-party computer forensics experts were engaged to investigate the breach, determine how access to its systems was gained, and to discover the extent to which patient data had been affected. The initial investigation into the ransomware attack was concluded on August 2, 2021, when it was confirmed that the attackers had gained access to parts of the network where patients’ protected health information was stored and certain files stored on its servers that contained patient data had been exfiltrated by the attackers prior to the use of ransomware. It was not possible to determine any specific patient information that was stolen by the attackers.


Florida: Envision Credit Union Victim of Cyber Attack

Permalink - Posted on 2021-08-30 14:00

Envision Credit Union may have been the latest victim of an apparent ransomware attack, a malicious software that disrupts computer systems until demands are met. Initial signs of a potential attack surfaced this week on social media and indicated the LockBit 2.0 ransomware group threatened to publish stolen data on Aug. 30, according to Datminr. The Tallahassee Democrat emailed several questions to Envision administrators about the potential cyber attack. A spokesperson would only confirm "technical difficulties" and an "event," while issuing the following statement to the Democrat.


Hackers Steal $29 Million from Crypto Platform Cream Finance

Permalink - Posted on 2021-08-30 14:00

Hackers are estimated to have stolen more than $29 million in cryptocurrency assets from Cream Finance, a decentralized finance (DeFi) platform that allows users to loan and speculate on cryptocurrency price variations. The company confirmed the hack earlier today, half an hour after blockchain security firm PeckShield noticed signs of an ongoing attack. C.R.E.A.M. v1 market on Ethereum has suffered an exploit, resulting in a loss of 418,311,571 in AMP and 1,308.09 in ETH, by way of reentrancy on the AMP token contract.


Bangkok Airways Passport Data Breach at Risk of Leaking

Permalink - Posted on 2021-08-30 14:00

Bangkok Airways has apologized for a data breach involving passport information and other personal data in a statement to customers. The company said that it discovered a "cybersecurity attack which resulted in unauthorized and unlawful access to its information system" on August 23. The statement said the company is "deeply sorry for the worry and inconvenience that this malicious incident has caused." Bangkok Airways did not respond to requests for comment from ZDNet about how many customers were involved in the breach or what timeframe the data came from, but in its statement the company said an investigation revealed that the names, nationalities, genders, phone numbers, emails, addresses, contact information, passport information, historical travel information, partial credit card information and special meal information for passengers of the airline had been accessed.


Brute Force Email Attacks and Account Takeover Attempts Rise 671%

Permalink - Posted on 2021-08-30 14:00

Abnormal Security, provider of a leading cloud-native email security platform that leverages behavioral data science to stop modern email attacks, today released its Q3 2021 Email Threat Report. Report findings include: 32.5% of all companies were targeted by brute force attacks in early June 2021; 137 account takeovers occurred per 100,000 mailboxes for members of the C-suite; 61% of organizations experienced a vendor email compromise attack this quarter; 22% more business email compromise attacks since Q4 2020; 60% chance of a successful account takeover each week for organizations with 50,000+ employees; 73% of all advanced threats were credential phishing attacks; 80% probability of attack every week for retail and consumer goods, technology, and media and television companies.


48,000 Individuals Affected by Ransomware Attack on CarePointe ENT

Permalink - Posted on 2021-08-27 15:00

The Merrillville, IN-based ear, nose, and throat specialist, CarePointe ENT, has announced it suffered a ransomware attack on June 25, 2021 which resulted in the encryption of files on its network. Some of the files encrypted in the attack are known to include the personal and protected health information of its patients. A review of the systems accessible to the attackers confirmed the following types of patient data may have been compromised: Name, address, date of birth, Social Security number (if provided to CarePointe), medical insurance information, and related health information.


Boston Public Library Discloses Cyber Attack, System-Wide Technical Outage

Permalink - Posted on 2021-08-27 15:00

The Boston Public Library (BPL) has disclosed today that its network was hit by a cyberattack on Wednesday, leading to a system-wide technical outage. Today's statement comes after BPL informed the public of the attack on Wednesday through a short tweet saying that the outage impacted computers, printers, and some online resources.


T-Mobile CEO: Hacker Brute-Forced His Way Through Our Network

Permalink - Posted on 2021-08-27 15:00

Today, T-Mobile's CEO Mike Sievert said that the hacker behind the carrier's latest massive data breach brute forced his way through T-Mobile's network after gaining access to testing environments. The attacker could not exfiltrate customer financial information, credit card information, debit or other payment information during the incident. However, T-Mobile says that he stole records belonging to 54.6 million current, former, or prospective customers, containing Social Security numbers, phone numbers, names, addresses, dates of birth, T-Mobile prepaid PINs, and driver license/ID information.


Metro Infectious Disease Consultants Reports 172,000 Records Exposed in Data Breach

Permalink - Posted on 2021-08-26 15:00

Metro Infectious Disease Consultants is notifying 171,740 patients about an email security incident discovered on June 24, 2021. An unauthorized individual was found to have gained access to certain employees’ email accounts which contained the protected health information of patients. Metro Infectious Disease Consultants has sent notification letters to all individuals affected by the breach and complimentary credit monitoring and identity theft protection services have been offered to all individuals whose Social Security number or driver’s license number was exposed in the incident.


Personal Data and Documents of Swiss Town Rolle Available on the Dark Web

Permalink - Posted on 2021-08-26 15:00

The Swiss town Rolle disclosed the data breach after a ransomware attack, personal details of all its 6,200 inhabitants were stolen by threat actors. The threat actors compromised some administrative servers and exfiltrated sensitive documents. According to the investigation published by the Le Temps daily this week, the attack was discovered on May 30, experts involved in the analysis defined the documents as “personal and extraordinarily sensitive.”


Singapore: Nearly 73,500 Patients' Data Affected in Ransomware Attack on Eye Clinic

Permalink - Posted on 2021-08-26 15:00

A ransomware attack earlier this month has affected the personal data and clinical information of nearly 73,500 patients of a private eye clinic, the third such reported incident in a month. The information included names, addresses, identity card numbers, contact details and clinical information such as patients’ clinical notes and eye scans, said Eye & Retina Surgeons (ERS) on Wednesday (Aug 25).


Breach at Deep South Allergy Clinic Group Exposed PHI of 9,800 Patients

Permalink - Posted on 2021-08-26 15:00

Atlanta Allergy & Asthma (AAA), the largest allergy treatment healthcare business in the region, is notifying 9,800 patients that a January data breach involved protected health information. Miscreants extracted full names, birth dates, Social Security numbers, diagnoses, treatment information, and costs, along with provider names, financial account numbers, treatment location, dates of service, and patient health insurance information. The breach took place between January 5 and January 13.


Chinese Developers Expose Data Belonging to Android Gamers

Permalink - Posted on 2021-08-26 15:00

The Chinese developers of popular Android gaming apps exposed information belonging to users through an unsecured server. In a report shared with ZDNet, vpnMentor's cybersecurity team, led by Noam Rotem and Ran Locar, revealed EskyFun as the owner of a 134GB server exposed and made public online. EskyFun is the developer of Android games including Rainbow Story: Fantasy MMORPG, Adventure Story, The Legend of the Three Kingdoms, and Metamorph M. On Thursday, the team said that users of the following games were involved in the data leak: Rainbow Story: Fantasy MMORPG, Metamorph M, and Dynasty Heroes: Legends of Samkok. Together, they account for over 1.6 million downloads. In total, the team said that an alleged 365,630,387 records contained data from June 2021 onward, leaking user data collected on a seven-day rolling system.


22% of Cyber Security Incidents in H1 2021 Were Ransomware Attacks

Permalink - Posted on 2021-08-25 14:00

CybSafe analysed data from the Information Commissioner’s Office (ICO) to uncover the number and nature of UK cybersecurity breaches reported to the body in 2020 and 2021. So far in 2021 phishing was to blame for most incidents, accounting for 40% of all cybersecurity cases reported to the ICO, slightly down from 44% the year before. However, ransomware is surging, up from 11% of all reported incidents in the first half of 2020 to 22% in 2021.


40% of SaaS Assets Are Unmanaged, Putting Companies at Rsk for Data Leaks

Permalink - Posted on 2021-08-25 14:00

DoControl announced a report which provides data-driven insights into the growing number of external and insider threats due to vast amounts of unmanageable data in today’s enterprises. Based on customer data, the findings clearly illustrate there is a magnitude of SaaS data exposure, with 40% of all SaaS assets unmanaged, providing internal, external and public data access. According to Gartner, global SaaS revenue will grow nearly 38% to more than $140 billion between 2019 and 2022. Although cloud-based applications dramatically increase the efficiency and productivity throughout an enterprise, there is a significant threat that is often underestimated by CIOs and CISOs – unchecked and unmanaged data access by the SaaS provider. And with the growing adoption of SaaS applications, this threat is growing exponentially, putting companies at greater risk for data leaks. As a benchmark, the average 1,000 person company stores between 500K and 10M assets in SaaS applications. Companies enabling public sharing may face up to 200,000 of these assets being shared publicly.


China: Alibaba Cloud Data Leak Violated Cyber Security Law in 2019

Permalink - Posted on 2021-08-25 14:00

Alibaba Cloud, China’s largest cloud service provider, has been accused by the Zhejiang telecoms regulator of violating China’s Cybersecurity Law following a complaint related to a 2019 data leak. Zhejiang Communications Administration said last month that Alibaba disclosed user information without consent following a complaint about the 2019 incident.


Netherlands: Educational Institution ROC Mondriaan in The Hague Victim of Major Cyber Attack

Permalink - Posted on 2021-08-25 14:00

The ROC Mondriaan educational institution in The Hague was hacked last weekend. All computers are down, which means that employees and students cannot access their files. The school is doing everything it can to get the system up and running again by next Monday. The educational institution has also reported to the Dutch Data Protection Authority. Personal data or other sensitive data may have been accessed or obtained by the attackers.


California DOJ Must Be Notified About Breaches of the Health Data of 500 or More California Residents

Permalink - Posted on 2021-08-25 14:00

The Breach Notification Rule of the Health Insurance Portability and Accountability Act (HIPAA) requires covered entities and business associates to send notifications to the HHS’ Office for Civil Rights (OCR) about data breaches and healthcare organizations are also required to comply with state data breach notification laws. Recently, there have been several instances where the California DOJ has not been notified about ransomware attacks on California healthcare facilities, even though the personal and protected health information of California residents has likely been compromised in the attack. California Attorney General Rob Bonta has recently issued a bulletin reminding all entities that house the confidential health-related information of California residents of their data breach reporting responsibilities under California law (Civil Code section 1798.82). Whenever there has been a breach of the health data of 500 or more California residents, a breach report must be submitted to the Office of the Attorney General. The California DOJ then publishes the breach notice on its website to ensure the public is made aware of the breach to allow victims to take appropriate action to protect themselves against identity theft and fraud. Individual notifications must also be issued to affected individuals.


New Hampshire Town Loses $2.3 Million to Overseas Scammers

Permalink - Posted on 2021-08-25 14:00

Peterborough, a small New Hampshire town, has lost $2.3 million after BEC scammers redirected several bank transfers using forged documents sent to the town's Finance Department staff in multiple email exchanges. BEC scammers use various tactics (including phishing and social engineering) to compromise or impersonate their targets' business email accounts, allowing them to redirect pending or future payments to bank accounts they control. Town officials discovered the attack on July 26 when the ConVal School District notified them that they didn't receive a $1.2 million monthly transfer. On August 18, while investigating this incident, Peterborough's Finance Department staff discovered that two other bank transfers meant for a general contractor on the town's Main Street Bridge project were diverted to attackers' bank accounts.


Great Britian: Over a Third of Smart Device Owners Do Not Take Security Measures

Permalink - Posted on 2021-08-24 14:00

More than a third (35%) of connected device owners in the UK do not take additional security measures to protect their smart home devices and rely solely on inbuilt security features. This is according to findings from the 2021 Norton Cyber Safety Insights Report: Special Release – Home & Safety, which examined consumers’ at-home online behaviors. The UK portion of the study revealed a worrying lack of security hygiene for smart devices among British consumers. Only 37% of connected device owners deny permissions to apps on their devices, while just a third (33%) install cybersecurity software. An even lower proportion said they change the default passwords on devices (32%) or regularly update device passwords (30%). Additionally, only 31% of people who own a Wi-Fi router change their router password more than once a year, with 42% admitting they have never changed the password or are not sure how often the password is changed. More encouragingly, 86% of Brits who own a connected device said they would take action if one of their devices were hacked. The most common of these actions are changing security settings or passwords (53%). The research, based on an online survey of more than 1000 UK adults by The Harris Poll, found that 71% of UK adults own a smart home device, with smart TVs (52%) and smart speakers/home assistants (33%) the most common types. While many find these devices to be helpful (41%) and convenient (36%), a significant proportion described them as a security risk (24%) and intrusive (22%). Some even said they are not trustworthy (15%), creepy (12%) or scary (8%)


T-Mobile Sued Over Data Breach Affecting Millions of Customers

Permalink - Posted on 2021-08-24 14:00

T-Mobile launched an investigation after hackers offered to sell 100 million customer records on the dark web. The carrier’s investigation initially confirmed that nearly 50 million former, current and prospective customers had at least some information compromised. Further analysis revealed that the breach impacted more than 54 million customers. Compromised information includes names, phone numbers, dates of birth, social security numbers, addresses, driver’s license information, IMEI and IMSI information, and account PINs. The company has offered two years of free identity protection services to impacted individuals, and highlighted that financial information has not been compromised. However, it appears that is not enough for some of the affected customers and at least two class action lawsuits have been filed against T-Mobile over the incident. One of the lawsuits was filed by Morgan & Morgan, Terrell Marshall Law Group, Arnold Law Firm, Mason Lietz & Klinger, and The Consumer Protection Firm in the Western District of Washington, with Stephanie Espanoza, Jonathan Morales and Alex Pygin named as lead plaintiffs. The lawsuit alleges that T-Mobile “maintained private information in a reckless manner,” which has now resulted in customers being exposed to a high risk of fraud and identity theft. “Consumers entrust their valuable, personal information to companies with the reasonable expectation that it be kept confidential and secure. T-Mobile, a leading telecommunications company, allegedly failed to fully implement a data security system to protect their customers from cyberattacks,” Morgan & Morgan attorneys said in an emailed statement. “Their alleged reckless actions and inactions have exposed customers to years of constant surveillance of their financial and personal records, monitoring, and loss of rights. We will continue to hold companies accountable and fight to ensure all institutions do more to protect people’s data.” The second lawsuit, also filed in Washington, names Veera Daruwalla, Michael March, and Lavicieia Sturdivant as the lead plaintiffs. This lawsuit mentions several cybersecurity incidents affecting T-Mobile over the past years in an effort to underscore the company’s repeated failure to protect user data. “As the target of many data breaches in the past, T-Mobile knew its systems were vulnerable to attack. Yet it failed to implement reasonable security procedures and practices appropriate to the nature of the information to protect its customers’ personal information, yet again putting millions of customers at great risk of scams and identity theft,” the complaint reads.


Utah: Phishing Attack Exposes Medical Information for 12,000 Patients at Revere Health

Permalink - Posted on 2021-08-24 14:00

A healthcare employee was the subject of a phishing email attack that exposed some medical records for approximately 12,000 patients, including patients of cardiology practice in St. George, according to a press release sent out by healthcare company Revere Health on Friday. The employee’s email was breached for roughly 45 minutes on June 21 and exposed some information about patients of the Heart of Dixie Cardiology Department in St. George. The information obtained through the breach included medical record numbers, dates of birth, provider names, procedures and insurance provider names.


Microsoft Spills 38 Million Sensitive Data Records via Careless Power App Configurations

Permalink - Posted on 2021-08-24 14:00

UpGuard Research revealed Microsoft’s Power Apps management portal had inadvertently leaked the data of 47 businesses totaling the exposure of 38 million personal records. It asserted that Microsoft’s Power Apps platform was flawed in the way it forced customers to configure their data as private or public. Microsoft does not consider the leaky data issue a vulnerability, rather a configuration issue that can be improved on its part. During the course of its researcher, UpGuard discovered the OData misconfiguration by Microsoft customers (and even Microsoft itself) to be widespread and systemic. “Empirical evidence suggests a warning in the technical documentation is not sufficient to avoid the serious consequences of misconfiguring OData list feeds for Power Apps portals,” wrote researchers. UpGuard notified Microsoft of the data leakage on June 24, 2021. Microsoft promptly began to investigate claims that its Power Apps were responsible for spilling millions of sensitive-data records. On June 29, the company asserted that the platform worked as planned.


446 Australian Breach Notifications with 30% of System Faults Found After a Year

Permalink - Posted on 2021-08-23 15:00

The health services industry has continued to be the sector responsible for the highest number of reported data breaches in Australia, accounting for 85 of the 446 total breaches notified to the Office of the Australian Information Commissioner (OAIC) in the six months to 30 June 2021. The 446 total is down 16% when compared to the previous six month's figure of 530 notifications. For the 2020-21 financial year, 976 notifications were received under the Notifiable Data Breaches (NDB) scheme. March saw the highest number of notifications with 102. In the reporting period, 81% of breaches were identified by the entity within 30 days of it occurring, but in 4% of occasions, it took the entity longer than 365 days.


U.S. Military Personnel Defrauded into Losing $822m Through Scams

Permalink - Posted on 2021-08-23 15:00

According to AtlasVPN researchers, US military personnel lost over $822 million in different kinds of cybercrime and scams between 2017 and 30 June 2021. The researchers examined data compiled by the US Federal Trade Commission (FTC). They discovered that the most amount ($484.4 million) was lost by military families and reservists, followed by veterans and retirees whose financial damages account for 35% of all losses ($290.1 million). Furthermore, active duty service members suffered losses of around $47.6 million since 2017, and this group submitted the least complaints.


Nokia Subsidiary Discloses Data Breach After Conti Ransomware Attack

Permalink - Posted on 2021-08-23 15:00

SAC Wireless, a US-based Nokia subsidiary, has disclosed a data breach following a ransomware attack where Conti operators were able to successfully breach its network, steal data, and encrypt systems. The company discovered that its network was breached by Conti ransomware operators on June 16, only after deploying their payloads and encrypting SAC Wireless systems. After completing the forensic investigation, the company believes that the stolen files contain the following categories of personal info: name, date of birth, contact information (such as home address, email, and phone), government ID numbers (such as driver’s license, passport, or military ID), social security number, citizenship status, work information (such as title, salary, and evaluations), medical history, health insurance policy information, license plate numbers, digital signatures, certificates of marriage or birth, tax return information, and dependent/beneficiary names.


PC Gaming Threats Jumped 66% Amid COVID-19 Lockdowns

Permalink - Posted on 2021-08-23 15:00

The number of gamers hit with PC-specific gaming-related cyberattacks increased at the beginning of the COVID-19 pandemic but dropped in the first and second quarters of 2021, according to new research from Kaspersky. Researchers investigated several types of security threats associated with gaming. The threat statistics come from Kaspersky Security Network, which processes anonymized cybersecurity data voluntarily provided by Kaspersky product users. Data shows PC game-related threats hit 2.48 million detections worldwide as lockdowns were introduced in the second quarter of 2020, a 66% increase from 1.48 million detections in the first quarter of 2020. The number of attacks and affected users sharply dropped to 636,904 attacks in the second quarter of 2021, researchers note. "Researchers said the high volume of attacks over the past year may be connected to the rapid growth of gaming activities during the pandemic," they write in a release. The total number of users who encountered gaming-related malware and unwanted software from July 1, 2020 through June 30, 2021 was 303,827, with 69,244 files distributed under the guise of twenty-four most-played PC games. Data shows the top five PC games used as bait in attacks are Minecraft, The Sims 4, PUBG, Fortnite, and Grand Theft Auto V. Mobile games show a different trend. The number of affected gamers grew by 185% at the beginning of the pandemic and declined just 10% by the second quarter of 2021, a sign that mobile devices are still more commonly targeted by cybercriminals. The top three mobile games most often used as bait were Minecraft, PUBG Mobile and Among Us.


Brazil: Renner Stores Goes Down After Ransomware Infection

Permalink - Posted on 2021-08-20 15:00

Porto Alegre-based Renner, the largest Brazilian department store clothing chain, was the victim of a ransomware attack on Thursday, August 19, that knocked out the company's e-commerce system. The company confirmed the attack in a statement made available to the market. According to the company, the attack "resulted in partial unavailability of its systems and operations" but did not impact the operation of its physical stores.


New Zealand: Search & Rescue Station Infected with Ransomware

Permalink - Posted on 2021-08-20 15:00

Department of Conservation Deputy Director General Corporate Services Rachel Bruce says DOC will be in contact with 11 people whose personal information may have been compromised in a ransomware attack. “An isolated ransomware attack occurred on 21 July at the Search and Rescue Base at Aoraki/Mount Cook. “The Search and Rescue (SAR) base is a standalone network with no connection to the DOC corporate network. As a result of the malware, staff were unable to access shared files that had been encrypted.


T-Mobile Data Breach Just Got Worse — Now at 54 Million Customers

Permalink - Posted on 2021-08-20 15:00

On August 17th, T-Mobile first disclosed a summary of their investigation into their hacked servers and said that the personal information of 48.6 million individuals was exposed during the attack. Today, T-Mobile has updated its advisory to include an additional 6 million customers or prospective customers affected by the attack. Furthermore, T-Mobile has confirmed our original reporting on this attack that the attackers also stole IMSI and IMEI numbers.


HTTP DDoS Attacks Reach Unprecedented 17 Million Requests per Second

Permalink - Posted on 2021-08-20 15:00

A distributed denial-of-service (DDoS) attack earlier this year takes the top spot for the largest such incident, peaking at 17.2 million requests per second (rps). The attack was recorded by Cloudflare’s DDoS protection systems and accounted for almost 70% of all average rate for legitimate HTTP traffic for the second quarter of 2021.


Hamburg's Data Protection Agency (DPA) States That Using Zoom Violates GDPR

Permalink - Posted on 2021-08-19 15:00

The German state’s data protection agency (DPA) warns that the Senate Chancellory’s use of the popular videoconferencing tool violates the European Union’s General Data Protection Regulation (GDPR). The DPA is concerned by the transfer of user data to the U.S. for processing. “The DPA’s concern follows a landmark ruling (Schrems II) by Europe’s top court last summer which invalidated a flagship data transfer arrangement between the EU and the U.S. (Privacy Shield), finding U.S. surveillance law to be incompatible with EU privacy rights.” states Yahoo News. Multiple European DPA agencies are investigating how U.S.-based digital services manage data of EU citizens and if they transfer data to the U.S. for processing purposes. In the Hamburg case, the DPA issued a public warning because the body was not able to respond to the privacy concerns raised by EU privacy watchdogs. The German agency states that the use of Zoom by the public body violated the EU GDPR.


JPMorgan Chase Notifies Customers of Data Breach

Permalink - Posted on 2021-08-19 15:00

American banking and financial services company JPMorgan Chase is warning customers in Montana that a technical glitch may have presented their personal data to other customers. The malfunction allowed users of the website chase.com or the Chase Mobile app to view the banking information of other customers whose personal details were similar for nearly two months earlier this year. Data that may have been compromised included customers' names, account numbers, account balances, and details of their transactions.


Britian: Data Stolen as Social Housing Group Suffers Ransomware Attack

Permalink - Posted on 2021-08-19 15:00

Hackers have stolen data from a Salford-based social housing group that houses thousands of tenants and other clients. ForHousing and Liberty, which manages and maintains homes across the North West, were reportedly victims of a ransomware attack. Ray Jones, group managing director of Liberty, said the investigations into the incident have now ended. He said, "We can confirm that a small amount of data was compromised during the incident.


Postmortem on U.S. Census Hack Exposes Cyber Security Failures

Permalink - Posted on 2021-08-19 15:00

Threat actors exploited an unpatched Citrix flaw to breach the network of the U.S. Census Bureau in January in an attack that was ultimately halted before a backdoor could be installed or sensitive data could be stolen, according to a report by a government watchdog organization. However, investigators found that officials were informed of the flaw in its servers and had at least two opportunities to fix it before the attack, mainly due to lack of coordination between teams responsible for different security tasks, according to the report, published Tuesday by the U.S. Department of Commerce Office of Inspector General. The bureau also lagged in its discovery and reporting of the attack after it happened. The report details and reviews the incident that occurred on Jan. 11, 2020, when attackers used the publicly available exploit for a critical flaw to target remote-access servers operated by the bureau.


Contact Tracing Survey Data of 750,000 Hoosiers Exposed Online

Permalink - Posted on 2021-08-19 15:00

The personal information of 750,000 Hoosiers collected as part of a COVID-19 contact tracing survey conducted by the Indiana Department of Health has been exposed online and downloaded by a company not authorized to access the data. The survey included information such as names, addresses, dates of birth, emails, and information on gender, ethnicity and race. The Indiana Department of Health was notified about the unauthorized access on July 2, 2021 and immediately took steps to secure the data to prevent further unauthorized access. According to Tracy Barnes, the Chief Information Officer of the state of Indiana, the company that accessed and downloaded the data was a firm “that intentionally looks for software vulnerabilities, then reaches out to seek business.”


1.4 Million Individuals Affected by St. Joseph's/Candler Ransomware Attack

Permalink - Posted on 2021-08-19 15:00

Around 4 a.m. on Thursday June 17, 2021, St. Joseph’s/Candler (SJ/C) hospital system in Savannah, GA suffered a ransomware attack. Upon detection of suspicious network activity, SJ/C immediately took steps to isolate and secure its systems. The attack prevented access to computer systems and emergency protocols were implemented, with staff reverting to pen and paper to record patient data. SJ/C notified law enforcement about the security breach and launched an investigation. Assisted by third party cybersecurity firms, SJ/C determined the hackers first gained access to its systems on December 18, 2020 and continued to have access to those systems until June 17, 2021, when the ransomware was deployed. As the investigation into the breach continued it became clear that the parts of the network accessible to the hackers contained files that included patients’ protected health information. A comprehensive review of those files was conducted and determined the files contained patient information such as names, addresses, dates of birth, Social Security numbers, driver’s license numbers, patient account numbers, billing account numbers, financial information, health insurance plan member IDs, medical record numbers, dates of service, provider names, and medical and clinical treatment information regarding care received from SJ/C. SJ/C has now confirmed the protected heath information of 1,400,000 patients was potentially compromised in the ransomware attack. Notification letters started to be sent to affected individuals on August 10, 2021 and complimentary credit monitoring and identity theft protection services are being offered. SJ.C said additional safeguards and technical security measures are being implemented to further protect and monitor its systems.


Half of APAC Firms Bypass Processes to Accommodate Remote Work

Permalink - Posted on 2021-08-19 15:00

Some 56% of Asia-Pacific businesses admit to sidestepping digital processes to accommodate remote or flexible work arrangements. This despite 48% expressing increased concern about their company's ability to manage security threats. The latter figure was higher than their counterparts in the Americas, 41% of whom were similarly more concerned than before about their organisation's ability to mitigate cyber threats, revealed EY's 2021 Global Information Security Survey. Conducted in March and May this year, the study polled 1,010 respondents worldwide, with 20% from Asia-Pacific, 36% in the Americas, and the remaining 43% from Europe, Middle East, India, and Africa (EMEIA). Just 20% in Asia-Pacific said the cybersecurity teams were part of the planning stage of any digital transformation initiative, the study found. Respondents further noted that while business managers recognised cybersecurity team's strengths in traditional areas, such as controlling risk, they did not always regard it as a strategic partner. In fact, 71% of cybersecurity leaders described their relationships with business owners as neutral or negative. Some 44% said their engagements with marketing and HR departments were poor. Despite the emergence of sophisticated cyber attacks, the EY report noted that 57% of organisations in the region were uncertain if their cybersecurity defences were sufficiently robust to combat new hacking tactics. Some 73% cited an increase of disruptive attacks such as ransomware over the past year, up significantly from 47% in the 2020 report. Another 47% warned that their company's cybersecurity budget was inadequate to mitigate challenges that had surfaced in the last 12 months. In fact, 41% were anticipating a major breach that they might be able to avoid if they had better investment in cybersecurity, compared to 29% in the Americas. The report revealed that Asia-Pacific respondents allocated 0.05% of their annual revenue to cybersecurity, which was similar to the global average of 0.04%.


Liquid Cryptocurency Exchange Loses Over $90 Million Following Hack

Permalink - Posted on 2021-08-19 15:00

Japan-based cryptocurrency exchange Liquid has suspended deposits and withdrawals after attackers have compromised its warm wallets. Blockchain analytics firm Elliptic added that "the stolen funds include $45 million in Ethereum tokens, which are currently being exchanged for ETH on DEXs such as Uniswap and SushiSwap" which would allow the attackers to "avoid having these assets frozen." Liquid is still assessing the attack vector used in the incident and is "taking measures to mitigate the impact to users."


Industrial Control System Vulnerabilities Increase 41%

Permalink - Posted on 2021-08-18 15:00

Disclosures of vulnerabilities affecting industrial control systems (ICS) have grown by 41% in the past six months, according to a report released today by Claroty. The third Biannual ICS Risk & Vulnerability Report found a rapid acceleration in the number of disclosures being reported since the start of 2021. In the last half of 2020, 449 vulnerabilities were disclosed. During the first half of 2021, more than 600 ICS vulnerabilities were disclosed, impacting 76 vendors. Claroty researchers described the rise in the number of disclosures as "particularly significant given that in all of 2020 they increased by 25% from 2019 and 33% from 2018." Most of the vulnerabilities disclosed represented a serious risk to industrial control systems, with 71% being classified as high or critical. Researchers found that 81% of vulnerabilities were discovered by sources other than the affected vendor, including independent researchers, academics, third-party companies, and other research groups. Worryingly, 90% of the vulnerabilities were identified as not requiring any special conditions to be exploited. Therefore, an attacker who exploited these "low attack complexity" vulnerabilities could expect to enjoy repeatable success every time. Nearly two-thirds of disclosures (61%) were remotely exploitable, and 66% did not require any user interaction to be exploited. Almost three-quarters of vulnerabilities (74%) did not require privileges, so they could be exploited by an attacker who was unauthorized and who did not have access to settings or files.


T-Mobile Confirms at Least 47 Million Current and Former Customers Affected by Hack

Permalink - Posted on 2021-08-18 15:00

T-Mobile has confirmed that millions of current and former customers had their information stolen in a data breach, following reports of a hack over the weekend. In a statement, T-Mobile, which has more than 100 million customers, said its preliminary analysis shows 7.8 million current postpaid T-Mobile customers had information taken in the data breach. The carrier said that some personal data was also taken, including customer names, dates of birth, Social Security numbers and driver’s license information for a “subset” of current and former postpay customers and prospective T-Mobile customers. The company also said that 40 million records of former and prospective customers was taken. The company warned that approximately 850,000 active T-Mobile customer names, phone numbers and account PINs were in fact compromised, and that customer names, phone numbers and account PINs were exposed. T-Mobile said it has reset those customer PINs. T-Mobile said it was “recommending all postpaid customers” to proactively change their account PIN, which protects their accounts from SIM-swapping attacks.


Japanese Insurer Tokio Marine Discloses Ransomware Attack

Permalink - Posted on 2021-08-18 15:00

Tokio Marine Holdings, a multinational insurance holding company in Japan, announced this week that its Singapore branch, Tokio Marine Insurance Singapore (TMiS), suffered a ransomware attack. Tim Starks of CyberScoop notes that Tokio Marine is the second insurer this week to announce a cyber attack, with Ryan Specialty Group also disclosing on Monday that back in April it detected unauthorized access on some employee accounts


Most Organizations Experienced at Least One Ransomware Attack, Multiple Attacks Very Common

Permalink - Posted on 2021-08-17 15:00

One third of organizations worldwide have experienced a ransomware attack or breach that blocked access to systems or data in the previous 12 months. And for those that fell victim to ransomware, it is not uncommon to have experienced multiple ransomware events, according to a survey from IDC. The incident rate was notably lower for companies based in the United States (7%) compared to the worldwide rate (37%): The Manufacturing and Finance industries reported the highest ransomware incident rates while the Transportation, Communication, and Utilities/Media industries reported the lowest rates; Only 13% of organizations reported experiencing a ransomware attack/breach and not paying a ransom; While the average ransom payment was almost a quarter million dollars, a few large ransom payments (more than $1 million) skewed the average.


Trial Blocked by Police Data Loss; Murder Suspect Released

Permalink - Posted on 2021-08-17 15:00

A murder suspect was released from jail Monday after his trial was postponed when Dallas police revealed they had lost a massive amount of criminal data. The release of Jonathan Pitts, who is charged in the 2019 shooting of Shun Handy, was ordered as authorities race to determine how many cases may have had evidence vanish in the eight-terabyte data loss. Prosecutors told state District Judge Ernie White on Thursday that they needed more time to work with police to audit the materials in Pitts’ case to determine if anything was lost. A Dallas police spokesman had said no evidence was lost in Pitts’ case. Still, the lead detective said he could not be sure that nothing was missing until a city audit was completed, according to an email exchange between the detective and prosecutor the morning of Pitts’ trial reviewed by the newspaper.


Attack on HVAC Vendor Gave Threat Actor Access to Boston Children's Hospital

Permalink - Posted on 2021-08-17 14:00

During the first week of August, DataBreaches.net was contacted by a threat actor. The threat actor mentioned that they had successfully attacked a HVAC vendor and had tried to extort the vendor to pay a fee. The threat actor claimed that the vendor knew that they had been breached as there had been communications about the breach and extortion demand. The vendor allegedly claimed that they were not really concerned about the breach — even though, the threat actor claimed, they had not been locked out and still had access to the vendor’s network — and to the vendor’s clients. One of those clients, the threat actor claimed, was a children’s hospital. After a few days, the threat actor informed this blogger that they really didn’t want to harm a children’s hospital or attempt to extort it — even though they claimed they already had been able to gain access to it.


Healthcare Provider Expected to Lose $106.8 Million Following Ransomware Attack

Permalink - Posted on 2021-08-17 15:00

Scripps Health, a California-based nonprofit healthcare provider that runs five hospitals and 19 outpatient facilities, said it expects to lose an estimated $106.8 million following a ransomware attack that hit the organization in May 2021. The bulk of the losses, representing $91.6 million, came from lost revenues during the four weeks the organization needed to recover from the May ransomware attack. Scripps also lost $21.1 million in costs associated with response and recovery. While the company said it recovered $5.9 million through its insurance policy, the healthcare provider said it expects to lose an estimated $106.8 million by the end of the year. The losses stemming from the ransomware attack do not include potential losses due to litigation. Following the attack, several patient groups also filed class-action lawsuits against the organization for failing to protect their data after the organization revealed that the hackers also stole data on roughly 150,000 patients before they encrypted the healthcare provider’s servers.


Cyber Attack Forces Memorial Health System to Divert Patients to Alternate Hospitals

Permalink - Posted on 2021-08-17 15:00

Marietta, OH-based Memorial Health System has been forced to divert emergency care due to a suspected ransomware attack. The cyberattack occurred in the early hours of Sunday morning, with the health system forced to shut down IT systems to contain the attack. Emergency protocols were implemented due to the lack of access to essential IT systems, and the staff has been working with paper charts. Memorial Health System operates three hospitals in Ohio and West Virginia, all of which have been affected by the attack. Since electronic health records were not accessible, patient safety was potentially put at risk, so the decision was taken to divert emergency patents.


UNM Health Data Breach Affects More than 637,000 Patients

Permalink - Posted on 2021-08-17 15:00

UNM Health has discovered an unauthorized third party gained access to its network and potentially viewed and exfiltrated files from its systems that contained patients’ protected health information. The security breach was discovered on June 4, 2021 and an investigation was immediately launched to determine the extent and scope of the breach. UNM Health determined its systems were accessed by the unauthorized third-party on May 2, 2021 and files containing the protected health information of its patients, including those of UNM Hospital, UNM Medical Group, Inc., and UNM Sandoval Regional Medical Center Inc. were potentially compromised. A comprehensive review of all files on the compromised parts of its network was conducted and it was confirmed they contained information such as names, addresses, dates of birth, medical record numbers, patient identification numbers, health insurance information, and some clinical information related to the healthcare services provided by UNM Health. The Social Security numbers of a limited number of patients were also potentially compromised in the breach. UNM Health said its medical record systems was not affected.


PHI of 47,000 Individuals Potentially Compromised in Electromed Inc. Data Breach

Permalink - Posted on 2021-08-17 15:00

Electromed Inc., a New Prague, MN-based developer and manufacturer of airway clearance devices, has announced it suffered a security breach in June 2021 in which unauthorized individuals gained access to certain IT systems. Electromed determined the unauthorized third party accessed certain files that contained the personal and protected health information of its customers, as well as information of its employees and certain third-party contractors. A comprehensive review was conducted of all files on the affected systems, which revealed they contained customers’ first and last names, mailing addresses, medical information, health insurance information and, for associates, Social Security numbers, driver’s license numbers, and financial account information.


T-Mobile Acknowledges Breach of Customer Data, Launches Probe

Permalink - Posted on 2021-08-17 14:00

T-Mobile on Monday acknowledged a breach of customer information after a hacker group claimed to have obtained records of 100 million of the operator's US customers and offered some of the data on the dark web. The US wireless operator said it could not determine the number of customers impacted but that it had begun a "deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed."


Education Giant Pearson Fined $1 Million for Downplaying Data Breach

Permalink - Posted on 2021-08-17 14:00

The US Securities and Exchange Commission (SEC) announced today that Pearson, a British multinational educational publishing and services company, has settled charges of mishandling the disclosure process for a 2018 data breach discovered in March 2019. Pearson agreed to pay a $1 million civil money penalty to settle charges "without admitting or denying the findings" that it tried to hide and downplay the 2018 data breach that led to the theft of "student data and administrator log-in credentials of 13,000 school, district and university customer accounts" in the United States. Besides exfiltrating data including students' names, dates of birth, and email addresses after exploiting a critical flaw affecting the AIMSweb1.0 web-based software used by Pearson for tracking students' academic performance, the Chinese hackers also stole millions of rows of student data and easily crackable credentials "scrambled" using an outdated algorithm.


Phishing Costs Nearly Quadrupled Over 6 Years

Permalink - Posted on 2021-08-17 14:00

Research shows that the cost of phishing attacks has nearly quadrupled over the past six years: Large U.S. companies are now losing, on average, $14.8 million annually, or $1,500 per employee. That’s up sharply from 2015’s figure of $3.8 million, according to a new study from Ponemon Institute that was sponsored by Proofpoint.


Chase Bank Accidentally Leaked Customer Information to Other Customers

Permalink - Posted on 2021-08-17 14:00

Personal details of Chase bank customers including statements, transaction list, names, and account numbers were potentially exposed to other Chase banking members. The issue is believed to have lasted between May 24th and July 14th this year, and impacted both online banking and Chase Mobile app customers who shared similar information. In a copy of the data incident notice seen by BleepingComputer, shown below, Chase blamed a "technical issue" for this mishap.


Secret Terrorist Watchlist with 2 Million Records Exposed Online

Permalink - Posted on 2021-08-17 14:00

A secret terrorist watchlist with 1.9 million records, including classified "no-fly" records was exposed on the internet. The list was left accessible on an Elasticsearch cluster that had no password on it. The 1.9 million-strong recordset contained sensitive information on people, including their names, country citizenship, gender, date of birth, passport details, and no-fly status.


Brazilian National Treasury Hit with Ransomware Attack

Permalink - Posted on 2021-08-17 14:00

The effects of the ransomware attack are being analyzed by security specialists from the National Treasury and the Digital Government Secretariat (DGS). The Federal Police has also been notified. The Ministry noted new information on the incident "will be disclosed in a timely manner and with due transparency." At the time, the event was considered to the most comprehensive attack ever orchestrated against a Brazilian public sector institution, in terms of its complexity and the extension of the damage caused.


SMEs Awareness of GDPR Is High, But Few Adhere to Its Legal Requirements

Permalink - Posted on 2021-08-16 14:00

85 percent of the small- to medium-sized enterprises (SMEs) in the UK are familiar with GDPR, but more than half are still not cleaning their data and therefore not adhering to the GDPR’s legal requirements, a REaD Group survey reveals. The survey of 1,110 SMEs also revealed that only 40 percent hold their customer and prospect data in a CRM or other database: a surprisingly low figure given that businesses need to maintain contact with their customers for sales and marketing purposes, and never more so than over the past 15 months. Twenty-five percent of those with a CRM indicated they did not run data cleaning or update processes: this rose to 61 percent of SMEs overall. The GDPR requires all customer data to be clean and up-to-date in order to be compliant and legal.


Destination Maternity Notifying 93,776 Employees of Hacking Incident

Permalink - Posted on 2021-08-16 14:00

New Jersey-headquartered Destination Maternity is notifying 93,776 employees about an incident that occurred between March 16 and April 13 of this year. The breach was discovered on June 11. According to their letter of August 13, a copy of which was provided to the Maine Attorney General’s Office, an unauthorized party gained access to certain systems containing employee data.


Memorial Health System Experiences Ransomware Attack

Permalink - Posted on 2021-08-16 14:00

In the early hours of Sunday morning, Memorial Health System experienced an information technology security incident. Memorial Health System is working with security partners, including the FBI and Homeland Security, to restore information operations as quickly as possible, he said. The irregularities were part of a ransomware attack. Memorial Health System Emergency Departments are on diversion, but will continue to accept STEMI, stroke and trauma patients at Marietta Memorial Hospital campus. Belpre, Selby and Sistersville campuses are on diversion for all non-trauma patients. This diversion will be ongoing until IT systems are restored.


Moorfields Eye Hospital Investigating Cyber Attack on Dubai Hospital, Notifying Patients

Permalink - Posted on 2021-08-16 14:00

In one of the latest attacks on medical entities, AvosLocker has claimed that they exfiltrated 60 GB of data from “Moorfields NHS UK & Dubai.” So far, however, there is no evidence that any UK servers were hit — only Dubai ones. Moorfields in a specialty eye hospital that is part of the UK’s National Health Service (NHS). Located in London, Moorfields also has international locations in Dubai and Abu Dhabi.


Data Breach at New York University Potentially Affects 47,000 Persons

Permalink - Posted on 2021-08-16 14:00

A data breach at a New York university has potentially exposed the personal information of nearly 47,000 individuals. The Research Foundation for the State University of New York (SUNY) announced it detected unauthorized access to its networks earlier this year. The incident was discovered on July 14, and reportedly involved Social Security numbers. A total of more than 46,700 individuals are said to be impacted by the data breach, although it’s not stated whether these people are employees, donors, or others who might be linked to the organizations.


Half of U.S. Hospitals Shut Down Networks Due to Ransomware

Permalink - Posted on 2021-08-16 14:00

Nearly half (48%) of US hospitals have disconnected their networks in the past six months due to ransomware, according to a new study from Philips and CyberMDX. The Perspectives in Healthcare Security Report is based on interviews with 130 IT and cybersecurity hospital executives and biomedical engineers and technicians. The findings revealed the outsized impact ransomware continues to have on healthcare organizations (HCOs) after they battled a surge in attacks during the early months of the pandemic. Respondents who admitted to shutting down networks due to ransomware were a mix of those who did so proactively to avoid a damaging breach and those forced to do so because of severe malware infection. Medium-sized hospitals appear to have suffered most from the impact of such attacks. Of respondents that experienced a shutdown due to external factors, large facilities suffered an average of 6.2 hours downtime at the cost of $21,500 per hour. In comparison, mid-size hospitals averaged nearly 10 hours at $45,700 per hour. Skills gaps and low levels of investment in cybersecurity were highlighted as possible contributing factors. Just 11% of respondents said cybersecurity is a “high priority” for spending, while nearly half of all respondent types claimed their medical device and IoT security staffing levels are inadequate. More concerning still is that many hospitals still appear to be exposed to severe legacy vulnerabilities: 52% of respondents admitted they’re not protected against the BlueKeep bug, rising to 64% for WannaCry and 75% for NotPetya.


Ford Bug Exposed Customer and Employee Records from Internal Systems

Permalink - Posted on 2021-08-16 14:00

A bug on Ford Motor Company's website allowed for accessing sensitive systems and obtaining proprietary data, such as customer databases, employee records, internal tickets, etc. The data exposure stemmed from a misconfigured instance of Pega Infinity customer engagement system running on Ford's servers.


Reliance on Third Party Workers Making Companies More Vulnerable to Cyber Attacks

Permalink - Posted on 2021-08-16 14:00

A survey from SecZetta revealed 83% of respondents agree that because organizations increasingly rely on contractors, freelancers, and other third party workers, their data systems have become more vulnerable to cyberattacks. Further, 88% of people say organizations and government entities must have better data security systems in place to protect them from the increase in third party remote attacks. Of particular note, 53% of respondents lack confidence in the strength of the U.S. government’s infrastructure to protect the American people from cyberattacks.


In a First for Maine, Ransomware Hackers Hit 2 Public Wastewater Plants

Permalink - Posted on 2021-08-16 14:00

The Department of Environmental Protection has warned municipalities and water-sector professionals to be on alert after two recent ransomware intrusions, believed to be the first on wastewater systems in Maine. Jim Leighton, superintendent for the Limestone Water and Sewer Department, said the attack occurred over the July 4 weekend on a computer, running Windows 7, that was due for an upgrade.


Most Employees Reusing Personal Passwords to Protect Corporate Data

Permalink - Posted on 2021-08-16 14:00

Nearly two thirds of employees are using personal passwords to protect corporate data, and vice versa, with even more business leaders concerned about this very issue. Surprisingly, 97% of employees know what constitutes a strong password, yet 53% admit to not always using one. This is according to a research by My1Login, which surveyed 1,000 employees and 1,000 business leaders to compare employees’ realities, opinions, and outlook to security at work, alongside expectations and opinions of business leaders across a variety of industries. The research also found that 85% of employees are reusing passwords across business applications after receiving training, in contrast to 91% of employees who haven’t received any cybersecurity training.


Colonial Pipeline Reports Data Breach After May Ransomware Attack

Permalink - Posted on 2021-08-16 14:00

Colonial Pipeline, the largest fuel pipeline in the United States, is sending notification letters to individuals affected by the data breach resulting from the DarkSide ransomware attack that hit its network in May. The company says that it "recently learned" that DarkSide operators were also able to collect and exfiltrate documents containing personal information of a total of 5,810 individuals during their attack. Impacted personal info for the affected individuals ranges from names and contact details to health and ID information.


PHI Exposed in Phishing Attack on Children's Hospital of The King's Daughters

Permalink - Posted on 2021-08-13 15:00

The email accounts of a small number of employees of Children’s Hospital of The King’s Daughters (CHKD) in Norfolk, VA have been compromised in a phishing attack. CHKD explained in an August 10, 2021 breach notification that the phishing attack occurred on April 20, 2021. The email accounts contained the following types of protected health information: Full name, date of birth, patient account number, health insurance number, and/or other health related information and, for a limited number of individuals, their Social Security number. CHKD said the types of data exposed varied from individual to individual.


University Medical Center of Southern Nevada Confirms PHI Compromised in June Cyber Attack

Permalink - Posted on 2021-08-13 15:00

University Medical Center of Southern Nevada (UMC) has issued an update on a cyberattack it experienced in June 2021 and has now confirmed that some patient information was compromised in the attack. Initially, UMC said it had no reason to believe any clinical systems were accessed by the attackers, although the investigation into the cyberattack was ongoing to establish the nature and scope of the cyberattack. The forensic investigation has now confirmed that certain files containing patients’ protected health information were compromised in the attack. Those files contained information such as names, addresses, dates of birth, Social Security numbers, health insurance information, financial information, and some clinical information, including medical histories, diagnoses, and test results. UMC said no evidence has been found to indicate any specific misuse of patient information.


Hackers Stole Client Info., Work Materials in Accenture Ransomware Attack

Permalink - Posted on 2021-08-13 15:00

Ransomware hackers began leaking Accenture data after the consulting giant suffered a security incident where the perpetrators made off with client-related documents and work materials. The gang, known as LockBit 2.0, has threatened to leak further after providing purported proof of the breach. Accenture acknowledged the attack on Wednesday, but has downplayed its severity.


Data Breach at U.S. Waste Management Firm Exposes Employees' Healthcare Details

Permalink - Posted on 2021-08-13 15:00

A data breach at US waste management firm Waste Management Resources has exposed the healthcare information of current and former employees, as well as their dependents. The company says that on January 21, it discovered signs of suspicious activity. While the company discovered this on June 21, its alert was not issued until this week. Waste Management Resources is recommending that those affected check their credit report and ask for either a fraud alert or a credit freeze to be placed on it.


Brooklyn Technology Students Uncovered a NYC Schools Data Breach

Permalink - Posted on 2021-08-13 15:00

Teachers’ social security numbers, student academic records, and families’ home addresses are among the dozens of pieces of information a group of tech savvy high school students stumbled across on Google Drive this year. The documents — many of which contained confidential information — were leaked because of a quirk in the education department’s Google Drive sharing settings, a group of Brooklyn Technical High School students found. The students unintentionally discovered they had access to these documents in January. They noticed that the Google Drive folder where they uploaded their class assignments during remote learning contained documents uploaded by students and staff at schools across the city. Those documents included second graders’ classwork, a parent-teacher conference sign up sheet, and college recommendation letters, said a Brooklyn Tech High School student who asked to remain anonymous.


Ransomware Attackers Claim to Have Stolen Data from Three NZ Firms

Permalink - Posted on 2021-08-13 15:00

A ransomware group known as Lockbit 2.0 claims to have attacked three small and mid-sized New Zealand firms in recent weeks. Its latest Kiwi victim appears to be Christchurch company Inline Plumbing. The Australian Cyber Security Centre warned last week that there had been an increase in ransomware attacks against Australian organisations using LockBit 2.0 ransomware, starting in July. Phoenix Services co-owner Philip Brown said the attack on its business had caused a lot of disruption, but it had been fortunate that one of its sets of back-ups worked.


Bugs in Gym Management Software Let Hackers Wipe Fitness History

Permalink - Posted on 2021-08-13 15:00

In a report published today, researchers at cybersecurity company Bishop Fox disclosed a set of vulnerabilities in the Wodify platform that could affect not only users’ workouts and personal information but also the financials of a gym. Exploiting the flaws allows enumerating and modifying entries in the Wodify platform from all the gyms that use it, says Dardan Prebreza, Senior Security Consultant at Bishop Fox. Despite the need to authenticate, the issues have serious implications. By compromising administrative gym accounts, the researcher says, a financially motivated attacker could edit payment settings to steal the money from gym members. One of the vulnerabilities refers to insufficient authorization controls, which could serve to enumerate users and change their data in the Wodify platform. Leveraging the bug requires authentication. The researcher tested this bug successfully after getting consent from a Wodify customer to use their account. This kind of access allowed inserting malicious code that would impact other users on the platform, “including instance or gym administrators,” via cross-site scripting (XSS) attacks.


50% of Cyber Security Attacks Are from Repeat Offenders

Permalink - Posted on 2021-08-13 15:00

Lack of awareness and gaps in knowledge are a weak link for cybersecurity leadership who are responsible for strategic planning of cybersecurity defenses, leaving organizations exposed to risks, a Ponemon survey reveals. In the new findings, half of the attacks on organizations that caused severe business disruption were by repeat offenders – and 61% of those victims said they were unable to remediate these compromises, leaving critical systems and data at risk. The survey reveals organizations acknowledge they are suffering, not just from disruptive cyberattacks, but from repeat offenders, and for many victim organizations, complete remediation has not been possible. Only 35% of respondents said they were leveraging their security analysts effectively, indicating a lack of maturity with regards to threat hunting. Threat hunting, particularly external threat hunting, has empowered more sophisticated security organizations to identify and block impending attacks, augment threat detection, and achieve comprehensive remediation. Yet, the majority of respondents indicate that their organizations are not allocating enough resources to realize the full potential of their analyst teams and threat hunting. Survey results indicate that the average 2021 budget for the respondents’ organizations for IT operations is $117 million. An average of 19% of this is allocated to IT security and of that an average of 22% is allocated to analyst activities and threat intelligence.


Canada: Cyber Attack Hits Vaccine Records for Thousands of Durham Region Children

Permalink - Posted on 2021-08-13 15:00

The personal information of more than three thousand children in daycares throughout Durham Region was stolen in a cyberattack early this year that CTV News Toronto has learned is larger than previously known. That data from some 80 daycares, which also included the detailed vaccination records of some 200 children, was recently discovered on a website with ties to a Ukrainian group believed to be involved in ransomware attacks that was raided by police in June.


Ransomware Payments Explode Amid "Quadruple Extortion"

Permalink - Posted on 2021-08-12 16:00

Double extortion has been around for more than a year: That’s when threat actors not only paralyze a victim’s systems and/or data but also threaten to leak compromised data or use it in future spam attacks if victims balk at paying extortion demands. But during the first half of 2021, Unit 42 researchers observed ransomware groups commonly using as many as four techniques to turn the thumbscrews on victims, adding denial-of-service (DoS) attacks and harassment of a victim’s connections to the pain. Encryption: Victims pay to regain access to scrambled data and compromised computer systems that stop working because key files are encrypted; Data Theft: Hackers release sensitive information if a ransom is not paid; DoS: Ransomware gangs launch DoS attacks that shut down a victim’s public websites; Harassment: Cybercriminals contact customers, business partners, employees and media to tell them the organization was hacked.


Cyber Crime Victims Lose an Estimated $318 Billion Annually

Permalink - Posted on 2021-08-12 16:00

According to estimates: 71.1 million fall victim to cybercrimes globally each year (this equates to nearly 900 victims per 100,000 people); The average victim loss is $4,476 per crime. The countries with the biggest losses are: United States: 5.28 million victims losing $28 billion; Brazil: 5.8 million victims losing over $26 billion; United Kingdom: 4.88 million victims losing $17.4 billion; Russia: 3.4 million losing over $15.2 billion. Based on our estimate that 899.57 victims per 100,000 people fall victim to cybercrime each year, this amounts to 71.1 million victims of cybercrime globally. At a cost of $4,476 to each crime, this equates to a victim loss of more than $318 billion each year. An astronomical figure, but, when we compare it to other ones that are quoted (e.g. experts anticipate the global cost of cybercrime to reach $6 trillion this year and as much as $10.5 trillion in 2025), it’s a drop in the ocean. However, our figures account for victim loss only.


Data Breach at Georgia Health System

Permalink - Posted on 2021-08-12 16:00

A health system in Georgia has begun notifying patients of a six-month-long data breach that culminated in a ransomware attack. St. Joseph’s/Candler (SJ/C), one of the largest hospital systems in Savannah, became aware of suspicious network activity on the morning of June 17, 2021. A ransomware attack was confirmed. SJ/C employees had to revert to downtimes procedures such as using pens and paper to complete documentation. While the incident led to EHR downtime, imaging, primary care, surgery, and special physician appointments were unaffected.


UPMC to Pay $2.65 Millon to Settle Data Breach Case

Permalink - Posted on 2021-08-12 16:00

The University of Pittsburgh Medical Center has reached judicial approval on a multi-million-dollar settlement concerning a data breach that occurred almost seven years ago. The settlement consists of UpMC paying a total of $2.65 million to employees whose personal data was stolen by former Federal Emergency Management Agency IT specialist Justin Sean Johnson. Johnson, who resided in Detroit, was able to breach the center’s Oracle PeopleSoft database under the nicknames TDS and DS in 2013 and 2014. Johnson then stole sensitive personally identifiable information and W-2 information belonging to UPMC employees. This information included salaries, names, addresses, Social Security numbers, and bank account information, leaving the victims vulnerable to further attacks such as identity fraud, identity theft, phishing, and social engineering attacks.


Singapore: StarHub Leaked Personal Data of Over 57,000 Customers

Permalink - Posted on 2021-08-12 16:00

Singapore pay TV, internet and mobile phone provider StarHub is in the process of notifying 57,191 customers via email that they are victims of a cyber attack that leaked national identity card numbers, mobile numbers and email addresses. The data breach was discovered on July 6 but was not announced until August 6th. StarHub told The Register via email that the company suspects the stolen data file was found within a day of it being uploaded to the third-party web site.


Hospitals More Vulnerable to Botnets, Spam, and Malware Than Fortune 1000 Firms

Permalink - Posted on 2021-08-11 15:00

A recent study published in the Journal of the American Medical Informatics Association (JAMIA) sought to identify the relationship between cybersecurity risk ratings and healthcare data breaches. The study was conducted using data obtained from the Department of Health and Human Services between 2014-2019 and hospital cybersecurity ratings obtained from BitSight. The data sample included 3,528 hospital-year observations and Fortune 1000 firms were used as the benchmark against which hospital cybersecurity ratings were compared. Hospitals with low cybersecurity risk ratings were associated with a significant risk of suffering a data breach. Over the period of study, the probability of a data breach occurring at a hospital with a low cybersecurity rating was between 14% and 33%.


The Cost of Unwanted Bot Traffic – Up to $250 Million a Year

Permalink - Posted on 2021-08-11 15:00

Netacea, the bot detection and mitigation company, surveyed 440 businesses across the travel, entertainment, eCommerce, financial services, and telecoms sectors in the United States and the UK. The enterprises surveyed had turnovers ranging from $350m to over $7bn. It found that every sector had a substantial bot problem, with two-thirds of businesses detecting website attacks. 46% of respondents reported mobile apps had been attacked, and 23%—mainly in the financial services—said bots had attacked their APIs. According to survey respondents, automated bots operated by malicious actors cost businesses an average of 3.6% of their annual revenue. For the 25% worst affected businesses, this equates to at least a quarter of a billion dollars ($250 million) every year.


Crytek Confirms Egregor Ransomware Attack, Customer Data Theft

Permalink - Posted on 2021-08-11 15:00

Game developer and publisher Crytek has confirmed that the Egregor ransomware gang breached its network in October 2020, encrypting systems and stealing files containing customers' personal info later leaked on the gang's dark web leak site. The company acknowledged the attack in breach notification letters sent to impacted individuals earlier this month and shared by one of the victims with BleepingComputer today.


Accenture Confirms Hack After LockBit Ransomware Data Leak Threats

Permalink - Posted on 2021-08-11 15:00

In conversations seen by the Cyble research team, the LockBit ransomware gang claims to have stolen six terabytes of data from Accenture and are demanding a $50 million ransom. The threat actors claim to have gotten access to Accenture's network via a corporate "insider." Sources familiar with the attack have told BleepingComputer that Accenture had confirmed the ransomware attack to at least one CTI vendor, and the IT services provider is also in the process of notifying more customers.


Reindeer Leak Personal Data of 3,00,000 Users in a Breach

Permalink - Posted on 2021-08-11 15:00

WizCase's cybersecurity group discovered a prominent breach impacting Reindeer, an American marketing company that previously worked with Tiffany & Co., Patròn Tequila, and other companies. Led by Ata Hakçil, the group revealed that the breach leaked customer names, DOB, email ids, phone numbers, address, etc. The cybersecurity experts found a misconfigured Amazing S3 bucket that belonged to Reindeer. It contained around 50,000 files and a total of 32 GB of data. Reindeer is currently a defunct American advertising company. Being a defunct company, it owns the bucket, so researchers had to contact Amazon for information about the breach as it is the only source that could provide details about the attack. The team also informed US-Cert, in hopes that it would contact the previous company owner. The misconfigured S3 bucket contained data of around 3,00,000 customers of Reindeer clients. Patròn was the top client with the highest number of customer PII (Personal Identifiable Information) leaked, however, other Reindeer clients were also affected, such as Jack Wills, a UK clothing brand. It seems that it has become an easy task to misconfigure permission/access errors in cloud-based deployments.


1 Million Stolen Credit Cards Hit Dark Web for Free

Permalink - Posted on 2021-08-10 14:00

Threat actors have leaked 1 million stolen credit cards for free online as a way to promote a fairly new and increasingly popular cybercriminal site dedicated to…selling payment-card credentials. Researchers from threat intelligence firm Cyble noticed the leak of the payment-card data during a “routine monitoring of cybercrime and Dark Web marketplaces,” researchers said in a post published over the weekend. The cards were published on an underground card-selling market, AllWorld.Cards, and stolen between 2018 and 2019, according to info posted on the forum. The leaked credit cards include the following fields: Credit-card number, expiration date, CVV, name, country, state, city, address, ZIP code, email and phone number, according to threat actors.


Companies Still Exposing Sensitive Data via Known Salesforce Misconfiguration

Permalink - Posted on 2021-08-10 14:00

While the misconfiguration has been known since at least last year and Salesforce has taken steps to prevent incidents, data security company Varonis says it’s still seeing many affected organizations. Varonis believes thousands of companies could still be vulnerable. The problem is that some Salesforce Communities are configured to give unauthenticated (guest) users too much access. An attacker can exploit this insecure configuration to query objects that can contain sensitive information.


Over $600 Million Reportedly Stolen in Cryptocurrency Hack

Permalink - Posted on 2021-08-10 14:00

Over $611 million has reportedly been stolen in one of the largest cryptocurrency hacks. Decentralized cross-chain protocol and network, Poly Network announced today that it was attacked with cryptocurrency assets having successfully been transferred into the attackers' wallets.


SMBs Increasingly Vulnerable to Ransomware, Despite the Perception They Are Too Small to Target

Permalink - Posted on 2021-08-10 14:00

Acronis released a report which gives an in-depth review of the cyberthreat trends the company’s experts are tracking. The report warns that small and medium-sized businesses (SMBs) are at particular risk based on the attack trends seen during the first six months of the year. The report revealed that during the first half of 2021, 4 out of 5 organizations experienced a cybersecurity breach originating from a vulnerability in their third-party vendor ecosystem. That’s at a time when the average cost of a data breach rose to around $3.56 million, with the average ransomware payment jumping 33% to more than $100,000. While that represents a major financial hit to any organization, those amounts would sound the death-knell for most SMBs, which is a major concern for the second half of 2021.


Illinois' FOID Card System Hit by Cyber Attack

Permalink - Posted on 2021-08-09 15:00

Some parts of Illinois state government have really been taking it on the chin from the bad guys in cyberspace. On the heels of cyber attacks on the Illinois Attorney General's Office and the Illinois Department of Employment Security, comes word of trouble for the Illinois State Police (ISP). Some of data accessed could match Illinois resident personal identification information unlawfully obtained from any number of previous cyber breaches.


Chanel Korea Issues Apology Over Data Theft

Permalink - Posted on 2021-08-09 15:00

Online thieves managed to steal customer data, including phone numbers, in a cyberattack on some data centers managed by Chanel Korea. It's unknown whether clients affected by the data leak will take legal action against the French luxury brand's Korean firm. In a rare move, Chanel Korea issued a public apology after disclosing the customer data leak that occurred between Aug. 5 and 6.


Joplin City Computer Shutdown Was Ransomware Attack

Permalink - Posted on 2021-08-09 15:00

The insurer for Joplin paid $320,00 to an unknown person after a ransomware attack shut down the city’s government’s computer system last month, Joplin City Manager Nick Edwards said Thursday.


Flaws in John Deere Systems Show Agriculture's Cyber Risk

Permalink - Posted on 2021-08-09 15:00

An Australian researcher who goes by the nickname Sick Codes remotely presented his latest findings at the Def Con security conference in Las Vegas. He's part of an independent security research group called Sakura Samurai, which hunts and responsibly discloses security vulnerabilities. Sick Codes and the research group found several vulnerabilities in the systems of John Deere, based in Moline, Illinois, that have now been patched. He posted details of those issues on his blog Sunday. The findings are serious. A combination of issues enabled root access to John Deere's Operations Center, a comprehensive platform for monitoring and managing farm equipment.


May 2021 Saw a 440% Increase in Phishing, the Single Largest Phishing Spike on Record

Permalink - Posted on 2021-08-09 15:00

Around half of businesses (45.49%) and consumers (52.35%) on average saw at least one sustained additional infection in May 2021, according to the latest metrics from Webroot Brightcloud Mid Year Threat Report. In May 2021, the report revealed a 440% increase in phishing, holding the record for the single largest phishing spike in a single month. It also showed that industries such as oil, gas and mining saw a 47% increase in the same six-month period, with manufacturing and wholesale traders seeing a 32% increase. The report extends its yearly threat intelligence report, with updated metrics between January 1 and June 30 2021. It also investigates the latest trends in malware, phishing and crypto exchanges. The Mid Year Threat Report found that big brands continued to suffer from cyber extortion and ransomware. PayPal accounted for 1% of the top 200 phished brands but saw a 1,834% spike in May — showing that financial institutions are a top target. Webroot Brightcloud also found that technology supply chains were under attack. The management of companies and the enterprise industry showed a significant increase in malware infections — 57% versus the global average. The report also found that phishing attacks are increasingly targeting crypto exchanges and wallets. Observations by Webroot found that there was a 75% increase in Coinbase phishing pages using HTTPS immediately after Coinbase’s IPO.


Most Organizations Are at an Elevated Risk of Attack

Permalink - Posted on 2021-08-09 15:00

The risk of cyberattacks has increased in the last year. According to a Trend Micro survey, 80% of global organizations report they are likely to experience a data breach that impacts customer data in the next 12 months. The findings come from Trend Micro’s biannual Cyber Risk Index (CRI) report, which measures the gap between respondents’ cybersecurity preparedness versus their likelihood of being attacked. In the first half of 2021 the CRI surveyed more than 3,600 businesses of all sizes and industries across North America, Europe, Asia-Pacific, and Latin America. The CRI is based on a numerical scale of -10 to 10, with -10 representing the highest level of risk. The current global index stands at -0.42, a slight increase on last year which indicates an “elevated” risk.


Ransomware Demands and Payments Reach New Highs

Permalink - Posted on 2021-08-09 15:00

As cybercriminals have become more aggressive, the average ransom payment in the first half of 2021 jumped to $570,000, up 82% from 2020, says Palo Alto Networks' Unit 42.


Australia: Optus Under Investigation for White Pages Privacy Breach

Permalink - Posted on 2021-08-06 15:00

Regulators have opened an investigation into Optus for potential breaches of the Privacy Act, following an incident in which the telco accidentally sent off thousands of customers’ contact details to be published in the White Pages directory against their wishes. In October 2019 Optus contacted almost 50,000 customers to inform them of the privacy breach, saying it mistakenly released details including names, addresses and mobile phone numbers to Sensis, the company that produces the White Pages. At the time Optus apologised and had Sensis scrub the customers’ information from its online directory, but many details were also printed in the physical editions. This week, the Office of the Australian Information Commissioner said it was investigating the issue and its potential privacy ramifications after previously making inquiries.


University of Kentucky Data Breach Exposes Email Addresses of 355,000 Students, Teachers

Permalink - Posted on 2021-08-06 15:00

A data breach at the University of Kentucky exposed the email addresses of more than 355,000 students and teachers nationwide. The data was part of the Digital Driver's License database that is used by schools and colleges in Kentucky and other states. Kentucky students have taken civic courses through the program in recent years. The information breached included the names and email addresses of 355,000 individuals, including students and teachers in Kentucky.


Texas: Judson ISD Paid Hackers More Than $500,000

Permalink - Posted on 2021-08-06 15:00

The ransomware attack that hit Judson Independent School District in June resulted in a payment to the hackers of more than half a million dollars to keep sensitive information from being uploaded to the dark web, officials said. The ransom payment of $547,045 will keep “identifiable information” from being published online in places where “other threat actors could potentially access and misuse this data,” the district said in a statement posted to social media Wednesday.


Gastroenterology Consultants Notifies Patients About Ransomware Attack

Permalink - Posted on 2021-08-06 15:00

On January 10, 2021, Gastroenterology Consultants, PA suffered a ransomware attack that resulted in the encryption of sensitive data. Yesterday, notifications were sent to patients potentially affected by the attack to inform them that their protected health information may have been accessed or compromised in the attack. The files potentially compromised had been prepared by employees to facilitate patient processing. The documents contained some personal health information, with fewer than 50 having their Social Security numbers compromised. Those individuals have been offered free credit monitoring services, as have employees whose sensitive data were potentially accessed.


NCH Corporation Announces Data Breach

Permalink - Posted on 2021-08-06 15:00

Irving, TX-based NCH Corporation, an international marketer of maintenance products, has reported a suspected ransomware attack. Suspicious network activity was detected within its systems on March 5, 2021, “that caused certain systems in its network to become unavailable.” The breach report submitted to the HHS’ Office for Civil Rights indicates up to 11,427 individuals were affected.


Singapore: OrangeTee Real Estate Group Suffers Data Security Breach

Permalink - Posted on 2021-08-06 15:00

OT Group, the holding company of OrangeTee & Tie and OrangeTee Advisory, has suffered a data security breach, the Singapore real estate group said on Friday (Aug 6). The company said it received an email from a third party claiming to have accessed its IT network. The incident was reported to the relevant authorities. An investigation was launched to assess if the data held in the network could be compromised. OT Group said its preliminary investigations showed that there was a breach of data security.


Singapore: StarHub Suffers Data Breach

Permalink - Posted on 2021-08-06 15:00

Personal data including mobile numbers and email addresses of 57,191 customers have been found on a third-party data dump website, the Singapore telco says, adding that the leaked information appears to date back to 2007.


Blocked DDoS Attack Volumes Up, Tech, Healthcare and Finance Most Targeted

Permalink - Posted on 2021-08-05 15:00

Second quarter blocked DDoS attack volumes were up more than 40% compared to the same period in 2020, a Radware report reveals. The report provides an overview of DDoS attack trends by industry, as well as across applications and attack types. On average, a company had to detect and block nearly 5,000 malicious events and a volume of 2.3TB per month during the second quarter of 2021; During the second quarter of 2021, the average number of blocked malicious events per company was up more than 30% and the average blocked volume per company increased by more than 40% compared to the second quarter of 2020; During the first half of 2021, a company located in the Americas or Europe, the Middle East and Africa (EMEA) had to repel, on average, twice as much volume compared to a company located in in Asia-Pacific (APAC). The Americas and EMEA accounted for about 80% of the blocked attack volume during that same period.


73% of Businesses Suffered a Data Breach Linked to a Phishing Attack in the Past 12 Months

Permalink - Posted on 2021-08-05 15:00

Ransomware attacks have increased significantly during the past year, but phishing attacks continue to cause problems for businesses, according to a recent survey conducted by Arlington Research on behalf of security firm Egress. Almost three quarters (73%) of surveyed businesses said they had experienced a phishing related data breach in the past 12 months. The survey for the 2021 Insider Data Breach Report was conducted on 500 IT leaders and 3,000 employees in the United States and United Kingdom. The survey revealed 74% of organizations had experienced a data breach as a result of employees breaking the rules, something that has not been helped by the pandemic when many employees have been working remotely. More than half (53%) of IT leaders said remote work had increased risk, with 53% reporting an increase in phishing incidents in the past year. The increased risk from remote working is of concern, especially as many organizations plan to continue to support remote working or adopt a hybrid working model in the future. 50% of IT leaders believe remote/hybrid working will make it harder to prevent data breaches from malicious email attacks. There appears to be a disconnect, as only 61% of employees believe they are less likely or equally likely to cause a data breach when working from home.


UF Health Says PHI Potentially Compromised in May 2021 Cyber Attack

Permalink - Posted on 2021-08-05 15:00

On May 31, 2021, UF Health Central Florida experienced a cyberattack that affected Leesburg Hospital and The Villages Hospital. The security breach was announced by UF Health within a few hours of the attack being detected, although at the time it was unclear whether any patient data had been compromised in the incident. An investigation into the breach was conducted which determined the attackers had access to its computer network between May 29 and May 31, 2021, and while unauthorized access to patient data was not confirmed, UF Health has now reported that some patient data may have been accessible. The exposed data included names, addresses, dates of birth, Social Security numbers, health insurance information, medical record numbers and patient account numbers, and limited treatment information.


Energy Group ERG Reports Minor Disruptions After Ransomware Attack

Permalink - Posted on 2021-08-05 15:00

Italian energy company ERG reports "only a few minor disruptions" affecting its information and communications technology (ICT) infrastructure following a ransomware attack on its systems. ERG is the leading Italian wind power operator and among the top ten onshore operators on the European market, with a growing presence in France, Germany, Poland, Romania, Bulgaria, and the United Kingdom. The group operates in the wind energy, hydroelectric energy, solar energy, and high-yield thermoelectric cogeneration energy sectors.


Volume of Cyber Intrusion Activity Globally Jumped 125%

Permalink - Posted on 2021-08-05 15:00

A new report from Accenture has found that for the first half of 2021, the volume of cyber intrusion activity is up 125% globally compared to last year. Accenture said the report is based on their work with clients recovering from incidents. They attributed the increase in intrusions to web shell activity, ransomware incidents and supply chain attacks. While the US (36%) led the way as it usually does on the list of most targeted countries, the UK (24%) and Australia (11%) were not far behind. Ransomware dominated the report's section on malware, with the now-defunct REvil/Sodinokibi group accounting for 25% of attacks seen by Accenture's team. Accenture's insurance industry customers were targeted most often by ransomware groups making up 23% of all ransomware targets. Consumer goods and services companies, as well as telecommunications companies, were targeted heavily as well. The report also made clear what their main targets are. The report found that 54% of all ransomware or extortion victims were companies with annual revenues between $1 billion and $9.9 billion.


Over 60 Million Americans Exposed Through Misconfigured Database

Permalink - Posted on 2021-08-05 15:00

Security researchers have discovered an online database completely unsecured and exposed to the public internet, containing the personal details of at least 63 million Americans. A team at vpnMentor led by Ran Locar and Noam Rotem found the Elasticsearch database wide open during a “routine research project.” It soon traced the trove back to OneMoreLead, a B2B sales and marketing company which claims on its unfinished website to have a database of “40+ million 100% verified B2B prospects to search from.” The database itself contained around 126 million records. Depending on the number of duplicates in there, the number of affected individuals could be anywhere between 63 million and 126 million, vpnMentor claimed. Personally identifiable information (PII) featured in the trove included full names, job titles, personal email and home addresses, work email and office addresses, personal and work phone numbers, home IP addresses and employer names.


Great Britian: Isle of Wight Schools Hit by Ransomware

Permalink - Posted on 2021-08-04 15:00

Six schools on the Isle of Wight have been hit by a ransomware attack that resulted in the encryption of data and may delay the start of the new term. The attack, which encrypted data, hit the schools and their umbrella organisation the Isle of Wight of Education Federation between July 28th and 29th, according to the Federation. All the schools' websites have been offline since Friday. The schools affected were Carisbrooke College, Island 6th Form, Medina College, Barton Primary, Hunnyhill Primary and Lanesend Primary. Lanesend Primary announced that the start of the new in September may be delayed by several days.


Advanced Technology Ventures Discloses Ransomware Attack

Permalink - Posted on 2021-08-04 15:00

Silicon Valley venture capital firm Advanced Technology Ventures (ATV) this week announced that personal information of some of its private investors was stolen in a ransomware attack. In a notification letter sent to the Maine Attorney General’s office, ATV revealed that it discovered a ransomware infection in July and an investigation found that some of its data was stolen in the incident. Data on two servers holding financial information was encrypted and exfiltrated in the attack, the firm says. The compromised data, ATV reveals, includes personal information such as names, emails, phone numbers, and Social Security Numbers of individual investors.


Guidehouse Reports Breach Affecting Multiple Healthcare Provider Clients

Permalink - Posted on 2021-08-04 15:00

Ventura, CA-based Community Memorial Health System and Ithaca, NY-based Cayuga Medical Center, and Allentown, PA-based Lehigh Valley Health Network have been affected by a cyberattack at a vendor used by one a business associate. The three healthcare providers used Guidehouse for medical billing and collection services. On January 20, 2021, hackers gained access to the Accellion File Transfer Appliance (FTA) used by Guidehouse for transferring files to clients. For patients of Community Memorial Health System the files included sensitive patient information such as names, dates of birth, member ID addresses, and certain medical information. For Cayuga Medical Center patients, names, dates of birth, insurance account numbers, and certain medical information were potentially compromised. For Lehigh Valley Health Network, the potentially compromised data include names, medical record numbers, account numbers, dates of service, diagnosis and procedure names, billing or payer information and provider names.


Ransomware Volumes Hit Record Highs as 2021 Wears On

Permalink - Posted on 2021-08-04 15:00

Ransomware has seen a significant uptick so far in 2021, with global attack volume increasing by 151 percent for the first six months of the year as compared with the year-ago half. Meanwhile, the FBI has warned that there are now 100 different strains circulating around the world. From a hard-number perspective, the ransomware scourge hit a staggering 304.7 million attempted attacks within SonicWall Capture Labs’ telemetry. To put that in perspective, the firm logged 304.6 million ransomware attempts for the entirety of 2020.


92% of Pharmaceutical Companies Have at Least One Exposed Database

Permalink - Posted on 2021-08-03 15:00

Reposify released its Pharmaceutical Industry Attack Surface Exposures Report examining the security posture of the world’s leading pharmaceutical companies. he report analyzed eighteen leading pharmaceutical companies and their nine hundred plus subsidiaries worldwide to assess the prevalence of exposures of services, sensitive platforms, unpatched CVEs and other security issues. Among key insights were some troubling numbers: 92% of pharmaceutical companies had at least one exposed database with potential data leakage; 46% of pharmaceutical companies had an exposed SMB service. SMB exposures were previously exploited in other infamous attacks, like WannaCry, NotPetya and Nachi and Blaster worms; In 70% of pharmaceutical M&A deals in 2020 that were analyzed, the newly acquired subsidiary had a negative impact on the security posture of the parent company – adding tens, in some cases, hundreds of sensitive exposed and unpatched services.


Insurance Broker Gallagher Sued Over Ransomware Attack

Permalink - Posted on 2021-08-03 15:00

Insurance and benefits broker Arthur J. Gallagher is the target of a proposed class action lawsuit over a ransomware attack it suffered in 2020. The plaintiffs allege that Gallagher failed to follow federal and state government and industry standards to protect their personal information from hackers and failed to adequately notify or help individuals whose information was stolen. The plaintiffs claim that they, customers and other employees of Gallagher have suffered injuries, incurred costs and face the prospect of “present and imminent lifetime risk of identity theft.” The plaintiffs claim that criminals have already used the stolen personal data to attempt to steal certain identities. The lead plaintiffs are two former employees of Gallagher: Jason Myers of California and John Parsons of Louisiana. They seek unspecified damages and implementation by Gallagher of a host of compensatory and security measures. Arthur J. Gallagher, a large Illinois-based insurance and benefits broker, declined to comment on the lawsuit. The suit also names Gallagher’ third party administrator, Gallagher Bassett Services. The suit claims that hackers obtained personally identifiable information of thousands of Gallagher’s customers, potential customers, employees and other consumers, including Social Security numbers, tax identification numbers, driver’s licenses, passports, dates of birth, usernames and passwords, employee identification numbers, financial account information, credit card information, electronic signatures and medical records. The alleged injuries include out- of-pocket expenses associated with the identity theft, tax fraud, or unauthorized use of their information and increased risk because their information remains available on the dark web for individuals to access and abuse.


Coghlin Electrical Co. Hit with Ransomware Attack

Permalink - Posted on 2021-08-03 15:00

Worcester contractor Coghlin Electrical Corp. experienced a ransomware attack on Monday [July 26], although compromised files have been recovered, the Worcester Telegram & Gazette reported Friday. When reached via email by WBJ, Coghlin CEO Sue Mailman declined to expand on the situation.


Arkansas: Paxton Newspaper Employees' Data Copied, Company Reveals

Permalink - Posted on 2021-08-03 15:00

Paxton Media Group of Paducah, Kentucky, which owns the Jonesboro Sun, the Batesville Guard, the Daily Citizen of Searcy and other Arkansas newspapers, suffered a cyber attack that potentially compromised employees’ birthdates, Social Security numbers and banking data. The newspaper chain, which has been in acquisition mode, owns a total of 120 publications across 14 states, including the Log Cabin Democrat in Conway, the Courier in Russellville and the Paragould Daily Press. Its flagship paper is the Paducah Sun. In May, it acquired Landmark Community Newspapers LLC of Shelbyville, Kentucky, and all of its 47 papers. Current and former Paxton employees received a “notice of data privacy event,” and the hacking event was also reported to state consumer protection officials by Mullen Coughlin, a Pennsylvania law firm representing Paxton.


Ransom Demands Reaching $1.2 Million with Smaller Companies Increasingly Targeted

Permalink - Posted on 2021-08-03 15:00

From the first half of 2020 to 2021, the average ransom demand made to Coalition policyholders increased nearly threefold, from $450,000 to $1.2 million per claim. There was also an emergence of several aggressive new ransomware variants, including Mount Locker, HelloKitty, and Conti. While the average ransom demand steadily increased, the average payout made for ransomware claims decreased slightly from the first half of 2020 to the first half of 2021, reflective of its efforts to help policyholders negotiate ransoms and recover data backups. While ransomware has become more widespread and severe in the past year, many organizations continue to be targeted by less sophisticated attack techniques that exploit the new patterns of remote work. Nearly 50% of attacks against Coalition’s policyholders were initiated by phishing and social engineering.


Federal Agencies Are Failing to Protect Sensitive Data, Senate Report Finds

Permalink - Posted on 2021-08-03 15:00

Of eight federal agencies audited for their cybersecurity programs, only the Department of Homeland Security showed improvements in 2020, according to a report from the Senate Homeland Security and Governmental Affairs Committee. Released by the panel on Tuesday, the report expresses concerns about the state of federal agencies’ cyber posture during an overall 8% rise in security incidents across agencies. The report underscores the increased scrutiny of federal cybersecurity by lawmakers in the aftermath of a months-long alleged Russian cyber-espionage campaign the private sector first uncovered in December 2020. Russian hackers used a flaw in network management software SolarWinds to infiltrate nine government agencies. The report found that seven of the eight agencies reviewed still use legacy systems that no longer have security updates supported by their vendor. The practice can leave agencies vulnerable to foreign hacking, the report notes.


Household Data of 35 Million U.S. Residents Exposed in Database Mess Up

Permalink - Posted on 2021-08-03 15:00

Comparitech researchers published a report revealing details of an unprotected marketing database that leaked private details of about 35 million residents across Chicago, San Diego, and Los Angeles. Interestingly, the owner of this database hasn’t yet been identified. Reportedly, the Elasticsearch database wasn’t protected by a password, which is why it could have been accessed by anyone with access to a web browser, and a valid URL. The database was discovered by Bob Diachenko, head of Comparitech’s cybersecurity research team, on 26 June 2021. Diachenko suspects that this database could be a marketing firm’s scraping attempt, and the company stored it on a misconfigured server. Since the exposed database’s owner couldn’t be discerned, and it remained accessible until 27 July 2021, Amazon Web Services (AWS), which hosted the server where the database was stored, had to intervene and take it down to prevent it from landing in the wrong hands. However, it is pretty discomforting that it remained exposed for about a month, which was ample time for cybercriminals. Its time zone was set to Kolkata, India.


Ransomware Continues Its Marathon to New Records

Permalink - Posted on 2021-08-03 15:00

Cybercriminals always aim high when targeting organizations and demanding ransom. The pandemic has given opportunistic hackers time to come up with innovative phishing attacks and extortion schemes. And ransomware, in particular, has continued to reach unprecedented heights since the beginning of 2021. According to the 2021 Cyber Threat Report from SonicWall, ransomware attacks have increased rapidly, surpassing the number of attacks in 2020 and the first half of 2021. The report revealed that over 304.7 million ransomware attacks were reported globally in H1 2021, exceeding 304.6 million attacks in 2020, which is a 151% increase. High-profile extortion attacks on Colonial Pipeline, JBS Foods, health care, energy sectors, and the recent Kaseya attack have severely disrupted operations of organizations across the globe.


73% of Organizations Suffered Data Breaches Caused by Phishing in the Last Year

Permalink - Posted on 2021-08-03 15:00

Egress’ 2021 Insider Data Breach Survey has revealed that almost three-quarters (73%) of organisations have suffered data breaches caused by phishing attacks in the last year. Remote work has increased the risk, with over half (53%) of IT leaders reporting an increase in incidents caused by phishing. The research also revealed concerns over future hybrid working, with 50% of IT leaders saying it will make it harder to prevent breaches caused by malicious email attacks. The survey highlights the human cost of phishing – it found that in almost a quarter (23%) of organisations, employees who were hacked via a phishing email were fired or left voluntarily.


Texas: Harris County Sees PHI of 26,000 Individuals Exposed Online

Permalink - Posted on 2021-08-02 14:00

Harris County in Texas has discovered the personal and health information of thousands of individuals has been exposed online and was potentially accessed by unauthorized individuals. Under Harris County’s legally required reporting obligations, information is provided to the Harris County Justice Administration Department which includes System Person Numbers, which are unique identifiers that are assigned to individuals by the Harris County jail system. In addition to those numbers, some limited health information is provided related to the medical care individuals received at the County’s Jail Clinic, which includes health histories, diagnoses, and/or prescription information. The inadvertent disclosure of sensitive information was discovered by Harris County officials on July 9, 2021. Harris County determined that between March 15, 2021 and May 22, 2021, the above types of information were inadvertently made available on the Justice Administration Department’s website.


Canada: SD73's Insurance Provider for International Students Suffers Cyber Security Breach

Permalink - Posted on 2021-08-02 14:00

School District No. 73 (SD73, Kamloops-Thompson) said it was notified that guard.me, the travel and medical insurance provider for its international student program, experienced a cybersecurity breach incident. Personal information that may be impacted by this incident includes identity information, contact information, and other information provided to support submitted claims. SD73 said though it is not responsible for the privacy breach, it is following up with past and present international students to ensure they’re aware on the security breach, out of an abundance of caution.


Wawa Customers Win Initial Settlement Approval in Data Suit

Permalink - Posted on 2021-08-02 14:00

More than 22 million Wawa Inc. customers were granted preliminary class status Friday in a suit stemming from a data breach that led to the sale of their payment information on the dark web. Hackers accessed Wawa’s point-of-sale systems and installed malware targeting in-store payment terminals and gas station fuel dispensers in March 2019. Over the next several months, the hackers obtained customer payment card information, which they later offered for purchase online. Wawa disclosed the data breach in December 2019, and litigation ensued. The court’s case management plan split claims resulting from the data breach into consumer, employee, and financial institution tracks. In February, Wawa agreed to pay up to $12 million to settle claims from the customer track. The U.S. District Court for the Eastern District of Pennsylvania tentatively approved the settlement, which will provide gift cards or cash to the customers, and require the convenience store to strengthen its payment processing systems and enhance data security practices.


Cyber Security Jobs Crisis Getting Worse as Companies Keep Making Mistakes with Hiring

Permalink - Posted on 2021-08-02 15:00

A lack of business investment means cybersecurity teams are struggling to keep enterprise networks secure at a time when the rise in remote working is providing additional security challenges -- and it's having an impact on their well-being. A global study of cybersecurity professionals by information Systems Security Association (ISSA) and industry analyst firm Enterprise Strategy Group (ESG) warns that this lack of investment, combined with the challenge of additional workloads, is resulting in a skills shortage that's leading to unfilled jobs and high burnout among information security staff. According to the study, which surveyed over 500 cybersecurity professionals, 57 percent say a shortage of cybersecurity skills has impacted the organisation they work for, while just over ten percent report a significant impact. The effect is an increased workload for information security staff, according to 62 percent of respondents. That's had a knock-on effect on the mental health of information security staff, 38 percent of whom say they've experienced burnout as a result of extra work pressures during what was already a difficult year.


Toll "Unsure" If It Lawyered Up to Avoid ASD Assistance Following Ransomware Attack

Permalink - Posted on 2021-08-02 15:00

Australian logistics giant Toll is not sure whether it was the company that avoided assistance from the government when it was struck by ransomware. Last year, Toll found itself victim to ransomware on two occasions. Appearing before the Parliamentary Joint Committee on Intelligence and Security (PJCIS) as part of its review of the Security Legislation Amendment (Critical Infrastructure) Bill 2020 last month, Toll global head of information security Berin Lautenbach said his organisation had help from the Australian Signals Directorate (ASD), which included having software installed on its systems. During the hearing, Lautenbach, as well as the other organisations testifying before the PJCIS, was asked if it was his company ASD Director-General Rachel Noble was referring to when she revealed a company had declined to talk to the agency about an incident it had experienced. At the time, Lautenbach said "certainly not".


Italy: Hacker Attack on the Lazio Region. Vaccine Reservations Suspended

Permalink - Posted on 2021-08-02 15:00

Unprecedented hacker attack on the IT systems of the Lazio Region. A virus has taken offline the Region’s website, that of the Regional Council and the booking portal for vaccines against Covid-19. Systems went haywire about shortly after midnight today. From what AGI learned shortly after the attack, the virus that hit the region is a cryptolocker ransomware, a particular type of cyber attack where the attacker usually takes control of part or all of the computer system and to free him he asks in exchange for a ransom (ransom).


Organizations Still Rely on Weak Security for Remote Workers

Permalink - Posted on 2021-08-02 14:00

A new survey of enterprise IT security leaders showed almost 80 percent believe remote workers are at more risk for phishing attacks now because they’re isolated from their organizations’ security teams. Despite the significant threat increase, more than 59 percent of respondents felt solutions such as video training (27%), email reminders (20%), and VPNs (12%), were sufficient solutions by themselves to keep organizations safe from what those surveyed said were the biggest security breach fears: damage to brand and reputation, and legal jeopardy.


Thailand Vaccine Registration Site Experiences Data Breach

Permalink - Posted on 2021-08-02 14:00

The debut of Thailand’s new vaccine appointment registration site expatvac.consular.go.th has now opened to mixed reviews. Many reported a host of problems, but quite a few people said that in the end they received emails confirming their registration and forthcoming appointments. And of course, it opened to a data breach. The vaccine registration site launched at 11 am and within minutes people were reporting crashes, errors, and that people’s private information was unprotected and visible online. Screenshots of publicly accessible backdoors that revealed the emails and personal details of over 20,000 applicants started appearing online raising safety and privacy concerns. It appears the data breach has now been patched.


Zoom Agrees to Settle Lawsuit Over "Zoom Bombing"

Permalink - Posted on 2021-08-02 14:00

The videoconferencing company said it would pay $85 million to settle the suit, which claimed that it violated users’ privacy, in part by allowing hackers to interrupt online meetings.


Hackers Leak Full Electronic Arts Data

Permalink - Posted on 2021-08-02 14:00

The hackers who breached Electronic Arts last month have released the entire cache of stolen data after failing to extort the company and later sell the stolen files to a third-party buyer. The data, dumped on an underground cybercrime forum on Monday, July 26, is now being widely distributed on torrent sites. According to a copy of the dump obtained by The Record, the leaked files contain the source code of the FIFA 21 soccer game, including tools to support the company’s server-side services.


Hospitals Still Use Pneumatic Tubes - and They Can Be Hacked

Permalink - Posted on 2021-08-02 14:00

Pneumatic tubes may seem like wonky and antiquated office tech, more suited to The Hudsucker Proxy than a modern-day health care system. Yet they're surprisingly common. Swisslog Healthcare, a prominent medical-focused pneumatic tube system maker, says that more than 2,300 hospitals in North America use its “TransLogic PTS” platform, as do 700 more elsewhere in the world. The nine vulnerabilities that researchers from the embedded device security company Armis found in Swisslog's Translogic Nexus Control Panels, though, could let a hacker take over a system, take it offline, access data, reroute deliveries, or otherwise sabotage the pneumatic network.


Illinois AG Raoul Spends $2.5M on Ransomware Hack

Permalink - Posted on 2021-08-02 14:00

llinois Attorney General Kwame Raoul's office spent more than $2.5 million for cybersecurity after a ransomware hack in April that put the personal data of an unknown number of residents at risk and came after federal authorities told him that his office's cybersecurity systems were lacking. Raoul declined to acknowledge just how much hackers were demanding in the attack, but told the Better Government Association and Chicago Tribune that he was angered, frustrated and embarrassed by the attack.


Accidental Disclosures of PHI at Los Angeles Fire Department and Standard Modern Company

Permalink - Posted on 2021-07-30 15:00

The Los Angeles Fire Department has discovered the COVID-19 vaccination statuses of 4,900 employees has been accidentally exposed online. A list that included the full names of employees, dates of birth, employee numbers, and COVID-19 vaccination information (vaccination dates, doses, or declined vaccine) had been published on a website accessible to the public. During the time that the website was active, it was possible to visit the site and conduct searches of the database for names and employee numbers. The database was not password protected and no information had to be entered to authenticate users. If a wildcard search was conducted, a table was generated that listed the data of all 4,900 employees.


More Than 447K Patients Affected by Phishing Attack on Orlando Family Physicians

Permalink - Posted on 2021-07-30 15:00

Email accounts containing the protected health information of 447,426 patients of Orlando Family Physicians in Florida have been accessed by an unauthorized individual. Orlando Family Physicians said the first email account was compromised on April 15, 2021 as a result of an employee responding to a phishing email and disclosing their account credentials.


South Africa: Blood Service Hit by Cyber Attack

Permalink - Posted on 2021-07-30 15:00

The Western Cape Blood Service (WCBS) has confirmed its information systems have been hit by a cyberattack. The non-profit regional health organisation collects blood from voluntary blood donors in the Western Cape and provides safe blood products and services to the community. In response to questions on Facebook about the exposure of personal information, WCBS said it was still investigating the extent of the attack and would communicate once it had learned more. The WCBS attack comes a week after the IT applications of Transnet Port Terminals were disrupted by a ransomware attack.


North Carolina: Sandhills Center Sees Exfiltration of 634 GB of Files

Permalink - Posted on 2021-07-30 14:00

Sandhills Center in North Carolina manages public mental health, intellectual/developmental disabilities and substance use disorder services for the citizens of Anson, Guilford, Harnett, Hoke, Lee, Montgomery, Moore, Randolph and Richmond counties. As a publicly-funded Local Management Entity-Managed Care Organization (LME-MCO), Sandhills Center does not provide services directly, but describes itself as an agent of the North Carolina Department of Health & Human Services (NCDHHS). On some date unknown to DataBreaches.net, Sandhills Center was allegedly hacked by threat actors who claim to have exfiltrated 634 GB of data. The incident is posted on a web site run by “Marketo,” who auction or sell data from incidents.


Canada: Prisoners at Mission Institution Sue Authorities Over Alleged Privacy Breach

Permalink - Posted on 2021-07-30 14:00

The 47 prisoners say that from about April 2020 to July 2020 employees and servants of the federal medium and minimum security prison posted notices on a food services cart or multiple food services carts containing personal and medical information. They say the info included their names, fingerprint serial numbers and cell numbers, as well as prescription medications including methadone or suboxone, and any dietary or allergy restrictions.


California: City of Grass Valley Among Latest Local Governments Hit by Cyberattack

Permalink - Posted on 2021-07-30 14:00

Cybercriminals recently struck the City of Grass Valley with a ransomware attack that has many asking questions. Grass Valley isn’t the first city in the region to become targets, and likely won’t be the last. Though, it came as a surprise to some community members that the city decided to pay the attacker’s ransom. The City of Grass Valley wouldn’t release how much the ransom was that they paid, or how much their insurance policy is – concerned about another attack in the future. Though, they did say the city has a $50,000 deductible.


Amazon Gets $888 Million GDPR Fine for Behavioral Advertising

Permalink - Posted on 2021-07-30 14:00

Amazon has quietly been hit with a record-breaking €746 million fine for alleged GDPR violations regarding how it performs targeted behavioral advertising. The fine was issued by Luxembourg's Commission nationale pour la protection des données (CNPD), an independent public agency established to monitor the legality of the collection and use of personal information. In an SEC Form 10-Q filed today, Amazon states that this massive fine came out of CNPD in July 2021, which fined them for improper processing of personal data.


Canada: Calgary's Parking Authority Exposed Drivers' Personal Data and Tickets

Permalink - Posted on 2021-07-29 15:00

If you parked your car in one of the thousands of parking spots across Calgary, there’s a good chance you paid the Calgary Parking Authority for the privilege. But soon you might be hearing from the authority after a recent security lapse exposed the personal information of vehicle owners. The parking authority oversees about 14% of the paid parking spots in the Calgary region, and lets drivers pay to park their cars by a parking kiosk, online, or through the phone app by entering their vehicle’s license plate number and payment details. But a logging server used to monitor the authority’s parking system for bugs and errors was left on the internet without a password. The server contained computer-readable technical logs, but also real-world events like payments and parking tickets that contained a driver’s personal information. A review of the logs by TechCrunch found contact information, like driver’s full names, dates of birth, phone numbers, email addresses and postal addresses, as well as details of parking tickets and parking offenses — which included license plates and vehicle descriptions — and in some cases the location data of where the alleged parking offense took place. The logs also contained some partial card payment numbers and expiry dates. None of the data was encrypted.


Estonia: Hacker Downloads Close to 300,000 Personal ID Photos

Permalink - Posted on 2021-07-29 15:00

A hacker was able to obtain over 280,000 personal identity photos following an attack on the state information system last Friday. The suspect is reportedly a resident of Tallinn. The culprit had already obtained personal names and ID codes and was able to obtain a third component, the photos, by making individual requests from thousands of IP addresses.


Unknown Number of British Columbians' Personal Information for Sale Online After Health Company Extorted

Permalink - Posted on 2021-07-29 15:00

CTV News has learned the personal information of British Columbians has been leaked online, with an unknown number of people and agencies potentially still vulnerable, after a data breach at a mental health services provider. Homewood Health, headquartered in Ontario with services and contracts across Canada, acknowledges it was hacked earlier this year and has recently begun contacting affected companies and agencies whose information may be compromised, including BC Housing, TransLink and the Provincial Health Services Authority. CTV News has confirmed at least some of the information leaked online is authentic, though the bulk of the data is still on the auction block at Marketo, a site that describes itself as a "leaked data marketplace."


Average Tme to Fix High Severity Vulnerabilities Grows from 197 Days to 246

Permalink - Posted on 2021-07-29 15:00

According to NTT Application Security researchers, the time to fix vulnerabilities has dropped 3 days, from 205 days to 202 days. The average time to fix is 202 days, the report found, representing an increase from 197 days at the beginning of the year. The average time to fix for high vulnerabilities grew from 194 days at the beginning of the year to 246 days at the end of June. Remediation rates have also decreased across all vulnerability severities, with rates for critical vulnerabilities falling from 54% at the beginning of the year to 48% at the end of June. Rates for high vulnerabilities decreased from 50% at the beginning of the year to 38% at the end of June.


Chipotle's Marketing Account Hacked to Send Phishing Emails

Permalink - Posted on 2021-07-29 15:00

Hackers have compromised an email marketing account belonging to the Chipotle food chain and used it to send out phishing emails, luring recipients to malicious links. Most of the messages directed users to credential-harvesting sites impersonating services from a financial business and Microsoft.


McLaren Health Care and Greenwood Leflore Hospital Impacted by Elekta Ransomware Attack

Permalink - Posted on 2021-07-28 15:00

McLaren Health Care Corporation (MHCC), the operator of 15 hospitals and over 100 primary care locations in Michigan and Ohio, has announced the protected health information of 64,600 of its cancer patients may have been compromised in a ransomware attack on vendor Elekta Inc.


Northern Ireland Suspends Vaccine Passport System After Data Leak

Permalink - Posted on 2021-07-28 15:00

Northern Ireland's Department of Health (DoH) has temporarily halted its COVID-19 vaccine certification online service following a data exposure incident. Some users of the COVIDCert NI service were presented with data of other users, under certain circumstances, says the Department. This data incident comes at a time when there's much scrutiny and worry concerning COVID-19 vaccine passports among some members of the public.


Average Organization Targeted by Over 700 Social Engineering Attacks Each Year

Permalink - Posted on 2021-07-28 15:00

Barracuda analysts examined more than 12 million spear phishing and social engineering attacks impacting more than 3 million mailboxes at over 17,000 organizations between May 2020 and June 2021. The "Spear Phishing: Top Threats and Trends Vol. 6 -- Insights" report found that 43% of phishing attacks impersonate Microsoft and the average organization is targeted by over 700 social engineering attacks each year. Nearly 80% of BEC attacks target employees outside of financial and executive roles, with the average CEO receiving 57 targeted phishing attacks each year and IT staffers getting an average of 40 targeted phishing attacks annually. Cryptocurrency-related attacks also grew 192% between October 2020 and April 2021, and the researchers noted that the number of attacks rose alongside the general price of various cryptocurrencies. Almost 50% of all socially engineered threats the company saw over the past year were phishing impersonation attacks, and nearly all included a malicious URL.


Misconfigured Azure Blob at Raven Hengelsport Exposed Records of 246,000 Anglers

Permalink - Posted on 2021-07-28 15:00

Dutch fishing supply specialist Raven Hengelsport left details of around 246,000 customers visible to anyone on a misconfigured Microsoft Azure cloud server for months. The unsecured Azure Blob Storage server, hosting 18GB of company data covering at least 246,000 customers across 450,000 records, was spotted by the security arm of antivirus review site SafetyDetectives in early March.


Enterprise Data Breach Cost Reached Record High During COVID-19 Pandemic

Permalink - Posted on 2021-07-28 15:00

The average cost of a data breach has now reached over $4 million, hitting a record high during the COVID-19 pandemic. On Wednesday, IBM Security released its annual "Cost of a Data Breach" report, which estimates that in 2021, a typical data breach experienced by companies now costs $4.24 million per incident, with expenses incurred now 10% higher than in 2020 when 1,000 -- 100,000 records are involved. So-called "mega" breaches impacting top enterprise firms responsible for the exposure of between 50 million and 65 million records now also come with a higher price tag -- reaching an average of $401 million to resolve.


Judson ISD's Ransomware Nightmare Won't Be Cheap

Permalink - Posted on 2021-07-27 15:00

Judson Independent School District hasn’t escaped from its ransomware attack nightmare yet. And Bexar County’s fourth largest school district’s confusing updates are making a frustrating situation harder for its 26,600 students and staff. On June 17, the Northeast Side district announced its communications and computer systems had been hobbled by hackers. Not long after that, Judson officials set up alternate e-mail, phone and internet connections. Similar attacks over the last year have cost much smaller Texas school districts between $50,000 and $2.3 million each, and cyber experts say that’s only the beginning. Besides ransom, each attack costs exponentially more when you consider the response, remediation, recovery and upgrade costs. In Maryland, a ransomware attack in November cost Baltimore County Public Schools an estimated $8.1 million. The district released a spreadsheet breaking down the costs in May. The district’s initial emergency recovery cost $2 million, with longer-term upgrades exceeding $6 million. Its estimates not only included the technology costs, but also the various costs associated with the breach, such as consulting, public relations, legal fees and negotiation services. The district only recovered a portion of the $2 million initial response costs from insurance. And, interestingly, the Baltimore County Public Schools never disclosed whether it paid a ransom. If it paid a ransom, the actual cost is likely higher than $8.1 million.


South Africa's Port Terminals Still Disrupted Days After Cyber Attack

Permalink - Posted on 2021-07-27 15:00

South Africa's state-owned logistics firm said Tuesday it was working to restore systems following a major cyber-attack last week that hit the country's key port terminals. The attack began on July 22 but continued, forcing Transnet to switch to manual systems, it said. In a letter to its customers dated Monday, the company declared a force majeure -- a clause that prevents a party from fulfilling a contract because of external and unforeseen circumstances. It said it had "experienced an act of cyber-attack, security intrusion and sabotage, which resulted in the disruption of... normal processes and functions." The attack has affected ports in Durban -- the busiest in sub-Saharan Africa -- as well as Cape Town, Port Elizabeth and Ngqura, Transnet said in the "confidential" notice seen by AFP on Tuesday.


HP Finds 75% of Threats Were Delivered by Email in First Sx Months of 2021

Permalink - Posted on 2021-07-27 15:00

According to the latest HP Wolf Security Threat Insights Report, email is still the most popular way for malware and other threats to be delivered, with more than 75% of threats being sent through email messages. The report -- covering the first half of 2021 -- is compiled by HP security analysts based on customers who opt to share their threat alerts with the company. HP's researchers found that there has been a 65% rise in the use of hacking tools downloaded from underground forums and filesharing websites from H2 2020 to H1 2021. Some of the tools are able to solve CAPTCHA challenges using computer vision techniques. Some of the most targeted sectors include manufacturing, shipping, commodity trading, maritime, property and industrial supplies.


Indonesia's BRI Life Probes Reported Data Leak of 2 Million Users

Permalink - Posted on 2021-07-27 15:00

BRI Life, the insurance arm of Indonesia's Bank Rakyat Indonesia said on Tuesday it was investigating claims that the personal details of over two million of its customers had been advertised for sale by unidentified hackers. Hudson Rock, a cybercrime monitoring firm, told Reuters that it had found evidence which showed that multiple computers belonging to BRI and BRI Life employees had been compromised. In a post on the RaidForums website earlier on Tuesday, an unnamed user said they were selling a collection of 460,000 documents compiled from the user data of over two million BRI Life clients for $7,000. The post was accompanied by a 30 minute video of the documents, which included bank account details, as well as copies of Indonesian identification cards and taxpayer details.


Florida DEO Discloses Data Breach Affecting 58,000 Accounts

Permalink - Posted on 2021-07-27 15:00

Florida's Department of Economic Opportunity (DEO) has disclosed a data breach that affected its unemployment benefits system and targeted 57,920 claimant accounts. The breach affected accounts within the Reemployment Assistance Claims and Benefits Information System, commonly known as CONNECT, officials wrote in a July 23 letter to those affected. Personal information may have been taken from DEO between April 27, 2021, and July 16, 2021, when officials reportedly learned of the incident, the letter states. Information inside the accounts that may have been accessed includes Social Security number, driver's license number, bank account numbers, claim information, and other personal data including address, phone number, and date of birth. Attackers may have also accessed the PIN used to access the CONNECT account.


77% of Organizations Are Unable to Access Systems or Networks Post-Ransomware Attack

Permalink - Posted on 2021-07-27 15:00

New data from Keeper Security’s 2021 Ransomware Impact Report highlights some of the forgotten impacts to an organization’s productivity post-attack: Over three-quarters (77%) were unable to access needed systems or networks; 28% of outages lasted over a week; 26% of organizations were unable to fully perform job duties for at least a week; 33% faced difficult learning curves around new protocols; 21% were unable to access online tools and applications normally used; 36% of user had limited access to IT support for non-security related issues


36% of Organizations Suffered a Serious Cloud Security Data Leak or a Breach in the Past Year

Permalink - Posted on 2021-07-27 15:00

The primary causes of cloud misconfiguration cited are too many APIs and interfaces to govern (32%), a lack of controls and oversight (31%), a lack of policy awareness (27%), and negligence (23%). 21% said they are not checking Infrastructure as Code (IaC) prior to deployment, and 20% aren’t adequately monitoring their cloud environment for misconfiguration.


Cyber Attack Shuts Down Services in Greece's Second-Largest City

Permalink - Posted on 2021-07-26 15:00

Deputy Mayor of Business Planning, e-Government and Migration Policy Giorgos Avarlis saying the city – Greece's second-largest - closed its services and web applications, “so that proper investigations can be carried out and we do not risk being attacked again,” with no report what kind of defenses it has. Speaking to local radio, Avarlis said that a malicious virus had been installed, with hackers asking for a “ransom” to “unlock” the files, although it wasn't said how much or if he was paid.


Paperwork Containing PHI of Oklahoma Heart Hospital Patients Accidentally Donated to Charity

Permalink - Posted on 2021-07-26 15:00

Oklahoma Heart Hospital has started notifying certain patients about a privacy incident in which paperwork containing limited patient information was accidentally donated to charity. The notes included information such as patients’ names, medical record numbers, OHH visit numbers, dates of birth, ages, admit dates, genders, and clinical information consisting of diagnosis, lab results, medications and/or treatment information.


Check Point Reports 93% Surge in Smart Ransomware Attacks Over Past Year

Permalink - Posted on 2021-07-26 15:00

Israel’s Check Point Software Technologies Ltd., a maker of cybersecurity firewalls, said Monday that it is seeing a 93% surge in global ransomware attacks, as large scale, multi-vector attacks that infect multiple components are the “new norm.” Generation V attacks, which two years ago were considered rare, have become extremely common today, Shwed said at a press conference in Tel Aviv while presenting the financial results. Gen V attacks are large scale, multi-vector attacks, aimed at infecting a number of components, including networks, the cloud, and all kinds of connected devices.


First Came the Ransomware Attacks, Now Come the Lawsuits

Permalink - Posted on 2021-07-26 15:00

Another lawsuit filed against Colonial in Georgia in May seeks damages for consumers who had to pay higher gas prices. A third is in the works, with law firm Chimicles Schwartz Kriner & Donaldson-Smith LLP pursuing a similar effort. And Colonial isn’t the only company being sued. San Diego-based hospital system Scripps Health is facing class-action lawsuits stemming from a ransomware attack in April. Cybersecurity lapses at major companies have led to class-action lawsuits and settlements in the hundreds of millions of dollars. Retailer Target paid $10 million to consumers and $39 million to banks after hackers broke into its systems and stole personal information in 2013. Home Depot brokered a similar settlement with shoppers who had their credit card information stolen from the home improvement store’s computers.


Florida Heart Associates Recovering from Ransomware Hack

Permalink - Posted on 2021-07-26 15:00

It's a sticky situation that the CEO of Florida Heart Associates, Todd Rauchenberger, tells FOX 4 the company found itself in, in May. They ultimately chose not to pay and were able to get control back, but not before hackers took down their phone lines and essentially destroyed their entire system. The family of an FHA patient says they've been trying to get their loved one seen by a doctor for months. "You can't get in to get an appointment," said Brittany Wallace, "No one ever called and then we get a letter in the mail a couple of weeks after that stating that patients' information was [exposed] or that their system was hacked." And Wallace says the hack came at scary time. "One of his important medications that he didn't have any refills on was about to run out," he said. FHA tells FOX 4 that they've lost staff as a result of the hack and only just got their phones back online. In all, they estimate that they're operating at about 50 percent right now.


Tokyo 2020 Hit by Data Breach

Permalink - Posted on 2021-07-26 15:00

The user names and passwords of Tokyo 2020 Olympic Games ticket holders and event volunteers were reportedly leaked online, a Japanese government official said last week. The official told Kyodo news agency on condition of anonymity that the stolen credentials could be used to log on to websites for volunteers and ticket holders, compromising personal data such as names, addresses and bank account numbers.


California Breach Regulations and Definitions Expand

Permalink - Posted on 2021-07-23 15:00

California clinics, health facilities, home health agencies, and licensed hospices required to report breaches to the California Department of Public Health (CDPH) under California’s Health and Safety Code Section 1280.15 (Section 1280.15) are now subject to a new set of regulations. Section 1280.15, which has been in effect for a number of years, requires certain licensed California health care facilities to “prevent unlawful or unauthorized access to, and use or disclosure” of medical information and report any unlawful or unauthorized access, use, or disclosure of a patient’s medical information to the CDPH and the patient no later than 15 business days after discovery. The new regulations implementing Section 1280.15 expand the exceptions to the breach notification reporting requirement, impose requirements for the type of information that must be submitted to the CDPH in the event of a breach, and clarify the penalties available in the event of a violation of the regulations. This alert outlines the major takeaways from these new regulations and how they may affect California health care facilities moving forward.


AIG Unit Must Defend Texas Retailer in Data Breach Case

Permalink - Posted on 2021-07-23 15:00

A federal appeals court reversed a lower court Wednesday and ruled an American International Group Inc. unit is obligated to defend a retailer in connection with a data breach. Houston-based Landry’s Inc., which operates retail properties including restaurants, hotels and casinos, discovered a data breach that occurred between May 2014 and December 2015 that involved the unauthorized installation of a program on its payment processing devices, according to Wednesday’s ruling by the 5th U.S. Circuit Court of Appeals in New Orleans in Landry’s Inc. v. The Insurance Co. of the State of Pennsylvania. Over about a year-and-a-half, the program retrieved personal information from millions of credit cards and at least some of that information was used to make unauthorized charges, the ruling said. The issue led to litigation between Landry’s and its credit card processor, Paymentech LLC, a unit of JPMorgan Chase Bank N.A. Paymentech alleged Landry’s was obligated to pay it $20.1 million.


Fear Patient Data May Have Been Stolen from Auckland DHBs

Permalink - Posted on 2021-07-23 15:00

A data breach may have occurred at the organisation that provides health IT services to more than a third of the country, amid growing indications of a serious cyber-security incident. A spokeswoman for the Office of the Privacy Commissioner said it was notified by Counties Manukau DHB of a possible data breach on Wednesday. The notification was made by the DHB on behalf of HealthAlliance, which also provides the IT services used by Auckland, Waitemata and Northland district health boards.


CaptureRx Facing Multiple Class Action Lawsuits Over Ransomware Attack

Permalink - Posted on 2021-07-23 15:00

The healthcare administrative services provider CaptureRx is facing multiple class action lawsuits for failing to protect patient data, which was obtained by unauthorized individuals in a February 2021 ransomware attack. NEC Networks, doing business as CaptureRx, provides IT services to hospitals to help them manage their 340B drug discount programs. Through the provision of those services, CaptureRx is provided with the protected health information of patients. Around February 6, 2021, CaptureRx identified suspicious activity in some of its IT systems, which included the encryption of files. The investigation confirmed that files containing the protected health information of 2,400,000 or more patients were compromised in the attack.


Connecticut Enacts Safe Harbor from Punitive Damages in Data Breach Cases

Permalink - Posted on 2021-07-23 15:00

Effective October 1, 2021, Connecticut becomes the third state with a data breach litigation “safe harbor” law (Public Act No. 21-119), joining Utah and Ohio. In short, the Connecticut law prohibits courts in the state from assessing punitive damages in data breach litigation against a covered defendant that created, maintained, and complied with a cybersecurity program that meets certain requirements. Cyberattacks are on the rise – think Colonial Pipeline, Kaseya, JBS, and others – with ransomware attacks up 158 percent from 2019-2020 in North America. The hope is this law will provide covered entities of all sizes an incentive to implement stronger controls over their information systems.


Office Douments Deliver 43% of All Malware Downloads

Permalink - Posted on 2021-07-23 15:00

Malware delivered over the cloud increased by 68% in Q2, according to data from cybersecurity firm Netskope. The company released the fifth edition of its Cloud and Threat Report that covers the cloud data risks, threats and trends they see throughout the quarter. The report noted that cloud storage apps account for more than 66% of cloud malware delivery.


Uber Found to Have Interfered with Privacy of Over 1 Million Australians

Permalink - Posted on 2021-07-23 15:00

Australian Privacy Commissioner has ordered Uber to comply with Australian Privacy Principles after finding the tech giant interfered with the privacy of 1.2 million Aussies when it suffered a data breach, and covered it up, back in 2016.


German Pharmacies Stop Issuing COVID Vaccine Passes After Security Breach

Permalink - Posted on 2021-07-23 15:00

German pharmacies have stopped issuing digital COVID-19 vaccination certificates after hackers created passes from fake outlets, the industry association said on Thursday, the latest blow to the inoculation drive. Germans who have been fully vaccinated are entitled to a certificate which allows them more freedoms, especially to travel. Pharmacies and vaccination centres issue them. The German Pharmacists' Association (DAV) said hackers had managed to produce two vaccination certificates by accessing the portal and making up pharmacy owner identities. DAV were alerted to the fact by the Handelsblatt newspaper.


U.K. Firearms Sales Website's CRM Database Breached

Permalink - Posted on 2021-07-23 15:00

Criminals have hacked into a Gumtree-style website used for buying and selling firearms, making off with a 111,000-entry database containing partial information from a CRM product used by gun shops across the UK. The Guntrader breach earlier this week saw the theft of a SQL database powering both the Guntrader.uk buy-and-sell website and its electronic gun shop register product, comprising about 111,000 users and dating between 2016 and 17 July this year. The database contains names, mobile phone numbers, email addresses, user geolocation data, and more including bcrypt-hashed passwords. It is a severe breach of privacy not only for Guntrader but for its users: members of the UK's licensed firearms community.


TikTok Fined €750,000 for Violating Children's Privacy

Permalink - Posted on 2021-07-23 15:00

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens – AP) announced Thursday that it has imposed a fine of €750,000 on TikTok “for violating the privacy of young children”. More specifically, TikTok failed to provide a privacy statement in the Dutch language, making it difficult for young children to understand what would happen to their data. The fine stems from a wider investigation that has now been passed to the Irish Data Protection Authority. When the investigation started, TikTok had no European headquarters and could be investigated by any national authority.


UPMC Settles Employee Data Breach Lawsuit for $2.65 Million

Permalink - Posted on 2021-07-22 15:00

UPMC has proposed a $2.65 million settlement to resolve a data breach lawsuit filed by employees affected by a February 2014 data breach. Pittsburg, PA-based UPMC announced the data breach in February 2021 and initially believed the attackers had only obtained the tax-information of a few hundred of its employees; however, in April 2014, UPMC determined that the breach was far more extensive and had affected 27,000 of its 66,000 employees. In May 2014, UPMC confirmed that the personal data of all of its employees had likely been compromised. The data compromised in the attack included names and Social Security numbers, some of which were used by the attackers to file fraudulent tax returns. Four individuals involved in the cyberattack have been charged and pleaded guilty to tax fraud and identity theft charges. They attempted to obtain around $2.2 million in tax refunds and received $1.7 million from the IRS.


Talbert House Investigating Hack and Theft of Employee and Client Data

Permalink - Posted on 2021-07-22 15:00

On July 9, threat actors calling themselves “Marketo” added a listing to their leak site for Talbert House in Ohio. Talbert House is an agency with a network of services focusing on prevention, assessment, treatment and reintegration for clients with a variety of issues. Their affiliates include the Council on Child Abuse of Southern Ohio (COCA), Gateways (an outpatient recovery center providing assessment, education and treatment services for adults struggling to cope with alcohol and/or drug use and mental health), and Health Care Access Now (HCAN) (providing access to health care for medically underserved populations). According to their web site, last year, Talbert House served more than 21,000 clients face to face with an additional 96,000 receiving prevention and hotline services. Whatever good karma they may have accrued wasn’t enough to protect them from a cyberattack.


Kaseya Ransomware Attack Highlights Cyber Vulnerabilities of Small Businesses

Permalink - Posted on 2021-07-22 15:00

The recent ransomware attack on software group Kaseya hit small businesses especially hard, targeting companies that often have few resources to defend themselves and highlighting long-standing vulnerabilities. The attack has been made worse during the pandemic when cyber threats against small businesses have multiplied, and companies have scrambled to stay afloat. “When large businesses aren’t doing the basics it’s negligence,” Kiersten Todt, managing director of the Cyber Readiness Institute, told The Hill. “When small businesses aren’t doing the basics, it’s often because they don’t have the resources, or the knowledge, or the education,” Todt added. The concerns around small businesses have been laid bare in the past week following the attack on Kaseya, which impacted up to 1,500 businesses using services of Kaseya customers.


TicketClub Italy Database Offered in Dark Web

Permalink - Posted on 2021-07-22 15:00

TicketClub is an Italian company providing a mobile-based coupons platform for offline purchases. Their clients include Burger King, McDonald’s, Cinecittà World, Rainbow Magicland, and many other enterprises having coupon and loyalty programs. The actor having the alias “bl4ckt0r” has published TicketClub Italy database with over 340,957 users for sale and released several meaningful data dumps which may confirm the breach. The information has been originally published at RaidForums which are known for the illegal selling of any data loss from Internet portals and insecure online services.


Ransomware Gang Breached CNA's Network via Fake Browser Update

Permalink - Posted on 2021-07-22 15:00

Leading US insurance company CNA Financial has provided a glimpse into how Phoenix CryptoLocker operators breached its network, stole data, and deployed ransomware payloads in a ransomware attack that hit its network in March 2021. As revealed by the US insurer, the attackers first breached an employee's workstation on March 5 using a fake and malicious browser update delivered via a legitimate website. The ransomware operator obtained elevated privileges on the system via "additional malicious activity" and then moved laterally through CNA's network, breaching and establishing persistence on more devices.


Cyber Attack Disrupts Major South African Port Operations

Permalink - Posted on 2021-07-22 15:00

A cyber attack has disrupted container operations at the South African port of Cape Town, an email seen by Reuters on Thursday said. Durban, the busiest shipping terminal in sub-Saharan Africa, was also affected, three sources with direct knowledge of the matter told Reuters. Cape Town Harbour Carriers Association said in an email to members, seen by Reuters: "Please note that the port operating systems have been cyber-attacked and there will be no movement of cargo until the system is restored." Transnet's official website was down on Thursday showing an error message.


DDoS Attacks Increased 33% in H1 2021

Permalink - Posted on 2021-07-21 15:00

Between January and June, there were record numbers of attacks compared to the same period last year. The report also found that between Q1 2021 and Q2 2021 there was a 19% increase in DDoS campaigns, some of which were over 100 Gbps in attack volume; further evidence that hackers are continuing to exploit the vulnerabilities of businesses during the pandemic.


U.S. Congress Cancels Service Contract with Provider That Failed to Report Ransomware Attack

Permalink - Posted on 2021-07-21 15:00

The Office of the Chief Administrative Officer (CAO) -- which provides support services to US House members of both parties -- sent a letter to members of Congress announcing that it has terminated all contracts with iConstituent and will no longer be authorizing the platform's use because of multiple cybersecurity incidents. iConstituent is currently used by about 60 House members and was designed to facilitate communication between politicians and local residents. But in May the platform was hit with a ransomware attack and Chief Administrative Officer of the House Catherine Szpindor told Punchbowl News that the attack targeted iConstituent's e-newsletter system, which House members buy access to.


Ransomware Attack on Israeli IT Company Impacts More Than 100 Customers

Permalink - Posted on 2021-07-21 15:00

Shahaf reports that Pionet , which is owned by Malam Tim, suffered a ransomware attack that has paralyzed many of the company’s systems and the sites of more than a hundred of the company’s customers, including Assuta, Rambam, Hadassah, Budget Car Rental Company, Sonol Fuel Company, and Apple importer Idigital. Idigital’s customers include the Israel Electric Corporation and Israel Railways. The attackers have reportedly demanded a ransom of about half a million shekels (conversion: $151,861.82 USD). A ransom note demands an immediate/preliminary payment of $5000.00 in Monero.


Over 80 U.S. Municipalities' Sensitive Information Exposed in Massive Breach

Permalink - Posted on 2021-07-21 15:00

WizCase’s team of ethical hackers, led by Ata Hakçıl, has found a major breach exposing a number of US cities, all of them using the same web service provider aimed at municipalities. This breach compromised citizens’ physical addresses, phone numbers, IDs, tax documents, and more. Due to the large number and various types of unique documents, it is difficult to estimate the number of people exposed in this breach. There was no need for a password or login credentials to access this information, and the data was not encrypted.


Walter’s Automotive Group Sees Customers PII Posted in Data Dump

Permalink - Posted on 2021-07-21 15:00

Credit reports for a few thousand customers of Audi Ontario and Porsche Ontario dealerships were dumped by ransomware threat actors who claim they locked Walter’s Automotive Group and exfiltrated data, but Walter’s would not respond to them. More than 22,000 driver’s license images were also in the data dump.


Three More Healthcare Providers Affected by Elekta Ransomware Attack

Permalink - Posted on 2021-07-20 14:00

Three more healthcare providers have announced they have been affected by the recent ransomware attack on the Swedish radiation therapy and radiosurgery solution provider Elekta Inc. Elekta provides a cloud-based mobile application called SmartClinic, which is used by healthcare providers to access patient information for cancer treatments. Cybercriminals gained access to Elekta’s systems between April 2, 2021 and April 20, 2021 exfiltrated the SmartClinic database prior to deploying ransomware and encrypting files. The database contained the personal and protected health information (PHI) of patients of 42 healthcare systems in the United States. Elekta notified affected customers in May 2021.


Ransomware Incident at Major Cloud Provider Disrupts Real Estate, Title Industry

Permalink - Posted on 2021-07-20 14:00

A ransomware incident at Cloudstar, a cloud hosting service and managed service provider for several industry sectors, has disrupted the activities of hundreds of companies. Cloudstar, which operates several data centers across the US, is primarily known in the mortgage, title insurance, real estate, legal, finance, and local government sector, where it provides services like virtual desktop hosting, software-as-a-service offerings, and other managed cloud infrastructure, which underpin many companies’ IT infrastructure. On Friday, the Florida-based company announced that it suffered a “highly sophisticated ransomware attack” that forced it to take down the vast majority of its services. With the exception of its encrypted email service, Cloudstar said in a status page today that most of its infrastructure continues to be down three days after the attack.


England: Hundreds of Touchscreen Ticket Machines Are Offline After a Ransomware Attack

Permalink - Posted on 2021-07-20 14:00

An apparent ransomware attack has resulted in hundreds of self-service ticket machines across the network being taken offline across the north of England. Customers who need to use the Northern rail company, which serves towns and cities across northern England, are urged to use the mobile app, website or ticket offices while the ticket machines remain disrupted. The attack comes just two months after 600 Northern-operated touchscreen ticket machines were installed at 420 stations across the region.


Geneva, Ohio Discloses Ransomware Attack

Permalink - Posted on 2021-07-20 14:00

Early Friday morning, July 16, 2021, the City of Geneva discovered an online breach into the city’s website and online data systems. The city is urging citizens to take precautions to monitor accounts in case of any data compromise.On July 18, threat actors calling themselves AVOSLocker listed Geneva on their dedicated leak site.


Lake County Health Department Notifies 25,000 Patients About Two Data Breaches

Permalink - Posted on 2021-07-19 15:00

The Lake County Health Department in Illinois has announced it has suffered two data breaches that potentially involved the personal and protected health information of around 25,000 patients. The first breach occurred in 2019 when a Lake County Health employee sent an unencrypted email from their work email account to an internal employee’s personal email account. The email had an attached spreadsheet of medical record requests dating from December 2016 to June 2019. The requests had been made through a third-party company which handled release of information requests for the Lake County Health Department. The spreadsheet included the names of 24,241 patients along with dates relevant to the vendor. Lake County Health discovered the breach on July 22, 2019; however, it took until July 2021 for notification letters to be sent to affected patients.


Ruthless Attackers Target Florida Condo Collapse Victims

Permalink - Posted on 2021-07-19 15:00

Families mourning the loss of loved ones to the partial collapse of the Champlain Towers South condo building in Surfside, Fla. are now being urged to check the credit of their deceased relatives thanks to a group of heartless hackers targeting victims in a new identity-theft scheme. Apparently, cybercriminals are watching the news and stealing the identities of victims read during the broadcast. Surfside Mayor Charles Burkett told local Florida news station 10 News that law enforcement is working to track down the cybercriminals.


Leak at Covid Testing Company Made It Possible to Fake Results in CoronaCheck App

Permalink - Posted on 2021-07-19 15:00

Due to a major leak at the coronavirus testing company Testcoronanu, it was possible for anyone to create their own Covid vaccination or test certificate, RTL Nieuws reported on Sunday. Additionally, private details from about 60 thousand people who took a coronavirus test at this company had been leaked. The company is affiliated with the testing for travel initiative from the government. The leak made it possible for anyone to easily add a fake negative coronavirus test result or proof of vaccination by adding two code lines. In the database, it was possible to personally enter which kind of test was absolved and what the result was. Afterward, you would automatically receive a travel certificate from Testcoronanu. The site has since been shut down by the Ministry of Health. Not only was it possible to add test and vaccination certificates, but users could also alter the data of others.


Jamaica: Staff, Patients Concerned About Data Breach at University Hospital

Permalink - Posted on 2021-07-19 15:00

Loose network and cybersecurity with the problem-plagued Hospital Information Management System (HIMS) that’s gobbling up millions in cost overruns has exposed to hackers thousands of patient data at the University Hospital of the West Indies (UHWI), a Sunday Gleaner investigation has found.


Ecuador's State-Run CNT Telco Hit by RansomEXX Ransomware

Permalink - Posted on 2021-07-19 15:00

Ecuador's state-run Corporación Nacional de Telecomunicación (CNT) has suffered a ransomware attack that has disrupted business operations, the payment portal, and customer support. While CNT has not officially stated that they suffered a ransomware attack, BleepingComputer has learned that the attack was conducted by a ransomware operation known as RansomEXX.


Half of Organizations Are Ineffective at Countering Phishing and Ransomware Threats

Permalink - Posted on 2021-07-19 15:00

Half of US organizations are not effective at countering phishing and ransomware threats, Osterman Research research reveals. Key takeaways from the report include: 50% rated themselves ineffective overall at tackling phishing and ransomware; 72% consider themselves ineffective at preventing home infrastructure from being a conduit for attacks on corporate networks; Only 37% believed they were highly effective at following 11 or more of the highlighted best practices. The report further split the threat landscape into 17 types of security incident and found 84% of respondents had experienced at least one of these—highlighting the prevalence of phishing and ransomware. Most common were successful: Business email compromise (BEC) attack – 53%; Phishing messages resulting in malware infection – 49%; Account compromise – 47%.


Virginia Tech Says It Was Targeted in 2 Recent Cyber Attacks

Permalink - Posted on 2021-07-19 15:00

Virginia Tech says it was targeted in two recent cyberattacks but feels confident no data was stolen. Virginia Tech spokesman Mark Owczarski told the Roanoke Times Friday a few university units used Kaseya, a U.S. software company exploited in early July in a massive ransomware attack that snarled businesses around the world. Owczarski said the malware the hackers pushed out to Kaseya customers could have exposed student data but the university found no evidence that happened.


Saudi Aramco Data Breach Sees 1 TB Stolen Data for Sale

Permalink - Posted on 2021-07-19 15:00

This month, a threat actor group known as ZeroX is offering 1 TB of proprietary data belonging to Saudi Aramco for sale. ZeroX claims the data was stolen by hacking Aramco's "network and its servers," sometime in 2020. As such, the files in the dump are as recent as 2020, with some dating back to 1993, according to the group.


Ransomware Hits Law Firm Counseling Fortune 500, Global 500 Companies

Permalink - Posted on 2021-07-19 15:00

Campbell Conroy & O'Neil, P.C. (Campbell), a US law firm counseling dozens of Fortune 500 and Global 500 companies, has disclosed a data breach following a February 2021 ransomware attack. Campbell's client list includes high-profile companies from various industry sectors, including automotive, aviation, energy, insurance, pharmaceutical, retail, hospitality, and transportation. Some of its current and past clients include Exxon, Apple, Mercedes Benz, Boeing, Home Depot, British Airways, Dow Chemical, Allianz Insurance, Universal Health Services, Marriott International, Johnson & Johnson, Pfizer, Time Warner, and many others.


Application Security Tools Ineffective Against New and Growing Threats

Permalink - Posted on 2021-07-19 15:00

As organizations around the world are faced with the task to digitally transform, many of the traditional tools and services no longer support the modern needs and architectures of the digitized world. While the increased need for flexibility, agility, and speed continues to drive the evolution of application development and increased deployment of microservice-based architectures, many organizations have not updated their security tooling and continue to rely on traditional web application and API security tools to protect their business.


30,000 Florida Blue Members Impacted by Brute Force Attack on Member Portal

Permalink - Posted on 2021-07-16 15:00

The protected health information of up to 30,063 members of Florida Blue (Blue Cross and Blue Shield of Florida) may have been viewed or obtained in a brute force attack on the Florida Blue online member portal. Starting on June 8, 2021, unknown individuals conducted a brute force campaign using a large database of user identifiers and corresponding passwords that was available from online sources in an attempt to gain access to the portal. The database appears to have been compiled from data breaches at third party companies where username and password combinations had been compromised. Florida Blue reports that some of those automated attempts were successful and the attacker gained access to information contained in online member accounts. This information typically included names, contact information, claims information, payment information, health insurance policy information, and other personal information.


An Insurtech Startup Exposed Thousands of Sensitive Insurance Applications

Permalink - Posted on 2021-07-16 15:00

A security lapse at insurance technology startup BackNine exposed hundreds of thousands of insurance applications after one of its cloud servers was left unprotected on the internet. BackNine might be a company you’re not familiar with, but it might have processed your personal information if you applied for insurance in the past few years. The California-based company builds back-office software to help bigger insurance carriers sell and maintain life and disability insurance policies. It also offers a white-labeled quote web form for smaller or independent financial planners who sell insurance plans through their own websites. But one of the company’s storage servers, hosted on Amazon’s cloud, was misconfigured to allow anyone access to the 711,000 files inside, including completed insurance applications that contain highly sensitive personal and medical information on the applicant and their family. It also contained images of individuals’ signatures as well as other internal BackNine files. Of the documents reviewed, TechCrunch found contact information, like full names, addresses and phone numbers, but also Social Security numbers, medical diagnoses, medications taken and detailed completed questionnaires about an applicant’s health, past and present. Other files included lab and test results, such as blood work and electrocardiograms. Some applications also contained driver’s license numbers. The exposed documents date back to 2015, and as recently as this month.


Texas: Thousands of Employees and Dependents of Whitehouse ISD Victims of Data Dump

Permalink - Posted on 2021-07-16 15:00

School districts continue to be low-hanging fruit for threat actors. While Grief threat actors hacked and then dumped data from Clover Park School District in Washington, Booneville School District in Mississippi, and Lancaster ISD in Texas, Vice Society hacked and then dumped data from Whitehouse ISD, also in Texas. On June 28, DataBreaches.net emailed Whitehouse ISD to ask about Vice’s claimed hack. The threat actors had not uploaded any proof of claims at that point, and Whitehouse did not respond at all to this site’s inquiries. On July 8, however, the district issued a statement on their web site.


D-Box Technologies Hit by Ransomware That Affected Most of Its Systems

Permalink - Posted on 2021-07-16 15:00

D-BOX announces that the Corporation was subject to a ransomware cyberattack on its information technology systems. The malware used to perform the attack encrypted electronic data stored on the Corporation’s network so it cannot be read or used. The attack took place after the close of business on July 12, 2021 and was detected on the same day, with steps immediately taken to contain and mitigate any potential impact to the Corporation’s data and operations and start the recovery process. D-BOX is still investigating the extent of the attack, but it is anticipated, as the attack affected most of its systems, that D-BOX’s business operations will be adversely affected for several days and potentially longer depending how quickly the Corporation may recover its data and make full use of its systems.


France: Ransomware Attack on Spa Is Anything But Relaxing

Permalink - Posted on 2021-07-16 15:00

On July 9, the Royatonic spa in France suffered a ransomware attack. A notice on their web site informs people that as of July 12, the spa had to close because a cyberattack blocked access to their server and paralyzed all their activity.


Bank Account Details Stolen in Major Insurance Hack in South Africa

Permalink - Posted on 2021-07-16 15:00

An attack on debit order collection company Qsure has impacted several South African insurers who use its services, including Hollard and Guardrisk. Australian security researcher Troy Hunt recently posted a notice from Ooba to its clients saying that although they do not yet know if any Guardrisk and Ooba clients were affected, they decided to send out cautionary notifications. Qsure informed Guardrisk on 20 June that it had suffered a “data incident” and that an unauthorised third party accessed policyholder information. Hollard spokesperson Warwick Bloom told MyBroadband that they received a notice from Qsure on 17 June confirming a data breach. The breach affected short-term insurance customers whose debit orders are processed via brokers who use or have used the Qsure service, dating back to 2014. Bloom said that Qsure advised them that the information stored on the compromised database consisted of account holder names, bank account numbers, and branch details.


Recent Attacks Lead to Renewed Calls for Banning Ransom Payments

Permalink - Posted on 2021-07-16 15:00

Major ransomware attacks that have disrupted businesses and caused supply chain ripples in the US economy have led to renewed calls for making it illegal to pay a ransom to cybercriminals. The switch to defunding the ransomware groups would not come without pain, Critical Insight's Hamilton says. "In order for a change like this to work, the federal government would necessarily need to provide financial support to rebuild networks and help victims get back to operational capacity," he says. "Unfortunately, this means some will lose data."


Australian Organisations Are Quietly Paying Hackers Millions in a Tsunami of Cyber Crime

Permalink - Posted on 2021-07-16 15:00

It's an open secret within the tight-lipped world of cybersecurity. For years, Australian organisations have been quietly paying millions in ransoms to hackers who have stolen or encrypted their data. This money has gone to criminal organisations and encouraged further attacks, creating a vicious cycle. Now experts say Australia and the rest of the world is facing a "tsunami of cyber crime". There has been a 60 per cent increase in ransomware attacks against Australian entities in the past year, according to the government's cyber security agency, the ACSC. Just in the past six months alone, the frequency of attacks and the size of ransoms being demanded has increased significantly, said Michael Sentonas, chief technology officer of Crowdstrike, one of the largest cybersecurity companies in the world. But this message is not being heard by Australian organisations, many of which remain complacent about the threat, he said.


IoT Attacks Increased 700% in Just Over Two Years

Permalink - Posted on 2021-07-16 15:00

A new study by cybersecurity company Zscaler reveales a disturbing fact, namely a 700% rise of cyberattacks on IoT devices. During two weeks in December 2020, security professionals examined the traffic to determine how much of it was malicious and what it accomplished.


Cyber Training Mostly Unsuccessful in Preventing Phishing

Permalink - Posted on 2021-07-16 15:00

Traditional cyber defences are apparently not enough to prevent cyberattacks such as phishing, with 54% of all victims having anti-phishing training and 49% having perimeter defences in place at the time of attack, a global study by cloud storage firm Cloudian revealed. The study called for organisations to place greater attention on putting systems in place that enable quick data recovery in the event of an attack, without paying ransom. According to Cloudian, many organisations spend large portions of their cybersecurity budget on defensive measures such as anti-malware software and anti-phishing training for employees. However, ransomware attacks have become increasingly sophisticated, enabling cybercriminals to penetrate the defences. The study found that phishing is among the top modes of entry for ransomware, with 24% of attacks initiated this way. Public cloud was the most common point of entry with 31% of respondents being attacked this way. More than half (55%) of respondents chose to pay ransom, with an average payment of US$223,000, and 14% paying over US$500,000. Additional costs stemming from attacks averaged at US$183,000. Cyber insurance covered only roughly 60% of total ransomware costs, presumably reflecting deductibles and coverage caps. Despite paying ransom, only 57% of respondents got all their data back.


India: 2000% Increase in Cyber Security Breaches During Pandemic

Permalink - Posted on 2021-07-16 15:00

The Covid-19 pandemic and rising digitisation has led to a surge in cybercrimes. India saw the number of breaches increased by 2,000 per cent during the pandemic, said experts at Pursuit 2021 -- an event on cybersecurity organised by Internet and Mobile Association of India. There has been a rise in targeted attacks, during the pandemic and "cyberwar has started", said Gulshan Rai, India's first Cybersecurity Coordinator and Distinguished Fellow, ORF. Although 90 per cent of attacks are traditional attacks, which include phishing, malware, etc, however, the key concern is the rise in the number of targeted attacks (which accounts for 9 per cent currently). Solar winds, Wannacry, are some examples of targeted attacks which are detrimental for any organisation and nation.


Ireland: Cancer Patient to Sue Cork's Mercy Hospital Over Cyber Hack

Permalink - Posted on 2021-07-15 15:00

One of the first legal cases over the release of sensitive medical information on the dark web as part of the HSE cyber hack has been lodged at Cork Circuit Court. The case was lodged on Monday against Mercy University Hospital (MUH) by a Cork solicitor acting on behalf of a middle-aged family man who received treatment there for cancer. Glanmire-based solicitor Micheál O'Dowd said some, but not all, information relating to the man's medical files had been put up on the dark web and he had other clients in a similar situation for whom he expects to lodge legal proceedings as well. All of the cases relate to people getting cancer treatment.


Cyber Attack on Florida Heart Associates Potentially Affects 45,000 Patients

Permalink - Posted on 2021-07-15 15:00

Florida Heart Associates is notifying 45,148 patients about a recent security breach in which their personal and protected health information may have been compromised. The security breach was detected on or around May 19, 2021, when unusual activity was spotted within certain networked computers.


Dermatology Clinic Chain Breach Affects 2.4 Million

Permalink - Posted on 2021-07-15 15:00

Forefront Dermatology S.C, a Wisconsin-based dermatology practice with affiliated offices in 21 states plus Washington, D.C., is notifying 2.4 million patients, employees and clinicians of a recent hacking incident. The incident apparently involved a ransomware strain known as "Cuba." The incident is the third-largest breach added to the Department of Health and Human Services' HIPAA Breach Reporting Tool website so far this year.


PHI of Over 200,000 Individuals Potentially Compromised in ClearBalance Phishing Attack

Permalink - Posted on 2021-07-14 15:00

San Diego, CA-based ClearBalance, a loan provider that helps patients spread the cost of their hospital bills, was the victim of a phishing attack on March 8, 2021 and employees were tricked into disclosing their login credentials. A review of the contents of the email accounts revealed they contained the following data elements: Names, tax IDs, Social Security numbers, dates of birth, government-issued ID numbers, telephone numbers, healthcare account numbers, balance amounts, dates of service, ClearBalance loan numbers and balances, personal banking information, clinical information, health insurance information, and full-face photographic images. The types of data in the accounts varied from individual to individual.


Personal Data Compromises Up 38%

Permalink - Posted on 2021-07-14 15:00

ybersecurity has been a prime topic of conversation following a string of attacks on critical U.S. infrastructure including the Colonial Pipeline attack, JBS Foods ransomware incident and others. On Wednesday, Atlas VPN released a report using Identity Theft Resource Center (ITRC) data, outlining personal data breaches for the first half of 2021. One of the listed infographics parses out data by the total number of data compromises and affected individuals for the first half of this year. Overall, June saw the highest number of breaches with 203, followed by April (151), March (144) and May (137). In order, February and January rounded out the top six with 111 and 100 compromises, respectively. Interestingly, the number of compromises does not always directly correlate with the number of individuals affected. For example, February topped the list for the first half of 2021 with 35,313,405 people impacted followed by April (25,443,298) and March (23,309,513). In order, May (20,657,152), January (7,214,985) and June (6,750,974) round out the top six months in terms of most people affected.


94% of Organizations Have Suffered Insider Data Breaches

Permalink - Posted on 2021-07-14 15:00

Egress’ Insider Data Breach Survey 2021 has revealed that an overwhelming 94% of organisations have experienced insider data breaches in the last year. Human error was the top cause of serious incidents, according to 84% of IT leaders surveyed. However, IT leaders are more concerned about malicious insiders, with 28% indicating that intentionally malicious behaviour is their biggest fear. Despite causing the most incidents, human error came bottom of the list, with just over one-fifth (21%) saying that it’s their biggest concern. Additionally, almost three-quarters (74%) of organisations have been breached because of employees breaking security rules, and 73% have been the victim of phishing attacks.


West Virginia: Morgan County Schools' Computers Hit by Ransomware Attack

Permalink - Posted on 2021-07-14 15:00

Morgan County Schools was one of many victims of a massive Fourth of July weekend ransomware attack that struck businesses and agencies nationally and around the globe. School Superintendent Kristen Tuttle said at a July 6 school board meeting that the hack occurred on Friday, July 2 and was contained to some of their office computers. Some individual machines were infected and some files were locked from the attack. The group behind the hack wants school officials to pay money for the files to be released.


Only Half of Organizations Can "Effectively" Defend Against Attacks

Permalink - Posted on 2021-07-14 15:00

Around half of firms don't have the technology to prevent or detect ransomware attacks, according to research by cybersecurity company Trend Micro. It suggests that many organisations don't have the cybersecurity capabilities required to prevent ransomware attacks, such as the ability to detect phishing emails, remote desktop protocol (RDP) compromise or other common techniques deployed by cyber attackers during ransomware campaigns.


Cyber Attacks Drive 185% Spike in Health Sector Data Breaches in 2021

Permalink - Posted on 2021-07-14 15:00

More than 22.8 million patients have been impacted by a health care data breach so far in 2021, a whopping 185% increase from the same time period last year where just 7.9 million individuals were affected according to a new report from Fortified Health Security. Malicious cyberattacks caused the majority of these security incidents, accounting for 73% of all breaches. Unauthorized access or disclosure accounted for another 22%, and the remaining 5% were caused by smaller thefts, losses, or improper disposals. Further, the number of breaches reported to the Department of Health and Human Services during the first six months of 2021 increased by 27% year-over-year. Health care providers accounted for the most breaches with 73% of the overall tally, compared to health plans with 16% and business associates that accounted for 11%.


Supply Chain Ransomware Breach Affects 1.2 Million

Permalink - Posted on 2021-07-14 15:00

Practicefirst, an Amherst, New York-based medical management services provider, on July 1 reported to federal regulators a breach that occurred late last year. The company's breach notification statement appears to indicate that the firm paid a ransom in exchange for promises that the attackers would destroy and not further disclose files stolen in the incident.


1 in 5 Companies Fail PCI Compliance Assessments of Their Infrastructure

Permalink - Posted on 2021-07-13 16:00

According to a recent poll by SentryBay, the infrastructure of over 21% of surveyed companies has failed key PCI compliance assessments, designed to assist them to maintain high security standards when processing customer card payments. In addition, a further 29.3% said that they had no confidence in their own company’s compliance when it came to PCI DSS.


Millennia Group Notifying People of 2019 Email Breach

Permalink - Posted on 2021-07-13 16:00

Ohio-headquartered The Millennia Companies are involved in housing management. On some date that this site does not yet know, they learned that there had been unauthorized access to some employee email accounts between October 21, 2019 and December 18, 2019.


T-Shirt Maker Spreadshop Hacked in Data Breach

Permalink - Posted on 2021-07-13 16:00

Clients of Spreadshirt, Spreadshop, and TeamShirts have been warned of a data breach which has seen the details of customers, partners, and employees fall into the lap of cybercriminals. News of the breach first emerged on Thursday when customers were warned by email of a “security incident” involving an “unauthorised third party.” At the time, the print-on-demand T-shirt company said it was investigating what data might have been affected.


Maine: York Animal Hospital Hit by Ransomware, Lost All Patient Records for Past Four Years

Permalink - Posted on 2021-07-13 16:00

The owners discovered the attack Tuesday, July 6, prompting the hospital to close early on Friday, so the team could work on rebuilding the company's database. The team posted progress updates on Facebook throughout the ordeal, thanking clients for their patience. The practice's computers locked up, and the screen on one carried a ransom note demanding $80,000 in Bitcoin for files to be restored.


ClearBalance Notifying More Than 209,000 Patients Who Have Medical Expense Loans

Permalink - Posted on 2021-07-13 16:00

A recent filing with the Maine Attorney General’s Office reveals that beginning on March 8, there was unauthorized access to some employee email accounts. The access was not detected until April 26, when ClearBalance detected and thwarted an attempted wire transfer of funds. Subsequent investigation revealed that the email accounts compromised also contained personal information related to certain loan accounts.


Parts of Kazakhstan E-Gov Portal Infected with Razy Malware

Permalink - Posted on 2021-07-13 16:00

Razy malware has been around for a number of years now, and is still causing trouble. A Windows-based malware, one of the reasons that the malware has continued to be effective is that it can appear to be free software or a file on what would normally be a trusted site by the public, such as a government site. That recently happened to the Kazakhstan e-government portal.


Canberra Proposes IoT Ratings and Mandatory Cyber Standards for Big Business

Permalink - Posted on 2021-07-13 16:00

In a bid to "further protect the economy from cybersecurity threats", the government is proposing either a voluntary or mandatory set of governance standards for larger businesses that would "describe the responsibilities and provide support to boards". While the crux of both options is similar, the mandatory code would require the entities covered to achieve compliance within a specific timeframe. A mandatory code would also see enforcement applied. A voluntary option would not require specific technical controls to be implemented and would rather be treated as a suggestion. The government would prefer the code be voluntary, however, saying "on balance, a mandatory standard may be too costly and onerous given the current state of cybersecurity governance, and in the midst of an economic recovery, compared to the benefits it would provide". It also flagged there was no existing regulator with the relevant skills, expertise, and resources to develop and administer a mandatory standard. Small businesses, meanwhile, have had a "cyber health check" function suggested.


SolarWinds Confirms New Zero-Day Flaw Under Attack

Permalink - Posted on 2021-07-12 15:00

Security responders at SolarWinds are scrambling to contain a new zero-day vulnerability being actively exploited in what is being described as “limited, targeted attacks.” In an advisory issued over the weekend, SolarWinds said a single threat actor exploited security flaws in its Serv-U Managed File Transfer and Serv-U Secure FTP products to launch malware attacks against “a limited, targeted set of customers.” This zero-day is new and completely unrelated to the SUNBURST supply chain attacks, the company said. The embattled company said the attacks were discovered by threat hunters at Microsoft who noticed live, in-the-wild attacks hitting a remote code execution flaw in the SolarWinds Serv-U product.


HHS Warns Entities; Patients File Potential Class Action Lawsuit Over PACS Breach

Permalink - Posted on 2021-07-12 15:00

HHS recently issued an alert about a known vulnerability allowing access to some picture archiving communications systems (PACS). The vulnerability had been reported two years ago, and again months later, and there had been updated alerts since then. HHS is advising entities to address this as a priority now if they have not done so already.


Health Insurers Facing Growing Risk of Customer Data Theft

Permalink - Posted on 2021-07-12 15:00

Health insurers and related third parties that fail to inventory and protect sensitive customer information face increased financial, reputational, operational and regulatory risks from cyberattacks, Fitch Ratings says. Insurance claims related to ransomware attacks have risen significantly, prompting carriers to raise premiums and change terms and conditions, including increasing deductibles and providing lower coverage. Price increases for cyber coverage have accelerated over the past two years. The Council of Insurance Agents & Brokers recently indicated that renewal pricing on cyber coverage increased by an average of 18% in first-quarter 2021. All of these costs increase the administrative burden on health insurers and raises premium rates for healthcare consumers.


Mint Mobile Hit by a Data Breach After Numbers Ported, Data Accessed

Permalink - Posted on 2021-07-12 15:00

Mint Mobile has disclosed a data breach after an unauthorized person gained access to subscribers' account information and ported phone numbers to another carrier. In addition to the ported number, Mint Mobile disclosed that an unauthorized person also potentially accessed subscribers' personal information, including call history, names, addresses, emails, and passwords.


North Carolina: Cyber Attack at Bank of Oak Ridge, Customer Data Exposed

Permalink - Posted on 2021-07-12 15:00

Bank of Oak Ridge, a community bank in Piedmont-Triad, said an "unauthorized actor" accessed banking customer data in late April, leading the bank to notify federal authorities and launch an investigation. A spokesperson with Bank of Oak Ridge told WFMY News 2 that the data breach occurred between April 26-27, 2021.


84% of Organizations Experienced Phishing & Ransomware Type Threats in the Past 12 Months

Permalink - Posted on 2021-07-12 15:00

Trend Micro Incorporated, a global cybersecurity leader, published new research revealing that half of US organizations are not effective at countering phishing and ransomware threats. The study asked respondents to rate their effectiveness in 17 key best practice areas related to ransomware and phishing, ranging from protecting endpoints from malware infection to ensuring prompt patching of all systems. Key takeaways from the report include: 50% rated themselves ineffective overall at tackling phishing and ransomware; 72% consider themselves ineffective at preventing home infrastructure from being a conduit for attacks on corporate networks.


Fashion retailer Guess Discloses Data Breach After Ransomware Attack

Permalink - Posted on 2021-07-12 15:00

The fashion retailer identified the addresses of all impacted individuals after completing a full review of the documents stored on breached systems on June 3, 2021. Guess began mailing breach notification letters to affected customers on June 9, offering complimentary identity theft protection services and one year of free credit monitoring through Experian to all impacted individuals. According to the breach notifications mailed on Friday, information exposed in the attack includes personal and financial data.


Kroger Proposes $5 Million Settlement to Resolve Data Breach Lawsuits

Permalink - Posted on 2021-07-09 17:00

The pharmacy and supermarket chain Kroger has proposed a $5 million settlement to resolve lawsuits filed by victims of data breach that exposed their personal and protected health information. Kroger was one of many victims of a cyberattack on Accellion’s File Transfer Appliance (FTA) in December 2020. The Accellion FTA is a legacy solution used to transfer files too large to be sent via email. Hackers exploited several zero-day vulnerabilities in the solution and gained access to the data of more than 100 companies. While ransomware was not used, the attack was linked to the Clop ransomware gang which threatened to publish the exfiltrated data. Individual companies were sent demands for payment to prevent the exposure of their stolen data.


Coastal Family Health Center Cyber Attack Affects 62,000 Patients

Permalink - Posted on 2021-07-09 17:00

Coastal Family Health Center (CFHC), the fourth largest community health center in Mississippi, has started notifying patients about a May 13, 2021 cyberattack that involved some of their protected health information. CFHC said hackers attempted to shut down its computer operations; however, that attempt failed and CFHC was able to continue treating patients and providing services to the community. An investigation was immediately launched into the incident to determine how the attack occurred and whether any sensitive patient information was accessed by the hackers. On June 4, 2021 the investigation revealed some files accessed by the attackers contained the protected health information of patients, including names, addresses, Social Security numbers, health insurance information, and health and treatment information.


Britian: ICO Fines Transgender Charity for Data Protection Breach Exposing Sensitive Data

Permalink - Posted on 2021-07-09 17:00

The Information Commissioner’s Office (ICO) has fined transgender charity Mermaids £25,000 for failing to keep the personal data of its users secure. The ICO’s investigation began after it received a data breach report from the charity in relation to an internal email group it set up and used from August 2016 until July 2017 when it was decommissioned. The charity only became aware of the breach in June 2019. The ICO found that the group was created with insufficiently secure settings, leading to approximately 780 pages of confidential emails to be viewable online for nearly three years. This led to personal information, such as names and email addresses, of 550 people being searchable online. The personal data of 24 of those people was sensitive as it revealed how the person was coping and feeling, with a further 15 classified as special category data as mental and physical health and sexual orientation were exposed.


Colorado Becomes Latest State to Pass Data Privacy Laww

Permalink - Posted on 2021-07-09 17:00

Colorado has joined California and Virginia in passing a comprehensive data privacy law that forces companies to make wholesale changes to how they handle people's sensitive information online. The Colorado Privacy Act, which was signed into law on July 7 by Governor Jared Polis, gives consumers the right to ask companies not to sell their personal information while also giving them access to any data companies have about them. Consumers can also ask companies to delete their data, and the law forces enterprises to ask for consent to hold certain sensitive information like Social Security Numbers, drivers license numbers and more. While some states have passed narrower laws focused on specific data collection and sale practices, Colorado is considered among experts to be the third state after California and Virginia to pass a commercial privacy law.


N.Y. Dept. of Financial Services Announces a $1.8 Million Settlement with Two Insurers for Data Breaches

Permalink - Posted on 2021-07-09 17:00

The New York Department of Financial Services (“NYDFS”) recently announced that it has entered into a Consent Order with two affiliated life insurers for alleged violations of New York’s Cybersecurity Regulation (the “NY Cybersecurity Regulation”). The NYDFS conducted an investigation and determined that the two life insurers (the “Companies”) had been the subject of two phishing attacks in 2018 and 2019, which compromised the email accounts of several of the Companies’ employees, with access to a significant amount of sensitive and personal data of their customers. The NYDFS indicated that its investigation revealed the Companies allegedly violated the NY Cybersecurity Regulation by failing to implement Multi-Factor Authentication (“MFA”) without implementing reasonably equivalent or more secure access controls approved in writing by the Companies. Additionally, the NYDFS alleged the Companies falsely certified compliance with the NY Cybersecurity Regulation in 2018 because MFA was not fully implemented. The NYDFS also alleged that the two data breaches resulted in the exposure of numerous non-public personal data belonging to the Companies’ customers.


File Security Violations Within Organizations Have Spiked 134% as the World Reopened for Business

Permalink - Posted on 2021-07-09 17:00

BetterCloud surveyed more than 500 IT and security professionals—and examined internal data from thousands of organizations and users—to understand their top challenges, priorities, and the magnitude of data loss and sensitive information leaks.


Maryland Town Knocked Offline as Part of Massive Ransomware Attack

Permalink - Posted on 2021-07-09 15:00

A Maryland town was taken offline last week during the massive ransomware attack on through Miami-based technology firm Kaseya. Leonardtown had been informed by JustTech that the ransomware gang REvil was demanding $45,000 per computer, but the town's government never seriously considered paying. They are instead proceeding to attempt to get back online through computer backups.


Insurance Giant CNA Reports Data Breach After Ransomware Attack

Permalink - Posted on 2021-07-09 15:00

CNA Financial Corporation, a leading US-based insurance company, is notifying customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March. The data breach reported by CNA affected 75,349 individuals, according to breach information filed with the office of Maine's Attorney General. After reviewing the files stolen during the attack, CNA discovered that they contained customers' personal information such as names and Social Security numbers.


Consumers Trust Organizations Less After Receiving Scam Messages Claiming to Represent Them

Permalink - Posted on 2021-07-08 16:00

Callsign revealed that the rise of scams is harming organizations’ reputations across the world. The global study of consumers revealed that just receiving a scam message purporting to be from any brand is enough for 45% of them to lose trust in the organization regardless of any real association with the message. The survey is a reminder that consumers have a choice. 21% of consumers who have been a victim of fraud they have stopped using the company whose name the fraudster used to execute the scam. In comparison consumers are less likely to leave the channel the scam is executed through (only 13% would leave their network provider) demonstrating that regardless of the scam method, it’s the brand being mimicked that suffers. SMS appears to be the weakest link with only 5% of consumers thinking it is a safe channel to communicate with their bank or retailer, and the channel has seen a 55% decrease in trust from those surveyed just because they have received a scam text message.


Ransomware as a Service: Negotiators Are Now in High Demand

Permalink - Posted on 2021-07-08 15:00

The Ransomware-as-a-Service (RaaS) ecosystem is evolving into something akin to a corporate structure, researchers say, with new openings available for "negotiators" -- a role focused on extorting victims to pay a ransom. On Thursday, KELA threat intelligence analyst Victoria Kivilevich published the results of a study in RaaS trends, saying that one-man-band operations have almost "completely dissolved" due to the lucrative nature of the criminal ransomware business. The potential financial gains squeezed from companies desperate to unlock their systems have given rise to specialists in cybercrime and extortion and have also led to a high demand for individuals to take over the negotiation part of an attack chain.


China Passes the Data Security Law

Permalink - Posted on 2021-07-08 15:00

On June 10, 2021, almost exactly three years after the passing of its Cybersecurity Law (CSL), the National People’s Congress of China passed a new Data Security Law (DSL) (click here for an unofficial English translation of the DSL), which goes into effect September 1, 2021. Where the CSL is primarily focused on cybersecurity for Critical Information Infrastructure (CII) operators and network operators, the DSL was promulgated in order to regulate data processing activities, promote data security, protect the lawful rights and interest of individuals and organizations, and safeguard national sovereignty, security, and development interests. (Article 1). The scope of the DSL is quite broad, and without clarifying regulations or guidance, the law lacks significant detail on how companies should comply, leaving many open questions in advance of the September 2021 effective date. While it is expected that the relevant authorities in China will issue guidance and formulate certain corresponding regulations, it is clear that given the sweeping scope and broad territorial reach of the DSL, the DSL may have far-reaching implications for many companies.


Spanish Royal Family, Madrid Residents Have Vaccine Information Accessed in Breach

Permalink - Posted on 2021-07-08 15:00

Their vaccination data such as when and when they received their jab and which shot they were given could also be accessed. Thousands of people have reportedly been affected by the glitch. The security failure has mainly affected people living in Madrid.


Norwegian DPA: Moss Municipal Council Fined for Failing to Protect Systems

Permalink - Posted on 2021-07-08 15:00

The Norwegian Data Protection Authority has imposed a EUR 50,000 (NOK 500,000) fine on Moss Municipal Council for failing to adequately protect personal data. The error has been corrected and the case closed.


Cyber Attacks Continue to Interfere with Vaccination Efforts and Municipal Governments

Permalink - Posted on 2021-07-08 15:00

Like many countries, Georgia has been dealing with a significant increase in number of new COVID cases after previously lifting some restrictions. On July 2, the country received one million doses of the Sinopharm and Sinovac vaccines from China. A reservation window was opened for people to register to get the vaccine, but on Saturday (July 3), the registration portal at booking.moh.gov.ge was hacked, disrupting the sign-up process for the day. The municipality of Oradea, Romania issued a statement on July 5 about an attack. In the “Counter Room” (Pyramid) on the first floor of the municipal hall, no functions could be performed other than collecting taxes and duties.


Federal Judge Allows Blackbaud Consolidated Class Action Data Breach Lawsuit to Proceed

Permalink - Posted on 2021-07-08 15:00

Plaintiffs in a class action lawsuit against Blackbaud sufficiently demonstrated they have standing, and the lawsuit has survived Blackbaud’s motion to dismiss. Blackbaud is a publicly traded cloud software company with headquarters in Charleston, SC. Blackbaud provides data collection and maintenance solutions for administration, fundraising, marketing, and analytics to entities such as non-profit organizations, foundations, educational institutions, and healthcare organizations. In the course of providing its services, the company collects and stores personally identifiable information (PII) and Protected Health Information (PHI) from its customers’ donors, patients, students, and congregants. From February 7, 2020 to May 20, 2020, cybercriminals gained access to Blackbaud’s systems, exfiltrated data, and then used ransomware to encrypt files on Blackbaud’s systems. A ransom demand was then issued by the attackers and the attackers claimed they would provide the keys to decrypt data on Blackbaud’s systems and permanently delete the data they had exfiltrated if the ransom was paid. Blackbaud decided to pay the ransom and received assurances that the stolen files had been deleted. Following the attack, more than two dozen class action lawsuits were filed against Blackbaud. In December, the Judicial Panel on Multidistrict Litigation combined the lawsuits and, as of Thursday 1, 2021, there were 28 class action lawsuits combined in the Multidistrict Litigation with 34 named plaintiffs from 20 states. The plaintiffs assert six claims on behalf of a putative nationwide class and ninety-one statutory claims on behalf of putative state subclasses. The six types of injury the plaintiffs assert are identity theft or fraud, increased risk of identity theft in the future, time and money spent to mitigate the risk of harm, emotional distress, diminished value of data, and invasion of privacy.


Morgan Stanley Reports Data Breach After Vendor Accellion Hack

Permalink - Posted on 2021-07-08 15:00

Investment banking firm Morgan Stanley has reported a data breach after attackers stole personal information belonging to its customers by hacking into the Accellion FTA server of a third-party vendor. Guidehouse, a third-party vendor that provides account maintenance services to Morgan Stanley's StockPlan Connect business, notified the investment banking company in May 2021 that attackers hacked its Accellion FTA server to steal information belonging to Morgan Stanley stock plan participants. The Guidehouse server was breached by exploiting an Accellion FTA vulnerability in January before the vendor patched it within five days of the fix becoming available.


Pentagon Office Left Military Equipment Designs Open to Hackers, Watchdog Finds

Permalink - Posted on 2021-07-08 15:00

The office in charge of the U.S. military’s 3D printing left designs for defense technology vulnerable to theft by hackers and adversaries, according to a watchdog report made public on Wednesday. The report found that officials were unaware that the systems connected to local networks and the internet. Because the systems were miscategorized, the office failed to conduct a risk assessment required by the department altogether. Officials also failed to monitor removable media entering the systems.


Singapore Sees Spikes in Ransomware, Botnet Attacks

Permalink - Posted on 2021-07-08 15:00

Number of reported ransomware attacks climbed 154% last year, while malicious C&C servers and botnet drones increased 94% in the city-state, where cybercrime cases account for almost half of total crimes.


Online Brands Prioritizing Speed Over Security

Permalink - Posted on 2021-07-07 16:00

Consumers around the world fear that businesses are now compromising online security in their efforts to deliver seamless digital experiences. According to a research released by Trulioo, 71% of respondents living in China, the UK and the U.S. feel that online brands are now prioritizing speed over security.


Marsh McLennan Reveals April Data Breach

Permalink - Posted on 2021-07-07 16:00

Marsh & McLennan Cos. Inc. was hit by a data breach in April involving access to Social Security numbers and other personal information of staff, former staff, clients and a range of other people linked to the brokerage. The company sent a breach notification dated June 30, which was obtained by Business Insurance, stating that it discovered the breach on April 26 and that an “unauthorized actor had leveraged a vulnerability in a third party’s software since at least April 22.” In a statement, a Marsh McLennan spokeswoman said: “In late April, we detected unauthorized access to a limited set of data in our environment. At no point was there any disruption in our operations. We promptly investigated and remediated the issue and are in the process of notifying impacted individuals.” She declined to comment further on the data breach. The breach is one of several cyberattacks on high-profile insurance industry companies over the past year. Last September, brokerage Arthur J. Gallagher & Co. was hit by a ransomware attack and in March insurer CNA Financial Corp. was hit by a ransomware attack, which it reportedly paid $40 million to resolve.


UW Health Discovers 4-Month Breach of Its MyChart Portal

Permalink - Posted on 2021-07-07 16:00

University of Wisconsin Hospitals and Clinics Authority has reported a breach of its Epic MyChart portal which has affected 4,318 UW Health patients. Unusual activity was detected in the portal and an investigation was launched on April 20, 2021, to determine the nature and extent of the breach. The investigation ran until May 4, 2021, and determined unauthorized individuals had access to the portal for a period of around 4 months, with dates of access ranging from December 27, 2020 to April 13, 2021.


Ransomware Attacks Reported by 5 HIPAA Covered Entities and Business Associates

Permalink - Posted on 2021-07-07 16:00

Professional Business Systems, Inc. operating as Practicefirst Medical Management Solutions and PBS Medcode Corp, a provider of medical management services involving data processing for healthcare providers, has suffered a ransomware attack in which files containing patient information were obtained by the attackers. The ransomware attack was identified on December 30, 2020, and its systems were promptly shut down in an effort to contain the attack. Third-party cybersecurity experts were engaged to investigate the incident and law enforcement was notified. Practicefirst has not confirmed whether the ransom was paid but did say it received assurances from the attacker that the files copied from its systems have been destroyed and were not further disclosed.


Data Breach at Third-Party Provider Exposes Medical Information of U.S. Healthcare Patients

Permalink - Posted on 2021-07-07 16:00

A data breach at a third-party provider has potentially exposed the private medical information of patients at Northwestern Memorial HealthCare (NMHC) providers. Unknown actors gained unauthorized access to a database owned by Elekta, which provides a cloud-based platform that handles legally-required cancer reporting to the State of Illinois. In a security advisory, the healthcare provider, based in Chicago, said that the attackers made a copy of the datasets, which include patient names, dates of birth, Social Security numbers, health insurance information, and medical record numbers. The database also contained clinical information related to cancer treatment, including medical histories, physician names, dates of service, treatment plans, diagnoses, and/or prescription information.


Swedish Supermarket Closed by Kaseya Cyber Attack

Permalink - Posted on 2021-07-06 16:00

Most of one of Sweden's leading supermarket chains' 800 shops remained closed on Monday, three days after they were indirectly affected by the cyberattack targeting US company Kaseya.


PHI of Veterans with PTSD Potentially Compromised in OSU Data Breach

Permalink - Posted on 2021-07-06 16:00

n Ohio State University’s (OSU) pilot program to help veterans recover from Post Traumatic Stress Disorder (PTSD) and other mental health issues was breached and the personal information of patients has been compromised, according to a recent NBC4 Investigates Report. The (OSU) Veterans Neuromodulation Operation Wellness (NOW) pilot program was shut down permanently on June 15, 2021, but prior to the closure, a data breach occurred. OSU explained in its notification letters to affected individuals that the breach was detected on April 24, 2021, and occurred between January 25, 2021, and March 4, 2021.


BJC HealthCare Email Data Breach Lawsuit Survives Motions to Dismiss

Permalink - Posted on 2021-07-06 16:00

A class action lawsuit filed by two former patients against BJC HealthCare over a March 2020 email data breach has survived two motions to dismiss. Leaha Sweet and Bradley Dean Taylor took legal action against St. Louis-based BJC HealthCare in September 2020 after being notified that their protected health information had potentially been compromised in a data breach.


Western Digital Users Face Another RCE

Permalink - Posted on 2021-07-06 16:00

As if things weren’t bad enough for the untold number of Western Digital customers whose data blinked out of existence last month, there’s another zero-day waiting for whoever can’t or won’t upgrade its My Cloud storage devices. The latest zero-day entails an attack chain that allows an unauthenticated intruder to execute code as root and install a permanent backdoor on the vendor’s network-attached storage (NAS) devices. It’s found in all Western Digital NAS devices running the old, no-longer-supported My Cloud 3 operating system: an OS that the researchers said is “in limbo,” given that Western Digital recently stopped supporting it.


Rural Alabama Electric Cooperative Hit by Ransomware Attack

Permalink - Posted on 2021-07-06 15:00

A utility that provides power in rural southeastern Alabama said it was hit by a ransomware attack that means customers temporarily can’t access their account information. Wiregrass Electric Cooperative, which serves about 22,000 members, said no data was compromised in the attack. But member account information and payment systems were taken offline for maintenance and as a precaution, it said in a statement.


Healthcare Ransomware Attack Targets Practice Management Vendor

Permalink - Posted on 2021-07-06 15:00

Practice management vendor Practicefirst announced a 2020 healthcare ransomware attack that may have exposed patient and employee PII. The hacker attempted to deploy ransomware and successfully copied files from Practicefirst’s system that contained patient and employee PII. The information, later deleted, contained birthdates, names, addresses, driver’s license numbers, Social Security numbers, email addresses and tax identification numbers.


Official Formula 1 App Hacked

Permalink - Posted on 2021-07-06 15:00

Racing fans around the globe received some unexpected and very strange push notifications from the official Formula 1 app over the July Fourth weekend. It’s believed the notifications were linked to a targeted cyber attack.


British Airways Settles with Data Breach Victims

Permalink - Posted on 2021-07-06 15:00

Compensation is to be paid to thousands of victims of a large-scale data breach at British Airways (BA). A legal claim was filed against the airline over a security incident that began in June 2018. Data belonging to around 420,000 people was compromised in a cyber-attack that went undetected for more than two months. Between June 22 and September 5, 2018, a malicious actor gained access to an internal BA application through the use of compromised credentials for a Citrix remote access gateway. The breach impacted personal data belonging to British Airways staff and to its customers in the United Kingdom, in the EU, and in the rest of the world. Magecart, a form of digital skimming code, was used by the attacker to collect and steal payment card information, names, and addresses. An investigation by the Information Commissioner's Office (ICO) found the security measures put in place by British Airways to protect the vast quantities of personal data being processed were inadequate.


Brits Lose Over £1 Biillon in Fraud So Far This Year

Permalink - Posted on 2021-07-06 15:00

Brits have lost over £1bn to fraud and cybercrime in the first six months of 2021, according to money.co.uk’s latest Quarterly Fraud and Cyber Crime Report. The analysis revealed that 81,018 fraud and cybercrime-related police reports were issued in Q2 2021, with UK residents experiencing a total loss of £382.3m due to these crimes. Interestingly, this represents a significant decrease compared with Q1 2021, when there were 137,695 reports. The personal finance advisory firm believes this decline is due to the easing of COVID-19 lockdown restrictions in Q2, as this reduced online activities. However, financial losses per average victim were £176 higher in Q2 compared to Q1, at £4719. The most common type of fraud and cybercrime in Q2 was related to online shopping and auctions, comprising one in five police reports (14,868). Victims lost a total of £11.9m to these types of activities.


Up to 1,500 Businesses Affected by Ransomware Attack

Permalink - Posted on 2021-07-06 15:00

Between 800 and 1,500 businesses around the world have been affected by a ransomware attack centered on U.S. information technology firm Kaseya, its chief executive said on Monday. Fred Voccola, the Florida-based company's CEO, said in an interview that it was hard to estimate the precise impact of Friday's attack because those hit were mainly customers of Kaseya's customers.


Leaked Infrastructure Secrets Costs Companies an Average of $1.2 Million in Revenue Annually

Permalink - Posted on 2021-07-06 15:00

In pursuit of these accelerated timelines, developers frequently have to choose between rapidity and security. They leave infrastructure secrets like API tokens, SSH keys, and private certificates in config files or next to source code in order to have easier access. But they are not always aware of the fact that the easier it is for them to access these secrets, the easier it is for cybercriminals to do the same. As specified by the leader in enterprise password management 1Password’s report dubbed “Hiding in Plain Sight“, companies are losing an average of $1.2 million every year because of leaked information, which researchers at the company called “secrets.”


1 in 4 Employees Say They Still Have Access to Accounts from Past Jobs

Permalink - Posted on 2021-07-06 15:00

A survey of more than 1,000 professionals reveals that most think their work password practices are secure, but the reality of the situation is anything but. Nearly half admit to password sharing, more than a third say they write their passwords on paper, and one in four said they still have access to accounts from past jobs. The survey, performed by passwordless security company Beyond Identity, suggests a need for businesses to tighten up their password policies, but with an important caveat: Making the process too laborious for employees means that they'll just find a way to circumvent the rules. With 45.6% of respondents saying they believe strict password policies hamper productivity, there's a good reason to ensure a balance is struck.


Northwestern Memorial HealthCare and Renown Health Affected by Elekta Cyber Attack

Permalink - Posted on 2021-07-02 16:00

Chicago, IL-based Northwestern Memorial HealthCare and Reno, NV-based Renown Health have been affected by a cyberattack on one of their business associates. The data breach was discovered by Stockholm-based Elekta, which provides a software platform used for clinical radiotherapy treatment for cancer and brain disorders. Elekta issued a statement confirming its first-generation cloud-based storage system was accessed by unauthorized individuals, which affected a subset of customers in North America.


Kaseya Supply Chain Attack Delivers Mass Ransomware Event to U.S. Companies

Permalink - Posted on 2021-07-02 16:00

Kaseya VSA is a commonly used solution by MSPs — Managed Service Providers — in the United States and United Kingdom, which helps them manage their client systems. Kaseya’s website claims they have over 40,000 customers. Now, an apparent auto update in the product has delivered REvil ransomware. By design, it has administrator rights down to client systems — which means that Managed Service Providers who are infected then infect their client’s systems.


South Africa: Data Breach Hits Major Insurance Player QSure

Permalink - Posted on 2021-07-02 16:00

QSure, a big player in South Africa’s insurance industry, has been hit by a data breach in which bank account numbers and other sensitive information were compromised by a third party. The company would not say how many records were exposed through the breach, only that the incident is “still being investigated”.


Norwegian DPA: Oslo University Hospital Ordered to Amend Data Handling Agreements

Permalink - Posted on 2021-07-02 16:00

The Norwegian Data Protection Authority’s inspection of Oslo University Hospital (OUH) reveals that the hospital cannot document satisfactory control of patient data when the hospital needs laboratory services from other countries.


Leaked Data Costing Organizations an Average of $1.2 million per Year

Permalink - Posted on 2021-07-02 16:00

Organizations are losing millions of dollars in revenue each year due to leaked infrastructure code, credentials and keys, according to a new report from 1Password. 1Password's report "Hiding in Plain Sight" said that on average, enterprises lose an average of $1.2 million each year due to leaked details, which researchers at the company called "secrets." Researchers found that IT and DevOps workers leave infrastructure secrets like API tokens, SSH keys, and private certificates in config files or next to source code for easy access and to make things move faster. The report features analysis from 1Password researchers as well as an April 2021 survey of 500 IT and DevOps workers in the US. For 10% of respondents who experienced secret leakage, their company lost more than $5 million. More than 60% of respondents said their organizations have dealt with secrets leakage. In addition to the money lost, 40% said their organizations suffered from brand reputation damage and 29% said clients were lost due to the consequences of secrets that had been leaked. According to the report and accompanying survey, 65% of IT and DevOps employees say their company has more than 500 secrets, with almost 20% saying they have more than they can count.


ACH Data Security Rule Takes Effect

Permalink - Posted on 2021-07-02 16:00

A new Automated Clearing House (ACH) data security rule to protect electronically stored sensitive financial information has come into force in the United States. As of June 30, the ACH Security Framework now requires large, non-financial-institution (Non-Fi) originators, third-party service providers (TPSPs) and third-party senders (TPSs) to protect deposit account information by rendering it unreadable when it is stored electronically. First introduced in April 2020, the new rule specifically applies to entities sending payments (ACH originators) and third parties that process in excess of six million ACH payments per year. Account numbers used for any ACH payment, whether consumer or corporate, are impacted by the new rule.


Smart Home Experiences Over 12,000 Cyber Attacks in a Week

Permalink - Posted on 2021-07-02 16:00

'WHich?' consumer group partnered with NCC Group and the Global Cyber Alliance (GCA) to conduct the experiment, in which a home was filled with numerous IoT devices, including TVs, thermostats and smart security systems. They then analyzed the number of attempted hacks that took place over several weeks. Which? revealed a “breathtaking” amount of hacks and unknown scanning attacks targeting these devices, rising to 12,807 unique scans/hacks during a single week in June. In this week, the most common method used was attempting to log in to the devices through weak default usernames and passwords, such as ‘admin.’ There was a total of 2435 specific attempts to maliciously log into devices in this way, equating to 14 per hour.


Spanish Telecom Giant MasMovil Hit by Revil Ransomware Gang

Permalink - Posted on 2021-07-02 16:00

Spain’s 4th largest telecom operator MasMovil Ibercom or MasMovil is the latest victim of the infamous Revil ransomware gang (aka Sodinokibi) On its official blog accessible via Tor browser, as seen by Hackread.com, the ransomware operator claims to have “downloaded databases and other important data” belonging to the telecom giant. As proof of its hack, the group has also shared screenshots apparently of the stolen MasMovil data that shows folders named Backup, RESELLERS, PARLEM, and OCU, etc.


U.S. Insurance Giant AJG Reports Data Breach After Ransomware Attack

Permalink - Posted on 2021-07-02 16:00

Arthur J. Gallagher (AJG), a US-based global insurance brokerage and risk management firm, is mailing breach notification letters to potentially impacted individuals following a ransomware attack that hit its systems in late September. "Working with the cybersecurity and forensic specialists to determine what may have happened and what information may have been affected, we determined that an unknown party accessed or acquired data contained within certain segments of our network between June 3, 2020 and September 26, 2020," AJG said. As one of the largest insurance brokers in the world, AJG has over 33,300 employees and its operations span 49 countries. The company is also ranked 429 on the Fortune 500 list, and it reportedly provides insurance services to customers from more than 150 countries.


Hacked Data for 69K LimeVPN Users Up for Sale on Dark Web

Permalink - Posted on 2021-07-01 16:00

The VPN provider known as LimeVPN has been hit with a hack affecting 69,400 user records, according to researchers. A hacker claims to have stolen the company’s entire customer database before knocking its website offline (Threatpost confirmed that as of press time, the website was down). The stolen records consist of user names, passwords in plain text, IP addresses and billing information, according to PrivacySharks. Researchers added the attack also included public and private keys of LimeVPN users.


Netherlands: De Mandemakers Group; "Despite Adequate Security" Still a Victim

Permalink - Posted on 2021-07-01 16:00

Kitchen and furniture seller De Mandemakers Groep (DMG) has fallen victim to hackers. They managed to block a large part of the IT systems. DMG has reported the incident to the police and reported the incident to the Dutch Data Protection Authority.


Microsoft finds Netgear Router Bugs Enabling Corporate Breaches

Permalink - Posted on 2021-07-01 16:00

Attackers could use critical firmware vulnerabilities discovered by Microsoft in some NETGEAR router models as a stepping stone to move laterally within enterprise networks. The security flaws impact DGN2200v1 series routers running firmware versions before v1.0.0.60 and compatible with all major DSL Internet service providers. They allow unauthenticated attackers to access unpatched routers' management pages via authentication bypass, gain access to secrets stored on the device, and derive saved router credentials using a cryptographic side-channel attack. The three bugs "can compromise a network's security—opening the gates for attackers to roam untethered through an entire organization," Microsoft 365 Defender Research Team's Jonathan Bar Or explains. The security issues were discovered by Microsoft's researchers while reviewing Microsoft Defender for Endpoint's new device discovery fingerprinting capabilities after noticing that a DGN2200v1 router's management port was being accessed by another device on the network.


Florida: SWFL Inmates Filing Lawsuit After Data Breach

Permalink - Posted on 2021-07-01 16:00

Hacked. That was the headline back in April when it came to the 20th judicial Public Defender's Office. A document on the agency's website, says private information linked to more than half a million staff members and clients was potentially exposed. The notice encourages those who may have been caught up in that cyberattack, to put a fraud alert on their credit and monitor it carefully. But for 19 inmates, in the Lee and Collier county jails, that notice isn't good enough. "The data breach has caused major problems and we don't know the extent of it," said Reuben Mitchell, who is currently being detained in the Lee County Jail. "We've actually filed a civil class action lawsuit through the federal court system," said Wade Wilson, who is currently being detained in the Lee County Jail. Wilson is accused of murdering two women in Cape Coral in the summer of 2019. Police found Kristine Melton and Diane Ruiz dead within days of each other. Now, he and that group of inmates are working to sue the Public Defender's Office, the State Attorney's Office, Attorney General Ashley Moody, and governor Ron DeSantis as a result of the hack. Documents from a federal court show that the inmates are seeking 5 million dollars in damages per person, lifetime credit, and identity protection, mental health counseling and more.


Japan Airport Refueling Co. Discloses Ransomware Incident; Refueling Work Not Impacted

Permalink - Posted on 2021-07-01 16:00

Investigation confirmed that it was a ransomware attack, and the company received a ransom demand to decrypt data on the server, but there seemed to be no mention that any data was exfiltrated. Details as to the type of ransomware and types of data potentially compromised were not disclosed.


Indian Tech. Startup Exposed Byju's Student Data

Permalink - Posted on 2021-06-30 15:00

India-based technology startup Salesken.ai has secured an exposed server that was spilling private and sensitive data on one of its customers, Byju’s, an education technology giant and India’s most valuable startup. The server was left unprotected since at least June 14, according to historical data provided by Shodan, a search engine for exposed devices and databases. Because the server was without a password, anyone could access the data inside. Security researcher Anurag Sen found the exposed server, and asked TechCrunch for help in reporting it to the company.


Hackers Use Zero-Day to Mass-Wipe My Book Live Devices

Permalink - Posted on 2021-06-30 15:00

A zero-day vulnerability in Western Digital My Book Live NAS devices allowed a threat actor to perform mass-factory resets of devices last week, leading to data loss. After some users analyzed the device's logs, they found that on June 24th, a script called factoryRestore.sh was executed on their devices, which wiped the device's files. Western Digital had originally told BleepingComputer that the attacks were being conducted through a 2018 vulnerability tracked as CVE-2018-18472, which was not fixed as the device has been out of support since 2015. It turns out that while threat actors used this vulnerability in attacks against My Book Live devices, it was actually a different zero-day vulnerability responsible for the factory resets.


Bucks County, PA Behavioral Health and Substance Abuse Nonprofit Struck in Cyber Attack

Permalink - Posted on 2021-06-30 15:00

The records of an unspecified number of clients of an Upper Bucks County behavioral-health and substance abuse nonprofit, which serves the Lehigh Valley, might have been stolen as part of a ransomware attack on the agency earlier this year. Penn Foundation in West Rockhill Township said it informed clients Tuesday of the possible data breach via a letter from Wayne A. Mugrauer, its president and CEO.


Australia: Morningstar Data Breach Reveals KPMG Deal Maker Lists

Permalink - Posted on 2021-06-30 15:00

A software glitch has exposed the key companies garnering the interest of big four advisory group KPMG’s deal makers and restructuring experts. The flaw in an alert system, run by US financial research firm Morningstar, for ASX-listed companies meant third parties could even view project names KPMG had assigned. That included “Project Africa Comps” for some ASX-listed Australian debt collectors.


University Medical Center of Southern Nevada Attacked by REvil Threat Actors

Permalink - Posted on 2021-06-30 15:00

The University Medical Center of Southern Nevada, who proudly proclaims itself the official healthcare provider for the Vegas Golden Knights, has allegedly been the victim of a cyberattack by REvil (Sodinokibi) threat actors. DataBreaches.net sent three email inquiries today to the medical center, asking for a statement confirming or denying the claimed attack, and describing the scope or impact of it if they confirmed it. There has been no reply. The medical center, which is the only public, non-profit hospital in Clark County and operates the state’s only Level I Trauma Center, provides services to patients in four states within 10,000 square miles. As such, it is critical to the area in the case of any mass casualty event and any attack encrypting files or systems could potentially be disastrous.


Freshly Scraped LinkedIn Data of 88,000 U.S. Business Owners Shared Online

Permalink - Posted on 2021-06-30 15:00

About a week after scraped data from more than 700 million LinkedIn profiles were put for sale online, it seems that threat actors have no intention of stopping their abuse of the social media platform’s scrape-friendly systems. Hours ago, a 68MB JSON database containing LinkedIn data recently collected from 88,000 US business owners was shared on a popular hacker forum. According to the poster, the scrape targeted US business owners who have “changed job positions in [the] past 90 days.” The database includes full names, email addresses, workplace information, and other data points the owners publicly listed on their LinkedIn profiles. The archive was posted on the hacker forum for anyone to access. While not highly sensitive, the data could still be used by threat actors to stage attacks against US business owners who the threat actors might see as being more affluent and potentially vulnerable to phishing and ransomware attacks.


U.K. Arm of International Charity the Salvation Army Hit by Ransomware Attack

Permalink - Posted on 2021-06-30 15:00

Criminals infected the Salvation Army in the UK with ransomware and siphoned the organisation's data, The Register has learned. A Salvation Army spokesperson confirmed the evangelical Christian church and charity was compromised, and said it alerted regulators in the UK. She told us: “We are investigating an IT incident affecting a number of our corporate IT systems. We have informed the Charity Commission and the Information Commissioner’s Office, are also in dialogue with our key partners and staff and are working to notify any other relevant third parties.” The Salvation Army refused to give any further information, such as the identity of the criminal attackers, or the volume and type of data accessed by the them. To date, nothing has emerged on known ransomware gang sites.


SolarWinds Hackers Remained Hidden in Denmark's Central Bank for Months

Permalink - Posted on 2021-06-30 15:00

The security breach is the result of the SolarWinds supply chain attack that was carried out by the Nobelium APT group (aka APT29, Cozy Bear, and The Dukes). The intrusion was revealed by the technology outlet Version2, which obtained official documents from the Danish central bank through a freedom of information request. “Some of the world’s most sophisticated hackers have had an IT backdoor at Danmarks Nationalbank for seven months. Danmarks Nationalbank itself cannot rule out that the suspected Russian state hackers have abused the back door to further compromise Danmarks Nationalbank.” states Version2. “It shows an access to documents that Version2 has received in the case. Access to the file states that Danmarks Nationalbank, which operates Denmark’s central financial infrastructure, was hit by the worldwide Solarwinds hacker attack back in December 2020.”


Zero Day Malware Reached an All-Time High of 74% in Q1 2021

Permalink - Posted on 2021-06-29 15:00

74% of threats detected in Q1 2021 were zero day malware – or those for which a signature-based antivirus solution did not detect at the time of the malware release – capable of circumventing conventional antivirus solutions, according to WatchGuard. More than 4 million network attacks were detected, a 21% increase compared to the previous quarter and the highest volume since early 2018. Corporate servers and assets on site are still high-value targets for attackers despite the shift to remote and hybrid work, so organizations must maintain perimeter security alongside user-focused protections.


Portugal: Cyber Attack on Hospital do Divino Espírito Santo Impacting Notification of COVID-19 Test Results

Permalink - Posted on 2021-06-29 15:00

The Hospital do Divino Espírito Santo de Ponta Delgada was hit with a cyberattack that was detected on June 24. As of today, the hospital is still working to recover from the attack while prioritizing notifying people who tested positive for COVID-19 in recent tests. Those who tested negative have experienced delays in notification. In an update today, SAPO reports that Clélio Meneses, the Secretary of Health of the Government of the Azores, acknowledged that there were delays in the disclosure of negative tests for COVID-19 in the region due to the cyberattack.


Italy: Muncipality of Cagliari Services Interrupted by Cyber Attack

Permalink - Posted on 2021-06-29 15:00

The Comune di Cagliari issued a notice on their web site on June 27 that a computer virus had reduced the functionality of its services, requiring extraordinary maintenance intervention. According to the notice, the impairment was also impacting services through call centers.


Bordeaux-Gironde Chamber of Commerce in France and Gerry Weber in Germany Hit by Cyber Attacks

Permalink - Posted on 2021-06-29 15:00

Chamber of Commerce and Industry (CCI) for Bordeaux-Gironde was the victim of a cyberattack on June 25. Officials refused to pay an unspecified ransom demand and filed a police complaint. Meanwhile in Germany, textile retail chain Gerry Weber was also the victim of a cyberattack. Business Insider reported that the clothing retailer’s IT system was paralyzed for more than a weekm with employees unable to work regularly because time recording or label printing no longer worked after the systems were shut down as a precautionary measure.


Kentucky Healthcare System Exposes Patients' PHI

Permalink - Posted on 2021-06-29 15:00

A healthcare system located in Kentucky is notifying more than 40,000 patients of an error that saw their personal health information (PHI) emailed to the wrong address. UofL Health, which is based in Louisville, consists of five hospitals, four medical centers, nearly 200 physician practice locations, more than 700 providers, the Frazier Rehab Institute and Brown Cancer Center. Earlier this month, the system notified the Health and Human Services Office for Civil Rights of an email security incident involving the unauthorized disclosure of data belonging to 42,465 individuals.


Four States Propose Laws to Ban Ransomware Payments

Permalink - Posted on 2021-06-29 15:00

In New York, Senate Bill S6806A "prohibits governmental entities, business entities, and health care entities from paying a ransom in the event of a cyber incident or a cyber ransom or ransomware attack." Another New York Senate bill, Senate Bill S6154, provides money so that local governments can upgrade their networks. But it also "restricts the use of taxpayer money in paying ransoms in response to ransomware attacks." New York stands alone in terms of barring private sector businesses from paying a ransom. Legislatures in North Carolina (House Bill 813), Pennsylvania (Senate Bill 726), and Texas (House Bill 3892) are all considering bills that would prohibit the use of state and local taxpayer money or other public money to pay a ransom payment. This public money prohibition would likely hamstring local governments from paying off ransomware attackers. Pennsylvania Republican State Senator Kristin Phillips-Hill tells CSO she introduced her “Safeguarding the Commonwealth from Ransomware Attacks” bill to discourage at least some ransomware attacks, those aimed at public agencies, by removing the attackers’ financial incentives. If cybercriminals are rewarded for their efforts, they will simply continue to launch ransomware attacks, she says. Phillips-Hill’s bill also aims to develop guidelines agencies should follow in beefing up their preparedness to respond to ransomware attacks. The bill, however, does not appropriate any funds to help agencies bolster their ransomware response capabilities.


Technology's Complexity and Opacity Threaten Critical Infrastructure Security

Permalink - Posted on 2021-06-29 15:00

The frantic scramble that occurred after the recent SolarWinds cyber incident, as companies and governments rushed to understand the extent of the incident and where the compromised software was installed, is an example of how little knowledge we have of what goes into our technology. And this isn't a new phenomenon. When the federal government banned Kaspersky software in 2017, agencies and companies were forced to spend thousands of hours combing through their technology stacks seeking the offending code because they didn't have visibility into what was in the software they use. Complexity in technology is only going to increase. As such, it's vital that end users can get more thorough information about what is (or isn't) in the technology they consume, and technology providers are held more accountable for the content of the technology they deliver to consumers.


Survey Data Reveals Gap in Americans' Security Awareness

Permalink - Posted on 2021-06-29 15:00

The survey from security firm Armis finds more than 21% of respondents have not heard about the May cyberattack on Colonial Pipeline, and 24% believe the attack on the largest fuel pipeline in the United States will not have any long-lasting effects on the nation's fuel industry. Almost half (45%) of working Americans had no knowledge of the attempted tampering of the local drinking water supply in Oldsmar, Florida earlier this year. As more organizations consider moving back to the office, Armis' data shows 71% of employees intend to bring their work-from-home devices with them. The survey also finds 54% of respondents don't believe their personal devices pose any security threat to their organization.


Data for 700M LinkedIn Users Posted for Sale in Cyber Underground

Permalink - Posted on 2021-06-29 15:00

Privacy Sharks examined the free sample and saw that the records include full names, gender, email addresses, phone numbers and industry information. It’s unclear what the origin of the data is – but the scraping of public profiles is a likely source. That was the engine behind the collection of 500 million LinkedIn records that went up for sale in April. It contained an “aggregation of data from a number of websites and companies” as well “publicly viewable member profile data,” LinkedIn said at the time.


Americans Lost $29.8 Billion to Phone Scams in the Past Year

Permalink - Posted on 2021-06-29 15:00

A study of U.S. residents has found that one in three say they've fallen victim to a phone scam in the past year, and 19% say they've been duped more than once. Totaling 59.4 million people, the money lost in the past year increased by 51% over last year for a total of $29.8 billion. The data, from caller ID and spam blocking app Truecaller and Harris Poll, paints a picture of Americans ripe for the picking by phone scammers and spammers who are only growing in number and effectiveness, despite 85% saying they only answer calls if they can identify the caller.


Cyber Security and Business Priorities Don't Appear to Be Aligning

Permalink - Posted on 2021-06-29 15:00

According to new data from LogRythm in their latest research, Security and the C-Suite: Making Security Priorities Business Priorities, you may find that many organizations are simply talking the talk, but not walking the walk. 60% of organizations believe the cybersecurity leader should report directly to the CEO because it would create greater awareness of security issues throughout the organization. And yet, on average, the cybersecurity leader is three levels away from reporting to the CEO, with only 7% of cybersecurity leaders actually reporting directly to the CEO; Only 23% of cybersecurity leaders have complete ownership over their budget, so they rely on senior leadership to assist with allocating needed budget. 63% of orgs say the budget is insufficient to invest in the right technologies, and yet 64% of cybersecurity leaders report to the board on the effectiveness and efficiency of security programs and measures. So the board knows, but isn’t allocating enough; Nearly half (46%) of all senior leadership have confidence that the cybersecurity leader understands the business goals, and yet, 54% of security leaders only report to the board either once annually or only when a security incident occurs.


SolarWinds Attack Cost Affected Companies an Average of $12 Million

Permalink - Posted on 2021-06-28 15:00

The good news is that security teams are beefing up network defenses, but the bad news is that most companies have recently suffered a cybersecurity incident that required a board meeting. That's the analysis from the 2021 Cybersecurity Impact Report from IronNet. The report is based on interviews with 473 security IT decision makers from the U.S., U.K. and Singapore who work in the technology, financial, public service and utilities sectors. The survey found that 90% of respondents said their security posture had improved over the last two years, but 86% suffered attacks severe enough to require a meeting of the companies' C-level executives or boards of directors.


Electronic Arts Ignored Domain Vulnerabilities for Months Despite Warnings and Breaches

Permalink - Posted on 2021-06-28 15:00

Gaming giant Electronic Arts is facing even more criticism from the cybersecurity industry after ignoring warnings from cybersecurity researchers in December 2020 that multiple vulnerabilities left the company severely exposed to hackers. Officials from Israeli cybersecurity firm Cyberpion approached EA late last year to inform them of multiple domains that could be subject to takeovers as well as misconfigured and potentially unknown assets alongside domains with misconfigured DNS records. But even after sending EA a detailed document about the problems and a proof of concept, Cyberpion co-founder Ori Engelberg told ZDNet that EA did nothing to address the issues.


Details of Over 200,000 Students Leaked in Cyber Attack

Permalink - Posted on 2021-06-28 15:00

A pro-Palestinian Malaysian hacker group known as "DragonForce" claimed that it hacked into AcadeME last week, stating "THE LARGEST AND MOST ADVANCED STUDENT AND GRADUATE RECRUITMENT NETWORK IN ISRAEL Hacked By DragonForce Malaysia" in a Telegram message on June 20. The group claimed that they leaked emails, passwords, first and last names, addresses and even phone numbers of students who were registered on AcadeME. DragonForce attacked screenshots of code, server addresses and a table including email addresses and names. The hackers leaked the details of about 280,000 students who used the service since 2014, May Brooks-Kempler from the Think Safe Cyber Facebook group told Israeli media. The AcadeME site was taken offline and listed as "unavailable" as of Monday morning. A notice which appears when attempting to access the site said the site "should be back soon."


HMRC-Branded Phishing Scams Up 87% in a Year

Permalink - Posted on 2021-06-28 15:00

There were 1.07m scam reports in 2020-21, up from 570,000 the previous year, according to data obtained by accountancy group Lanop Outsourcing under the Freedom of Information (FOI) Act. Reports of suspected SMS scams shot up 52 per cent, rising from 67,497 to 102,562 attacks. Email scams jumped by 109 per cent, rising from 301,170 to 630,193, and reports of phone call scams increased 66 per cent, from 203,362 to 336,767. Of the scams listed, the majority were tax rebate or refund scams which rose by 90 per cent from 363,118 and 690,522. In addition, voice scam attacks rose by 66 per cent, jumping from 203,362 to 336,767. HMRC also receives reports for the Driver and Vehicle Licensing Agency (DVLA) and acts on its behalf to initiate website takedowns. In 2019-20 there were 5,549 reports and a whopping 42,233 reports in 2020-21 – an increase of 661 per cent.


Facebook Pays $6.5 Million to End Fee Fight in Breach Case

Permalink - Posted on 2021-06-25 16:00

Facebook Inc. will pay $6.5 million to class counsel in a lawsuit that alleged the company’s negligence allowed hackers to obtain user information via software bugs, ending a dispute over attorneys’ fees. The parties reached an agreement prior to a hearing scheduled for Thursday, they told Judge William Alsup. The amount is described in a stipulation as “a material reduction from the total attorneys’ fees and litigation costs Plaintiff initially sought.” Stephen Adkins sued the social media giant in 2018, saying the personal identifying information of 50 million users was exposed “due to a flaw in Facebook’s code” that allowed hackers to take over user accounts. The company said the breach was made possible by a bug in the website’s “view as” feature, which was intended to increase user control over privacy. The parties reached a settlement in the underlying class suit under which Facebook agreed to make numerous new security enhancements. Under the terms of the deal, class counsel agreed it would seek no more than $16 million for attorneys’ fees. The court approved the settlement and class counsel sought $10.7 million in attorneys’ fees and $1.2 million in litigation expenses, but Facebook opposed that bid in March. Alsup, of the U.S. District Court for the Northern District of California, approved the $6.5 million agreement via a remote hearing after asking the parties about the finality of the deal and about payments to a special master. The deal resolves all disputes in the case, and the special master will be paid from the established settlement fund, the parties said.


My Book Live Users Wake Up to Wiped Devices, Active RCE Attacks

Permalink - Posted on 2021-06-25 16:00

Western Digital’s My Book storage device is designed for consumers and businesses. It typically plugs into computers via USB. The specific model involved in the data-demolition incident is known as My Book Live: a model that uses an Ethernet cable to connect to a local network. Users can remotely access files and make configuration changes through Western Digital’s cloud infrastructure. Western Digital is blaming the remote wipes – which have happened even if the network-attached storage (NAS) devices are behind a firewall or router – on the exploitation of a remote command-execution (RCE) vulnerability.


Cloud Database Exposes 800M+ WordPress Users' Records

Permalink - Posted on 2021-06-25 16:00

A misconfigured cloud database exposed over 800 million records linked to WordPress users before its owner was notified, according to Website Planet. Security researcher Jeremiah Fowler explained that the trove was left online with no password protection by US hosting provider DreamHost. The 814 million records he found were traced back to the firm’s managed WordPress hosting business DreamPress and appeared to date back to 2018. In the 86GB database, there was purportedly admin and user information, including WordPress login location URLs, first and last names, email addresses, usernames, roles, host IP addresses, timestamps, and configuration and security information. Some of the leaked information was linked to users with .gov and .edu email addresses, Fowler claimed.


India: Technisanct Confirms 3.4 Million Customers Have Data Posted on Dark Web

Permalink - Posted on 2021-06-25 16:00

Kochi: Kochi-based cybersecurity and big data startup, Technisanct has disclosed serious data breach in a trading platform in India. Information of over 3.4 million customers were compromised. Personal Identifiable Information (PII) which includes name, customer ID, contact number, email ID, trade login ID, branch ID, city and country were leaked. The security breach was identified by Technisanct’s digital risk monitoring tool ‘Integrite’. The data of the customers has been kept for sale in a data-sharing platform. The information was published on June 15 and the incident was reported to CERT by Technisanct.


FBI Director Urges Companies Stop Paying Ransoms to Hackers

Permalink - Posted on 2021-06-25 16:00

FBI Director Chris Wray on Wednesday pleaded with public companies and other hacking victims to avoid paying ransom, saying he fears it will only embolden cyber criminals to ramp up future attacks. Wray said on Wednesday that the FBI is seeing increasingly sophisticated types of ransomware attacks and that cyber thieves have been demanding larger sums of money. He said companies and municipal governments who become victims of ransomware attacks should consider going to the FBI as soon as possible, and not wait.


Irish Ransomware Attack Recovery Cost Estimate: $600 Million

Permalink - Posted on 2021-06-25 16:00

The recovery costs for the May ransomware attack on Health Service Executive, Ireland's publicly funded healthcare system, is likely to total $600 million, says Paul Reid, HSE's director general. Reid provided the estimate at a Wednesday hearing of a health committee of the country's legislative body, Oireachtas. The hearing was held to get updates on the May 14 suspected Conti ransomware attack on Ireland's state-run health services provider, which severely affected its maternity hospitals across the country. At the hearing, Reid noted the immediate cost of recovery totaled $120 million. But further investments in replacing and upgrading the affected systems, and other expenses, would bring the total cost to an estimated $600 million. He predicted it would take months for HSE to fully recover from the attack.


Mercedes-Benz Data Breach Exposes SSNs, Credit Card Numbers

Permalink - Posted on 2021-06-25 16:00

Mercedes-Benz USA has just disclosed a data breach impacting some of its customers. The company assessed 1.6 million customer records which included customer names, addresses, emails, phone numbers, and some purchased vehicle information to determine the impact. It appears the data breach exposed credit card information, social security numbers, and driver license numbers of under 1,000 Mercedes-Benz customers and potential buyers.


74% of Q1 Malware Was Undetectable via Signature-Based Tools

Permalink - Posted on 2021-06-25 16:00

WatchGuard Technologies recently analyzed threat data collected from customer networks during the first quarter of 2021 and found 74% of threats detected were zero-day malware for which no anti-virus signatures were available at time of malware release. As a result, the malware was capable of bypassing signature-based threat detection tools and breaching enterprise systems. The level of zero-day malware detections in the first quarter was the highest WatchGuard has ever observed in a single quarter and completely eclipsed the volume of traditional threats, the security vendor said in a report this week.


Ransom Leak Sites Reveal 422% Annual Increase in Victims

Permalink - Posted on 2021-06-24 16:00

Over three-quarters of consumers and cybersecurity professionals want to see ransom payments made illegal, as new figures showed a triple-digit year-on-year increase in victim organizations. Mandiant claimed to have detected a 422% increase in victim organizations announced by ransomware groups on their leak sites between Q1 2020 and the first quarter of 2021. That amounted to over 600 European organizations, with those in manufacturing, legal and professional services and retail most affected. The new figures come as research from Talion revealed that 78% of UK consumers and 79% of security professionals believe payments to these groups should be banned by law. It’s an increasingly controversial area, with many commentators blaming cyber-insurance policies for effectively bankrolling threat groups and encouraging more malicious actors to join the fast-growing ransomware cybercrime industry.


Maximus Reports Breach Affecting 334,000 Medicaid Healthcare Providers

Permalink - Posted on 2021-06-24 16:00

Ohio Medicaid has announced that its data manager, Maximus Corp, has experienced a data breach in which the personal information of Medicaid healthcare providers has been compromised. Maximus is a global provider of government health data services. Through the provision of those services the company had been provided with the personal information of Medicaid healthcare providers. On May 19, 2021, Maximus discovered a server that contained personal information provided to the Ohio Department of Medicaid (ODM) or to a Managed Care Plan had been accessed by unauthorized individuals between May 17 and May 19, 2021.


Indiana: Westfield Clerk, Mayor Battle Over Spyware Installed on City Hall Computers

Permalink - Posted on 2021-06-24 16:00

Spyware was found on all of the computers in the Westfield clerk treasurer’s office, and now she and the mayor are battling in court about it. This particular software allows remote access to all the data stored in that office, which includes information for a dozen city bank accounts, and personal information for city employees and taxpayers. Cindy Gossard, Westfield’s clerk treasurer, says she never gave permission to anyone to install the software and she doesn’t know who has access to sensitive city information held by her office.


Zyxel Warns Customers of Attacks on Security Appliances

Permalink - Posted on 2021-06-24 16:00

Networking device manufacturer Zyxel has issued an alert to warn customers of attacks targeting a subset of security appliances that have remote management or SSL VPN enabled. In the letter sent to customers, a copy of which security researcher JAMESWT shared on Twitter, the company says that a sophisticated threat actor is targeting USG/ZyWALL, USG FLEX, ATP, and VPN series devices running on-premises ZLD firmware. Zyxel says that the company has launched an investigation into the attacks and that it is working to resolve the issue.


Disruption to Irish Health Service Will Continue for Months Due to Ransomware Attack

Permalink - Posted on 2021-06-24 16:00

Ireland's health service faces months of disruption as it continues to recover from a ransomware attack, the head of the Health Service Executive (HSE) has warned. HSE, which is responsible for healthcare and social services across Ireland, fell victim to what was described as a "significant" ransomware attack on 14 May. Due to the ongoing disruptions, HSE warns that emergency departments are very busy due to IT outages and significant delays are to be expected, while many X-ray appointments are being cancelled.


Most Third-Party Libraries Are Never Updated After Being Included in a Codebase

Permalink - Posted on 2021-06-24 16:00

79% percent of the time, third-party libraries are never updated by developers after being included in a codebase – despite the fact that more than two thirds of fixes are minor and non-disruptive to the functionality of even the most complex software applications, Veracode research reveals.


Fashion Titan French Connection Has Data Stolen After REvil-linked Ransomware Infection

Permalink - Posted on 2021-06-24 16:00

Cheeky clothing firm French Connection, also known as FCUK, has become the latest victim of ransomware, with a gang understood to be linked to REvil having penetrated its back-end - making off with a selection of private internal data. Passport and identification card scans seen by The Register have been used by the gang as proof-of-breach, covering a range of staff members - including founder and chief executive Marks, chief financial officer Lee Williams, and chief operating officer Neil Williams. In a statement to The Register French Connection confirmed it had "been the target of an organised cyber-attack affecting its back-end servers, which control its internal systems and operations."


Swedish COVID-19 Lab with Millions of Test Results Breached

Permalink - Posted on 2021-06-24 16:00

IT solutions provider from Sweden reported it had detected hackers peaking inside a database for COVID-19 test results. Over three million test results Unclear whether intruders took any information from the database. The targeted company, InfoSolutions, published a statement claiming that it detected an intrusion to a database employed by 15 of 21 Sweden’s regions.


Healthcare Giant Grupo Fleury Hit by REvil Ransomware Attack

Permalink - Posted on 2021-06-24 16:00

Brazilian medical diagnostic company Grupo Fleury has suffered a ransomware attack that has disrupted business operations after the company took its systems offline. While local media has received confirmation that the company has suffered a cyberattack, Grupo Fleury has not officially confirmed a ransomware attack. However, multiple cybersecurity sources have told BleepingComputer that Grupo Fleury suffered an attack by the ransomware operation known as REvil, also known as Sodinokibi.


Breach of Workforce West Virginia Job Seeker Database Reported

Permalink - Posted on 2021-06-24 16:00

An unauthorized individual accessed the Mid Atlantic Career Consortium Employment Services database, or “MACC” website, Workforce West Virginia announced Tuesday. Workforce says it learned of the breach on April 13, 2021 and ‘immediately took steps to secure the network.’ Workforce West Virginia reports that files were not downloaded, extracted or manipulated. A computer forensic firm hired to help determine what happened determined some personal information stored in the job seekers database was potentially accessible including name, address, phone number, date of birth, and Social Security number.


NFC Flaws Let Researchers Hack ATMs by Waving a Phone

Permalink - Posted on 2021-06-24 16:00

Josep Rodriguez, a researcher and consultant at security firm IOActive, has spent the last year digging up and reporting vulnerabilities in the so-called near-field communications reader chips used in millions of ATMs and point-of-sale systems worldwide. NFC systems are what let you wave a credit card over a reader—rather than swipe or insert it—to make a payment or extract money from a cash machine. You can find them on countless retail store and restaurant counters, vending machines, taxis, and parking meters around the globe. Now Rodriguez has built an Android app that allows his smartphone to mimic those credit card radio communications and exploit flaws in the NFC systems' firmware. With a wave of his phone, he can exploit a variety of bugs to crash point-of-sale devices, hack them to collect and transmit credit card data, invisibly change the value of transactions, and even lock the devices while displaying a ransomware message. Rodriguez says he can even force at least one brand of ATMs to dispense cash—though that "jackpotting" hack only works in combination with additional bugs he says he's found in the ATMs' software. He declined to specify or disclose those flaws publicly due to nondisclosure agreements with the ATM vendors.


Tulsa, Oklahoma Hacked Data Now Posted for Sale on Dark Web

Permalink - Posted on 2021-06-23 16:00

Officials in Tulsa, Oklahoma, are warning residents their personal information may have been leaked to the dark web following a ransomware attack on the city last month. The city announced Tuesday that hackers obtained more than 18,000 city files. The leaked files are mostly police citations and internal department files, officials said in a press release. The documents could contain personal information, including a person's name, date of birth, address and driver's license number.


Hackers Leak 260,000 Accounts from Pakistani Music Streaming Site Patari

Permalink - Posted on 2021-06-23 16:00

Patari or Patari.pk, a Pakistani music streaming site has suffered a data breach in which its database containing personal data and login credentials of over 257,000 registered users has been leaked on English and Russian language hacker forums. The exact date of the data breach remains unknown however the database was dumped online on June 13th, 2021.


Data Breaches: Most Victims Unaware When Shown Evidence of Multiple Compromised Accounts

Permalink - Posted on 2021-06-23 16:00

In the first known study to ask participants about actual data breaches that impacted them, researchers from the U-M School of Information showed 413 people facts from up to three breaches that involved their own personal information. The international team from U-M, George Washington University and Karlsruhe Institute of Technology found people were not aware of 74% of the breaches.


Brazil: Medical Firm Fleury Hit by Cyber Attack

Permalink - Posted on 2021-06-23 16:00

Brazilian medical lab company Fleury SA (FLRY3.SA) said in a securities filing that a cyberattack had resulted in a partial outage of its information technology systems on Tuesday.


Nearly 10% of SMB Defense Contractors Show Evidence of Compromise

Permalink - Posted on 2021-06-23 16:00

More than half of SMB contractors in the US defense supply chain are critically vulnerable to ransomware attacks, a new report has claimed. Cybersecurity vendor BlueVoyant chose to analyze a representative sample of 300 smaller contractors from a defense industrial base (DIB) estimated to have anywhere from 100,000-300,000 suppliers. The resulting Defense Industry Supply Chain & Security 2021 review uncovered concerning signs of weaknesses in this complex ecosystem of contractors — potentially putting national security at risk. It found that over half of the companies studied had unsecured ports vulnerable to ransomware attacks. In contrast, 48% had vulnerable ports and other weaknesses, including unsecured data storage ports, out-of-date software and operating systems, and other vulnerabilities rated severe by NIST. Unpatched flaws were particularly concerning: more than six months after critical F5 and Microsoft Exchange vulnerabilities were published, nine companies were yet to fix them. A fifth (20%) of SMB contractors were found to have multiple vulnerabilities and evidence of targeting, while 7% also featured evidence of compromise. In total, BlueVoyant found evidence of over 1300 email security issues, more than 400 vulnerabilities, and 344 indications that suggest “company resources are involved in anomalous or criminal activity.” Perhaps unsurprisingly, over a quarter (28%) of appraised contractors showed evidence indicating they would fail to meet the most basic tier-1 requirement for the Cybersecurity Maturity Model Certification (CMMC). This is a critical compliance standard designed to improve security best practices among US defense contractors.


Prominence Health Plan Data Breach Impacts Up to 45,000 Individuals Associates

Permalink - Posted on 2021-06-23 16:00

The Nevada health insurer Prominence Health Plan has announced it suffered a security breach on November 30, 2020 in which hackers potentially obtained the protected health information of some of its plan members. The data breach was discovered on April 22, 2021 and steps were immediately taken to prevent further unauthorized access, including changing the credentials used by the attacker to gain access to its network. While Prominence Health Plan has not confirmed whether this was a ransomware attack, all affected plan member data has been restored from backups. The incident involved audio recordings of phone calls to the Prominence call center along with PDF files that included provider claim forms and letters to patients advising them about claim approvals and denials.


San Juan Regional Medical Center Data Breach Affects 68,792 Patients

Permalink - Posted on 2021-06-23 16:00

San Juan Regional Medical Center has recently notified tens of thousands of its patients about a security breach that occurred in the fall of 2020. The Farmington, NM medical center discovered its network had been accessed by an unauthorized individual on September 8, 2020. Prompt action was taken to prevent further unauthorized access and an investigation was launched to determine the nature and extent of the breach. The forensic investigation revealed the attacker exfiltrated files between September 7th and 8th, with a manual review of those files confirming they contained the protected health information of 68,792 patients. The types of information in the files varied from patient to patient and included names in combination with one or more of the following date elements: Dates of birth, Social Security numbers, driver’s license numbers, passport information, financial account numbers, health insurance information, diagnoses, treatment information, medical record numbers, and patient account numbers.


IT Leaders Say Cyber Security Funding Being Wasted on Remote Work Support

Permalink - Posted on 2021-06-23 16:00

IT leaders are taking issue with the amount of cybersecurity money their organizations are spending to support remote work, according to a new survey from JumpCloud. On Wednesday, the company released the findings of its 2021 State of the SME IT Admin Report, which featured the responses of 401 IT decision-makers at small and medium-sized enterprises from April. Those surveyed include managers, directors, vice presidents, and executives. More than 60% of respondents said their enterprise was paying "for more tooling than they need" to manage user identities, while another 56% said too much was being spent on enabling remote work. Respondents were more split on the top concerns, with 39% referencing software vulnerabilities, 37% expressing concern about reused usernames and passwords and 36% mentioning unsecured networks. Another 29% said device theft was also a concern.


Only 7% of Security Leaders Are Reporting to the CEO

Permalink - Posted on 2021-06-23 16:00

While 60% of organizations have experienced a cyberattack in the last two years and spend approximately $38 million on security activities, only 7% of security leaders are reporting to the CEO, a LogRhythm report reveals. Yet, 42% of respondents say the IT security leader should be the person most accountable for preventing or mitigating the consequences of a cyberattack.


BEC Losses Top $1.8B as Tactics Evolve

Permalink - Posted on 2021-06-23 16:00

Business email compromise (BEC) attacks ramped up significantly in 2020, with more than $1.8 billion stolen from organizations with these types of attacks last year alone — and things are getting worse. BEC attacks are carried out by cybercriminals either impersonating someone inside an organization, or masquerading as a partner or vendor, bent on financial scamming. A new report from Cisco’s Talos Intelligence examined the tactics of some of the most dangerous BEC attacks observed in the wild in 2020, and reminded the security community that in addition to technology, smart users armed with a healthy skepticism of outside communications and the right questions to ask are the best line of defense.


Wolfe Eye Clinic Allows 500,000 Patient Records to Be Put at Risk After Hack

Permalink - Posted on 2021-06-23 16:00

The records of roughly 500,000 patients of an eye clinic with locations throughout Iowa may have been stolen as part of a ransomware attack on the business earlier this year. Wolfe Eye Clinic said Tuesday its computer network was attacked on Feb. 8 by hackers who demanded a ransom to unlock access to its systems, but the company didn’t pay the hackers. The company plans to notify affected patients that their information may have been stolen and offer them a year of credit monitoring and identity theft protection services.


Lawsuits Filed on Behalf of Scripps Health Patients in Cyber Attack

Permalink - Posted on 2021-06-23 16:00

A pair of lawsuits have been filed on behalf of former and current Scripps Health patients who allege their personal information may have been compromised during the recent ransomware attack on the San Diego-based health care system. The complaints filed Monday in San Diego federal court allege Scripps did not properly safeguard its patients' personal information stolen in last month's cyberattack, even though Scripps should have been "on notice" of the potential risk due to similar incidents occurring in the health care industry. Scripps said earlier this month that it was notifying more than 147,000 people that their personal information was affected, though the health care system said there has been no indication that any data was used to commit fraud.


Colonial Pipeline Sued for Gas Crisis from Ransomware Attack

Permalink - Posted on 2021-06-23 16:00

Colonial Pipeline Co. was sued by a gas station seeking to represent thousands more over the ransomware attack in May that paralyzed the U.S. East Coast’s flow of gasoline, diesel and jet fuel. EZ Mart 1 LLC, a two-pump station in Wilmington, North Carolina, buys its fuel from a distributor supplied by Colonial, according to a complaint filed Monday in federal court in Georgia. Colonial’s headquarters, in Alpharetta, is the site of the “control center” where the electronic ransom note was discovered, EZ Mart says in the lawsuit, in which it seeks to represent more than 11,000 gas stations and asks for unspecified monetary damages. The hack occurred “despite advance knowledge and warnings,” and in the lead-up to the attack Colonial “repeatedly ignored and rejected efforts by the applicable regulatory agency to meet with it so as to check on its cybersecurity,” EZ Mart alleges.


Cyber Attacks on Gaming Grew 340% in Pandemic

Permalink - Posted on 2021-06-23 16:00

Gaming faced the highest growth in cyberattacks during the pandemic, according to a report by Akamai Security Research. The report showed that “relentless” web application and credential stuffing attacks targeting gamers and gaming companies persisted throughout 2020, said Steve Ragan, Akamai security researcher and author of the “State of the Internet Security report,” in an interview with GamesBeat. Akamai provides solutions for protecting and delivering digital experiences. Today, it released research showing that cyberattack traffic targeting the video game industry grew more than any other industry during the COVID-19 pandemic. The report said the video game industry faced more than 240 million web application attacks in 2020, a 340% increase over 2019.


76% of IT Decision Makers More Vulnerable to Mobile Attacks Than Just a Year Ago

Permalink - Posted on 2021-06-22 15:00

53 percent of IT decision makers admitted that it’s not possible to be prepared for all the tactics and strategies used by attackers targeting mobile devices, a survey by Sapio Research reveals. Going one step further, 38 percent claimed that it’s impossible to keep up with the pace of these attacks. The survey also found that three quarters of IT decision makers believe their organizations are more vulnerable to mobile cyberattacks than ever before. It has become clear that it isn’t a matter of if, but a matter of when.


Average Time to Fix Critical Cyber Security Vulnerabilities is 205 Days

Permalink - Posted on 2021-06-22 15:00

More than 66% of all applications used by the utility sector had at least one exploitable vulnerability open throughout the year, according to the report. Setu Kulkarni, a vice president at WhiteHat Security, said over 60% of applications in the manufacturing industry also had a window of exposure of over 365 days.


U.S. SEC Probing SolarWinds Clients Over Cyber Breach Disclosures

Permalink - Posted on 2021-06-22 15:00

The U.S. Securities and Exchange Commission (SEC) has opened a probe into last year’s SolarWinds cyber breach, focusing on whether some companies failed to disclose that they had been affected by the unprecedented hack, two persons familiar with the investigation said on Monday. The SEC sent investigative letters late last week to a number of public issuers and investment firms seeking voluntary information on whether they had been victims of the hack and failed to disclose it, said the persons, speaking under the condition of anonymity to discuss confidential investigations. The agency is also seeking information on whether public companies that had been victims had experienced a lapse of internal controls, and related information on insider trading. The agency is also looking at the policies at certain companies to assess whether they are designed to protect customer information, one of the people said.


Three-Quarters of SMBs Can't Repel Cyber Attacks

Permalink - Posted on 2021-06-22 15:00

Millions of the UK’s small businesses aren’t confident they can withstand a cyber-attack, with resources frequently diverted to other areas, according to new research from Arctic Wolf. The security operations vendor polled over 500 decision-makers in the UK working at firms with fewer than 250 employees to better understand their cyber challenges. It found that three-quarters (73%) believe their organization lacks the in-house expertise and capabilities to defend against cyber-attacks. The figure could amount to as many as 4.5 million of the UK’s SMBs, the vendor claimed. More than half (55%) of respondents said cybersecurity issues are regularly deprioritized in favor of other business goals. This is having a major impact on security operations (SecOps): two-fifths (39%) of respondents said their teams are overwhelmed by security alerts and a similar number (34%) don’t have time to investigate every alert. The findings chime with a recent Trend Micro study that revealed that over half of SecOps teams in global organizations are drowning in alerts and 55% aren’t confident in prioritizing and responding to them. As a result, 70% admitted feeling emotionally distressed by the continuous pressure. This can impact both productivity and staff churn at a time when it’s already difficult to fill key security analyst positions.


City of Liege, Belgium Hit by Ransomware

Permalink - Posted on 2021-06-22 15:00

Liege, the third biggest city in Belgium, has suffered today a ransomware attack that has disrupted the municipality’s IT network and online services. Following the attack, most of the city’s civil status and population services are down, Liege officials said on a status page today. Appointments for town halls, birth registration, wedding, and burial services have been canceled due to workers’ inability to access the city’s IT network. Online forms for event permits and paid parking are also down, officials said.


50% of Misconfigured Containers Hit by Botnets in Under an Hour

Permalink - Posted on 2021-06-22 15:00

Aqua Security on Monday reported that data it collected from honeypots protecting containers over a six-month period revealed that 50% of misconfigured Docker APIs are attacked by botnets within 56 minutes of being set up. According to the research, it takes five hours on average for the adversaries’ bots to scan a new honeypot. The fastest scan occurred after a few minutes, while the longest gap was 24 hours.


Most Organizations Would Pay in the Event of a Ransomware Attack

Permalink - Posted on 2021-06-21 16:00

Despite the Director of the FBI, the US Attorney General and the White House warning firms against paying cyber-related ransoms, 60 percent of organizations have admitted they would shell out funds in the event of an attack, according to a research from Harris Interactive. When asked how much money they would consider handing over, one in five respondents said they would consider paying 20 percent or more of their company’s annual revenue.


Only 50% of WA Government Entities Get a Pass Mark for Infosec

Permalink - Posted on 2021-06-21 16:00

The state's auditor-general is having her audits fall on deaf ears, with 42% of the WA government entities probed not addressing her previous findings and continuing to allow weaknesses on their IT systems.


Japan: Sports Club NAS and Concrete Manufacturer Ito Yogyo Both Report Ransomware Incidents

Permalink - Posted on 2021-06-21 16:00

Neither victim corporation identified the type of ransomware used, and Sports Club NAS specifically noted that they did not receive any ransom demand.


Texans Regret Opting into Power Plan That Remotely Raises Thermostat Temps

Permalink - Posted on 2021-06-21 16:00

Some Texas residents who opted into programs that remotely raise thermostat temperatures during heat waves regretted that decision last week. Power companies in multiple states offer promotions to enroll users into services that let the companies remotely adjust smart thermostats' temperatures by a few degrees when energy demand is high. These programs apparently worked as intended during a heat wave in which the Electric Reliability Council of Texas (ERCOT) requested that thermostats be set at 78°F (26°C) or higher to cut electricity use. But some residents who didn't realize what they'd signed up for were taken by surprise, according to local news reports.


Vermont Hospital Still Calculating Cost of Ransomware Attack

Permalink - Posted on 2021-06-21 16:00

Officials at Vermont’s largest hospital are still trying to determine the full financial impact of the cyberattack last October that knocked out computers affecting three hospitals in Vermont and three in New York. Scheduling and patient medical records were affected and some cancer patients faced delays in treatment. It took months for the University of Vermont Health Network to recover from the attack, estimated to cost upwards of $63 million. The network is insured for $30 million and officials are continuing to negotiate with the insurance companies, but the final cost will exceed the coverage, WCAX-TV reported.


Water Sector Security Report Released Just as Another Water Plant Hack Comes to Light

Permalink - Posted on 2021-06-21 16:00

The Water Sector Coordinating Council last week announced a new cybersecurity report focusing on water and wastewater utilities in the United States. The release of the report coincided with news that a threat actor in January attempted to poison the water at a facility in the U.S. The organization in April surveyed 606 individuals working at water and wastewater utilities in the U.S. to get a better understanding of the sector in terms of cybersecurity. According to the report made public on June 17, 356 of respondents said they did not experience any IT security incident in the past year. Three respondents said they experienced 5 or more incidents and 83 reported 1-4 incidents in the last 12 months. When it comes to cyber incidents involving operational technology (OT) systems, 410 respondents reported no incidents, 25 said they experienced 1-4 incidents, and one organization admitted suffering 5 or more incidents.


Six Flags Settles for $36 Million in Privacy Violation Case

Permalink - Posted on 2021-06-21 16:00

Theme park operator Six Flags Great America has agreed to pay $36m to settle a class-action lawsuit concerning the gathering and collection of its customers' biometric data. Filed in Lake County, Illinois, the lawsuit alleges that the use of finger-scanning equipment used at Six Flags entry gates violated the Prairie State's Biometric Privacy Act. The act regulates how companies collect and use an individual's retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Under the law, which was passed in 2008, a company must obtain an individual's written consent before gathering and storing their biometric data. A company that violates the law must pay damages of $1,000 for each negligent violation and $5,000 for each intentional or reckless violation.


Fertility Clinic Discloses Data Breach Exposing Patient Info.

Permalink - Posted on 2021-06-21 16:00

In a data breach notification issued by both RBA and its affiliate MyEggBank, RBA states that they first learned that they were hit by a ransomware attack on April 16th, 2021, when "a file server containing embryology data was encrypted and therefore inaccessible." However, they believe the attackers first gained access to their systems on April 7th and a server containing health information on April 10th.


73% of Enterprises Suffer Security and Compliance Issues Due to Internal Misalignment

Permalink - Posted on 2021-06-18 17:00

According to Enterprise Management Associates (EMA) and BlueCat’s recently published research report, nearly 3 in 4 enterprises (73%) have suffered security or compliance issues in the past year as a direct result of collaboration challenges between the cloud and networking teams. Not only do a shocking 72% of enterprises struggle to realize the full benefits of their cloud investments, but survey respondents admitted to experiencing a long list of repercussions. In the past year alone: 89% experienced IT operations challenges, such as delayed application rollouts and poor user experience; 82% suffered business problems, such as customer churn and lost revenue; 73% of surveyed organizations suffered security or compliance issues, such as regulatory fines or data leaks.


Georgia: Savannah Hospital System Experiences Outage After Ransomware Attack

Permalink - Posted on 2021-06-18 17:00

The St. Joseph’s/Candler (SJ/C) hospital system in Savannah was the victim of a ransomware attack Thursday morning. WSAV spoke with a patient who says all computers went down around 4 a.m., and nurses have been forced to keep track of medications with a pen and paper. “They can’t see our MRIs — they can’t see our information. They have the medication in the drawers, thank God, but they have to enter it manually,” said the patient, who wished to remain anonymous. “They can’t go into the computer to find out what our meds are at what time.” SJ/C officials say they became aware of “suspicious network activity” Thursday morning and took steps to immediately isolate their systems and notify law enforcement. It’s unclear at this time if personal or health information was impacted.


San Juan Regional Medical Center Notifies 68,792 Patients of Cyber Security Breach

Permalink - Posted on 2021-06-18 17:00

On June 4, 2021, San Juan Regional Medical Center (“SJRMC”) in New Mexico posted a breach notice on their web site. The notice said that SJRMC had identified unauthorized access to their network on September 8, 2020. Their subsequent investigation revealed that the threat actor removed files from the server on September 7-8, 2020.


Wegmans Notifies Customers of Database Security Breach

Permalink - Posted on 2021-06-18 17:00

Wegmans is notifying its customers of a security breach of a database that stores customer information. A statement posted to the grocery chain's website explains that the cloud database was meant for internal use only, but, due to a "configuration problem," was left open to potential outside access. Wegmans says they were notified of the issue by a third-party security researcher in mid-April. The company says the database contains customer phone numbers, addresses, email addresses, Shopper's Club Card numbers, and passwords to Wegmans.com


Sweden: Medhelp Will Pay 12 Million SEK After the 1177 Leak

Permalink - Posted on 2021-06-18 17:00

SEK 12 million in penalty fees against the company Medhelp, half a million against the Stockholm Region and SEK 250,000 against each against Sörmland and Värmland. This is the outcome of the review made by the Privacy Protection Authority in the case of the millions of 1177 calls that were left unprotected on the internet.


Lightfoot, Franklin & White Notifies Clients of Ransomware Incident

Permalink - Posted on 2021-06-18 17:00

Lightfoot, Franklin & White, LLC is a law firm based in Birmingham, Alabama that handles commercial litigation, product liability, professional liability, white-collar criminal, and other legal matters. In a copy of a notification obtained by DataBreaches.net, they forthrightly informed affected clients that there had been a ransomware incident. The firm does not indicate who the threat actors were or how much ransom they paid.


Reproductive Biology Associates and My Egg Bank Notify 38,538 Patients of Ransomware Incident

Permalink - Posted on 2021-06-18 17:00

Reproductive Biology Associates and its affiliate My Egg Bank North America issued a breach notification involving a ransomware incident that impacted the Atlanta entities. According to the notification submitted to Maine’s Attorney General’s Office and similar statements posted on their web sites, the entities first became aware of a potential data incident on April 16, 2021 when they discovered that a file server containing embryology data was encrypted and therefore inaccessible. They report that they quickly determined that this was a ransomware attack. Based on their investigation, they believe the threat actor gained access to the system on April 7 and gained access to the server with ePHI on April 10. On June 7, they determined which individuals had been impacted.


Digital Convenience Leads to Lax Security Habits Among Users

Permalink - Posted on 2021-06-18 17:00

A new IBM global report examining consumer behaviors finds an average of 15 new online accounts were created and 82% are reusing the same credentials some of the time. The survey shed light on a variety of consumer behaviors impacting the cybersecurity landscape today and moving forward. As individuals increasingly embrace digital interactions in more aspects of their lives, the survey found that many also have high expectations for ease of access and use. Attention spans have also grown more limited. Most adults (59%) expect to spend less than 5 minutes setting up a new digital account, according to the survey.


Colorado Privacy Act Passed and Awaits State Governor's Signature

Permalink - Posted on 2021-06-18 17:00

Colorado has joined California and Virginia in passing a comprehensive data privacy law to protect state residents. It has taken several amendments to get the Colorado Privacy Act over the line, but the Act was finally passed unanimously by the state Senate on June 8, 2021 and now awaits the signature of state governor Jared Polis. The Colorado Privacy Act applies to all data controllers that conduct business in Colorado that control or process the personal data of 100,000 or more Colorado resident consumers in a calendar year or derive revenue or receive a discount on the price of goods or services from the sale of personal data and process or control the personal data of 25,000 or more Colorado resident consumers.


Connecticut Legislature Enhances Data Breach Notification Law

Permalink - Posted on 2021-06-18 17:00

The Connecticut legislature has enhanced its data breach notification law, expanding the definition of personal information and shortening the maximum time frame for issuing breach notifications. The new law brings the data breach notification requirements in the state of Connecticut in line with those of other states that have recently updated their own privacy and security laws. The new data breach notification law was unanimously passed by the House of Representatives and the Senate and now awaits state Governor Ned Lamont’s signature.


Amazon Web Services Misconfiguration Exposes Half a Million Cosmetics Customers

Permalink - Posted on 2021-06-18 17:00

Hundreds of thousands of retail customers had their personal data exposed thanks to a misconfigured cloud storage account, Infosecurity has learned. A research team at reviews site WizCase traced the leaky Amazon S3 bucket to popular Turkish beauty products firm Cosmolog Kozmetik. The 20GB trove contained around 9500 files, including thousands of Excel files which exposed the personal information of 567,000 unique users who bought items from the provider across multiple e-commerce platforms. Although the research team discovered no payment information, they did find customers’ full names, physical addresses and purchase details among the leaked orders. In some cases, phone numbers and emails were also exposed.


U.K.'s Cake Box Says Customers Informed About 2020 Data Breach

Permalink - Posted on 2021-06-18 17:00

UK-based cake maker and retailer Cake Box Holdings Plc said on Thursday it had informed customers about a data breach in 2020 that might have compromised their personal information.


Oklahoma Health System Driven to EHR Downtime Due to Ransomware

Permalink - Posted on 2021-06-18 17:00

Stillwater Medical Center was hit with a ransomware attack on June 13 and is currently operating under electronic health record downtime as it attempts to bring its systems back online. The health system operates a number of care sites, specialist offices, hospitals and clinics in Oklahoma. According to the health care provider, the IT team quickly moved to ensure the security of the environment after the incident impacted access to certain systems.


Ransomware: Too Many Firms Are Still Willing to Pay Up If Attacked

Permalink - Posted on 2021-06-18 17:00

Over half of organisations would pay the ransom if they fell victim to a ransomware attack – despite repeated warnings that they shouldn't encourage cyber criminal extortion. Research by the Neustar International Security Council (NISC) found that six in ten organisations would pay cyber criminals for the decryption key in the event of a ransomware attack, according to its survey of 300 workers in 'senior positions'. That's despite the likes of The White House, the UK Home Office, law enforcement and cybersecurity experts warning that paying the ransom should be avoided because it signals to ransomware operations that their extortion schemes work.


Most Firms Face Second Ransomware Attack After Paying Off First

Permalink - Posted on 2021-06-18 17:00

Some 80% of businesses that choose to pay to regain access to their encrypted systems experience a subsequent ransomware attack, amongst which 46% believe it to be caused by the same attackers.


SEC Settles with First American Over Massive Data Leak for Nearly $500,000

Permalink - Posted on 2021-06-18 17:00

The Securities and Exchange Commission announced Tuesday that it has settled charges with First American Financial over its 2019 leak of sensitive customer information that exposed more than 800 million document images. Under the terms of the deal, the heavyweight real estate title insurance company will pay a $487,616 fine. The SEC had charged the company with inadequately disclosing the cybersecurity vulnerability that exposed the information. The digitized records included things like Social Security numbers and bank account statements.


Gateley Suffers Data Breach Following Security Incidentnt

Permalink - Posted on 2021-06-18 17:00

UK listed law firm Gateley said that it has suffered a cyberattack, according to a filing to the London Stock Exchange on Wednesday. The firm said it was managing a ‘cyber security incident’ after discovering that its systems had been breached by a ‘now known external source’.


Carnival Cruise Line Reports Security Breach

Permalink - Posted on 2021-06-17 17:00

Cruise ship operator Carnival Corp. said this week it recently detected a breach of its systems and as a result, data belonging to customers and employees may have been exposed. According to multiple news reports, Carnival detected the intrusion in March and alerted regulators. The company hired a cybersecurity firm to assist with the investigation. Reports say personal information belonging to guests, employees, and crew for Carnival Cruise Line, Holland America Line, Princess Cruises and medical operations was affected.


SEIU 775 Benefits Group Data Breach Impacts 140,000 Individuals

Permalink - Posted on 2021-06-16 16:00

A benefits administrator for home healthcare and nursing home workers, Service Employees International Union 775 (SEIU 775) Benefits Group, has experienced a cyberattack that resulted in the deletion of sensitive data. IT staff detected anomalies within SEIU 775’s data systems on or around April 4, 2021, which included the deletion of certain data. An investigation was launched into the malicious activity, led by third-party cybersecurity experts and forensic consultants. The investigation confirmed that its systems had been hacked and the data of unknown individuals had been deleted, including personally identifiable and protected health information. While information was deleted, no evidence was found to indicate any PII or PHI was viewed or acquired by the attackers and there have been no reported cases of misuse of data.


Australia: UnitingCare Paid Hundreds of Thousands of Dollars to REvil for Decryption Key and Deletion of Files

Permalink - Posted on 2021-06-16 16:00

On April 25, UnitingCare Queensland (UCQ) was the victim of a ransomware attack that impacted multiple Queensland hospitals and aged care centres. The next day, they posted a notice on their web site informing people as to what was happening and its impact. But their subsequent (and most recent) update of June 10 provided no update on whether they had determined whether any patient, employee, customer, or vendor data was exfiltrated or compromised. Nor did they disclose whether UnitingCare paid any ransom demand. DataBreaches.net can now report that UnitedCaring has reason to believe that patient data and personal information were compromised. And this site can now report that UnitedCaring paid REvil ransom to get a decryption key and to get assurances that all files would be deleted. UnitedCaring did not pay as much ransom as the threat actors originally demanded, but they did pay hundreds of thousands of dollars.


Thai Government "Apologizes" for Data Leak

Permalink - Posted on 2021-06-16 16:00

The Thai government has released a statement apologising for the data leak on Monday which saw people who registered for a Covid vaccine have their personal information revealed. The government says there was a “temporary glitch” on the thailandintervac.com vaccination booking website and the error was because of “urgent system maintenance”. Soon after the website launched, multiple expats complained that they could see and edit the personal information of other people registering because the information appeared on the web page.


Over a Billion Records Belonging to CVS Health Exposed Online

Permalink - Posted on 2021-06-16 16:00

On Thursday, WebsitePlanet, together with researcher Jeremiah Fowler, revealed the discovery of an online database belonging to CVS Health. The database was not password-protected and had no form of authentication in place to prevent unauthorized entry. Upon examination of the database, the team found over one billion records that were connected to the US healthcare and pharmaceutical giant, which owns brands including CVS Pharmacy and Aetna. The database, 204GB in size, contained event and configuration data including production records of visitor IDs, session IDs, device access information -- such as whether visitors to the firm's domains used an iPhone or Android handset -- as well as what the team calls a "blueprint" of how the logging system operated from the backend.


Alibaba Falls Victim to Chinese Web Crawler in Large Data Leak

Permalink - Posted on 2021-06-16 16:00

A Chinese software developer trawled Alibaba Group Holding Ltd. ’s popular Taobao shopping website for eight months, clandestinely collecting more than 1.1 billion pieces of user information before Alibaba noticed the scraping, a Chinese court verdict said. The software developer began using web-crawling software he designed on Taobao’s site starting in November 2019, gathering information including user IDs, mobile-phone numbers and customer comments, according to a verdict released this month by a district court in China’s central Henan province. When Alibaba noticed the data leaks from Taobao, one of China’s most-visited online retail sites, the company informed the police, the court said. A spokeswoman said Alibaba proactively discovered and addressed the incident and was working with law enforcement to protect its users. She wouldn’t elaborate on how many people were affected. No user information was sold to a third party and no economic loss occurred, she said. About 925 million people use Alibaba’s Chinese retail platforms at least once a month, according to the company.


Texas Joins Other States with New Texas Data Breach Notification Requirement

Permalink - Posted on 2021-06-16 16:00

The Texas amendment may indicate a growing trend towards increased information sharing in an effort to prevent future data breaches. On the federal level, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has implemented several programs in the past year to promote information sharing and awareness.


Security Flaw Discovered In Peloton Equipment

Permalink - Posted on 2021-06-16 16:00

A vulnerability in the Peloton Bike+ could have allowed an attacker to remotely spy on users, McAfee's Advanced Threat Research (ATR) team found. The bug, which has already been addressed through a mandatory patch issued to affected devices worldwide, could have given an attacker remote root access to the Peloton tablet. Researchers note a threat actor would have required physical access to the equipment in order to take advantage of the flaw.


SEC Settles Enforcement Action for Disclosure Controls Violations Stemming from Data Security Incident

Permalink - Posted on 2021-06-15 17:00

The SEC has settled an enforcement action against a large title insurer in connection with public statements and disclosures made by the company in May 2019 relating to a data security incident. The underlying data security incident was the subject of the first set of charges brought by the New York Division of Financial Services (NYDFS) under its cybersecurity regulations in 2020, and involved an application vulnerability that allegedly exposed sensitive personal information dating back to 2003 and was first publicly reported in May 2019 by the media. The SEC’s settlement order relates to the issuer’s handling of its disclosures of the incident under federal securities laws, rather than the underlying vulnerabilities alleged by the NYDFS against the NYDFS-regulated covered entity in its charges under state financial regulations. The SEC imposed a fine of approximately $487,000 for violations of Rule 13a-15(a). The NYDFS has scheduled a hearing for August 16, 2021 regarding its original statement of charges, which the company has said it is fighting. The SEC order alleged disclosure controls and procedures violations under Rule 13a-15(a), which requires every issuer of a security registered under Section 12 of the Exchange Act to maintain disclosure controls and procedures designed to ensure that information required to be disclosed by an issuer is “recorded, processed, summarized, and reported” within the requisite time periods. Here, the Commission alleged that the company “did not have any disclosure controls and procedures related to cybersecurity, including incidents involving potential breaches of data.”


South Korea: HMM Email Systems Hit by Cyber Virus Attack

Permalink - Posted on 2021-06-15 17:00

South Korean shipping company HMM has confirmed its email systems continue to be impacted by a virus attack on 12 June.


Wisconsin: Menominee Casino Resort Temporarily Closes After Cyber Attack

Permalink - Posted on 2021-06-15 16:00

The Menominee Casino Resort confirms it’s experiencing technical difficulties following a cyberattack. A statement from the casino said the issues were caused by an “attempted external attack on our computer systems.” Tribal Legislature Chairman Gunnar Peters told NBC 26 the security breach happened Friday.


Colorado: Cedaredge Company Fned for Not Securing Customer Data

Permalink - Posted on 2021-06-15 16:00

A Cedaredge-based mobile home management company has been fined $25,000 for failing to secure its customers data. The Colorado Attorney General’s Office announced the fine and an agreement for Impact MHC to implement new data security measures after a 2018 data breach. According to a news release, the breach exposed sensitive information belonging to 15,000 people.


100% Increase in Daily DDoS Traffic in 2020 as Potential Grows for 10 Tbps Attack

Permalink - Posted on 2021-06-15 16:00

Nokia Deepfield has discovered a 100% increase in daily DDoS peak traffic between Jan 2020 and May 2021. Nokia's IP network and data analytics arm was able to conduct a fingerprint and origin analysis of network traffic through their work with global service providers, webscale companies and digital enterprises. Craig Labovitz, CTO of Nokia Deepfield, unveiled the findings of the global DDoS traffic analysis at NANOG82 this week. The analysis found that there has been a massive increase in high-bandwidth, volumetric DDoS attacks, the majority of which originate from just a few dozen hosting companies. Labovitz told ZDNet that conventional wisdom generally says that DDoS attacks originate from all over the Internet, and that DDoS is impossible to block at the source.


Nationally-Known Australian Company Lawyered Up to Resist ASD Help

Permalink - Posted on 2021-06-15 17:00

The hacked company resisted Australian Signals Directorate involvement for weeks, and accepted only generic advice. Three months later, they were reinfected.


IKEA Fined $1.2 Million for Spying on Employees

Permalink - Posted on 2021-06-15 17:00

Swedish furnishing conglomerate IKEA has been fined €1m ($1.2m) for illegally spying on its employees in France and storing their data. The fine was ordered by a French court on Tuesday after a criminal probe launched in 2012 found that IKEA France had created an elaborate "spying system" to snoop on staff and on customers who had opened disputes.


Ransomware Attacks Continue to Surge, Hitting a 93% Increase Year Over Year

Permalink - Posted on 2021-06-15 16:00

Year over year, since June 2020, the industry sectors that are currently experiencing the highest increase of ransomware attack attempts globally are Education, which saw a 347% increase, Transportation, which saw a 186% increase, then the Retail/Wholesale sector, which suffered a 162% increase, and then the Healthcare sector, which experienced a 159% increase since June 2020. From the beginning of 2021, the “Consultancy” domain saw a 126% rise in attacks, followed by the education/research sector that experienced an 81% increase in attacks, followed by the transportation & Government/military sectors that saw an 80% & 75% increase in attacks.


VPN Attacks Up Nearly 2000% as Companies Embrace a Hybrid Workplace

Permalink - Posted on 2021-06-15 16:00

In Q1 2021, there was a 1,916% increase in attacks against Fortinet’s SSL-VPN and a 1,527% increase in Pulse Connect Secure VPN.


Microsoft: Scammers Bypass Office 365 MFA in BEC Attacks

Permalink - Posted on 2021-06-15 16:00

Microsoft 365 Defender researchers have disrupted the cloud-based infrastructure used by scammers behind a recent large-scale business email compromise (BEC) campaign. The attackers compromised their targets' mailboxes using phishing and exfiltrated sensitive info in emails matching forwarding rules, allowing them to gain access to messages relating to financial transactions.


Largest U.S. Propane Distributor Discloses Data Breach

Permalink - Posted on 2021-06-15 16:00

This month, AmeriGas has issued a data breach notification letter to the New Hampshire Attorney General's Office. The data breach, however, originated at J. J. Keller, a vendor responsible for providing Department of Transportation (DOT) compliance services to AmeriGas. These services include helping AmeriGas with conducting driving record checks, drug and alcohol testing for drivers, and other DOT-imposed regulatory checks. On May 10th, J. J. Keller detected suspicious activity on their systems associated with a company email account.


1 in 3 Employees Has Picked Up Bad Cyber Security Habits Since Working Remotely

Permalink - Posted on 2021-06-15 16:00

A new report from human layer security company Tessian reveals that most IT leaders (56%) believe their employees have picked up bad cybersecurity behaviors since working from home. As organizations make plans for the post-pandemic hybrid workforce, Tessian’s Back to Work Security Behaviors report reveals how security behaviors have shifted during the past year, the challenges as organizations transition to a hybrid work model, and why a fundamental shift in security priorities is required. According to the report, younger employees are most likely to admit they cut cybersecurity corners, with over half (51%) of 16-24 year olds and almost half (46%) of 25-34 year olds reporting they’ve used security workarounds. In addition, two in five (39%) say the cybersecurity behaviors they practice while working from home differ from those practiced in the office, with half admitting it’s because they feel they were being watched by IT departments. IT leaders are optimistic about the return to office, though, with 70% believing staff will more likely follow company security policies around data protection and privacy. However, only 57% of employees think the same.


Chip Shortages Lead to More Counterfeit Chips and Devices

Permalink - Posted on 2021-06-14 16:00

Beginning with the first Wuhan quarantine in January 2020, the COVID-19 pandemic hit the world from both sides of the law of supply and demand. Independent Distributors of Electronics Association (IDEA) founder Steve Calabria believes this two-fisted squeeze will spawn a surge in counterfeit electronics, with consequences for longevity and reliability of equipment built with substandard components. Calabria tells ZDNet that "worldwide shortages have opened the door for criminals to exploit the electronic component marketplace," adding that he's already seeing early signs of trouble. "Companies that have never been rated by any other company in the industry [are] showing significant quantities of parts that are in shortage."


Brazil: Macaé Municipality Points to Ransomware-Type Cyber Attack

Permalink - Posted on 2021-06-14 16:00

Macaé City Hall was the target of a cyber attack on the 3rd of June, the Corpus Christi holiday. Malware has hit network file servers, systems and databases. The Assistant Secretary of Science and Technology sent a memorandum to the Municipal Attorney General requesting that the necessary legal measures be taken. The document also requests that an incident report be made to the Police Office for the Repression of Computer Crimes (DRCI).


Irish Police to Be Given Powers Over Passwords

Permalink - Posted on 2021-06-14 16:00

Irish police will have the power to compel people to provide passwords for electronic devices when carrying out a search warrant under new legislation. The change is part of the Garda Síochána Bill published by Irish Justice Minister Heather Humphreys on Monday. Gardaí will also be required to make a written record of a stop and search. This will enable data to be collected so the effectiveness and use of the powers can be assessed.


54% of Senior Executives Struggling to Keep Up with Threat Landscape

Permalink - Posted on 2021-06-14 16:00

According to a new report by Fujitsu, more than half (54%) of senior executives have struggled to adapt security policies to changes in the threat landscape and working practices. The survey, which Fujitsu carried out in September 2020, provides further evidence that many organizations are at higher risk of cyber-attacks due to the shift to remote working during COVID-19, with cyber-criminals taking advantage of the rising number of connections and devices to target corporate systems. The findings also indicated that current cybersecurity training techniques are not suited to the current situation. Close to two-thirds (61%) of employees surveyed said they believe their security training is ineffective, while around three-quarters (74%) of non-technical staff do not find it engaging enough. Additionally, 32% thought their company’s training courses were too long, and 35% said it was too boring or technical. These feelings may be partly explained by many organizations having a standardized approach to cybersecurity training: 60% of senior executives surveyed for the study admitted that all employees in their business receive the same type of training irrespective of the type of function they perform. Senior executives also recognized a degree of apathy among their employees when it comes to cybersecurity, with 45% stating that most people in their organization believe this has nothing to do with them.


Puerto Rico: LUMA Energy Power Supply Disrupted After DDoS Attack

Permalink - Posted on 2021-06-14 16:00

The same day the blackout took place, the company announced that a major DDoS attack disrupted its online services.


Phishing Maintained Near-Record Levels in the First Quarter of 2021

Permalink - Posted on 2021-06-14 16:00

The number of reported phishing websites peaked in January 2021 with an all-time high of 245,771 before declining later in the quarter. Still, March suffered more than 200,00 such attacks, the fourth-worst month in APWG’s reporting history.


Baby Clothes Giant Carter's Leaks 410K Customer Records

Permalink - Posted on 2021-06-11 17:00

Baby clothes retailer Carter’s inadvertently exposed the personal data of hundreds of thousands of its customers, dating back years, according to a new disclosure. The issue started with Linc, which is a vendor the company used to automate purchases online, according to analysts with vpnMentor who first discovered the issue. The Linc system was delivering customers shortened URLs with Carter’s purchase and shipping details without basic security protections. The links contained everything from purchase details to tracking information and more.


REvil Hits U.S. Nuclear Weapons Contractor

Permalink - Posted on 2021-06-11 17:00

Sol Oriens, a subcontractor for the U.S. Department of Energy (DOE) that works on nuclear weapons with the National Nuclear Security Administration (NNSA), last month was hit by a cyberattack that experts say came from the relentless REvil ransomware-as-a-service (RaaS) gang. The Albuquerque, N.M. company’s website has been unreachable since at least June 3, but Sol Oriens officials confirmed to Fox News and to CNBC that the firm became aware of the breach sometime last month.


Five Rivers Health Centers Phishing Attack Affects Almost 156,000 Patients

Permalink - Posted on 2021-06-11 17:00

Ohio-based Five Rivers Health Centers has notified 155,748 patients that some of their protected health information was stored in email accounts that have been accessed by an unauthorized individual following a phishing attack. It is unclear when the breach was discovered, but Five Rivers Health Centers reports that following an extensive forensic investigation into the cyberattack and a manual document review, it discovered on March 31, 2021, that the breached email accounts contained patients’ personal and health information. The forensic investigation confirmed that the email accounts had been breached between April 1, 2020, and June 2, 2020. Notification letters were sent to affected patients on May 28, 2021 – More than a year after the first email accounts were breached.


Volkswagen America Discloses Data Breach Impacting 3.3 Million

Permalink - Posted on 2021-06-11 17:00

More than 3.3 million individuals were impacted in the incident. According to VWGoA, for “over 97% of the individuals, the exposed information consists solely of contact and vehicle information relating to Audi customers and interested buyers.” For roughly 90,000 Audi customers, or individuals interested in making a purchase, the leaked data also includes information on eligibility for a purchase, loan, or lease. In most cases (over 95%), this includes driver’s license numbers.


Arizona Asthma and Allergy Institute Provides Notice of Maze Attack in 2020

Permalink - Posted on 2021-06-11 17:00

An incident initially reported to HHS on May 3 has been updated to 70,372 patients from the initial report of 50,000. The following is the entity’s notice on their web site, and after you read it, I’ll meet you on the other side to explain it more, because they only discovered the breach when DataBreaches.net contacted them.


Cost of Ransomware Attack on Baltimore County Public Schools Climbs to $7.7M

Permalink - Posted on 2021-06-11 17:00

Baltimore County school officials estimate the ransomware attack in November will cost the system at least $7.7 million, nearing what Baltimore City spent following a similar attack in 2019. The estimated costs cover a wide range of programs, services, trainings and licenses that helped Maryland’s third-largest school system respond to and recover from the attack, which took place the day before Thanksgiving and canceled two days of online classes for 111,000 students.


Ohio: Five Rivers Health Centers Notified 155,748 Patients After Phishing Incident

Permalink - Posted on 2021-06-11 17:00

On May 28, Five Rivers Health Centers in Ohio notified HHS about a data security incident that impacted 155,748 patients. The following is their media notice, linked from the home page of their web site if you can find it (see attached, where I highlighted the location of the link on their home page). DataBreaches.net notes that they do not say when they first discovered the breach or how they discovered it.


DDoS Attacks Increase 341% Amid Pandemic

Permalink - Posted on 2021-06-11 17:00

During the pandemic, cyber attackers targeted industries providing connectivity, services and entertainment to populations forced to shelter-in-place, resulting in a 341% year-over-year increase in distributed denial-of-service (DDoS) attacks, according to Nexusguard.


Cox Media Group Hit by Major Cyber Attack

Permalink - Posted on 2021-06-11 17:00

According to two people familiar with the matter, Cox Media Group's television and radio stations in the US were the targets of a cyberattack last week, with some stations still suffering the consequences. According to one of the sources, federal law enforcement is investigating the attack. Staff at two stations say several systems are still down this week, including access to their digital video collection. Weather computers were also down at least two stations.


Food Service Supplier Edward Don Hit by a Ransomware Attack

Permalink - Posted on 2021-06-11 17:00

Edward Don has not publicly disclosed the attack at this time, but employees have stated that they cannot accept new orders until the systems are brought back online. As Edward Don is one of the leading distributors of food service supplies, this attack will cause a significant disruption in the supply chain for hospitals, restaurants, hotels, and bars.


Hackers Steal Data from McDonald's in U.S., South Korea and Taiwan

Permalink - Posted on 2021-06-11 17:00

McDonald's told U.S. employees in a message Friday that business contact information for U.S. employees and franchisees, as well as details about restaurants — such as seating capacity and the square footage of play areas — had been disclosed through the breach. In South Korea and Taiwan, hackers stole customer and employee emails, phone numbers, and addresses, McDonald's said.


Britian: Schools Forced to Shut Following Critical Ransomware Attack

Permalink - Posted on 2021-06-10 17:00

Two schools in the south of England have been forced to temporarily close their doors after a ransomware attack that encrypted and stole sensitive data. The Skinners' Kent Academy and Skinners' Kent Primary School were attacked on June 2, according to a statement on the trust’s website which said it is currently working with third-party security experts, the police and the National Cyber Security Centre (NCSC). It revealed that on-premise servers were targeted at the Tunbridge Well-based schools. As student and staff emergency contact details, medical records, timetables and registers were encrypted by the attackers, the decision was taken to close on Monday.


Humana and Cotiviti Facing Class Action Lawsuit Over Data Breach

Permalink - Posted on 2021-06-10 17:00

The Louisville, KY-based health insurance and healthcare provider Humana and its business associate Cotiviti are facing legal action over a data breach discovered in late December 2020. On May 26, 2021, a lawsuit was filed in the U.S. District Court for the Western District of Kentucky over the mishandling of Humana insurance plan members’ medical records. Humana had contracted with Cotiviti to handle medical records requests to send to the HHS’ Centers for Medicare and Medicaid Services (CMS). Cotiviti had subcontracted some of the work to Visionary Medical Systems Inc.


France: Camaïeu Retailer and Municipality of Pont-Saint-Esprit by Security Incidents

Permalink - Posted on 2021-06-10 17:00

Marc Grosclaude of La Voix du Nord reports that retailer Camaïeu was hit by a cyberattack that has left it with stocks running low and difficulty in replenishing stock with computer systems affected.


Arnoff Moving & Storage Data Breach Revealed Customer Information

Permalink - Posted on 2021-06-10 17:00

Arnoff Moving & Storage customers may have had their data stolen by hackers as part of a breach, the company said. The company could not say how many customers may have been impacted, how long ago the data may be from, or if the breach was limited to its regional Mid Hudson Valley branches. While the Poughkeepsie-based company serves Dutchess, Orange, Ulster and Putnam counties, it also has offices in the Capital region, western Connecticut and Massachusetts, and Florida, according to its site. The alleged hackers posted to a website what they claim are examples of the private information stolen, including forms that have names, contact information and credit card numbers.


South Korea's Data Watchdog Barks Warnings at Microsoft and Five Local Firms

Permalink - Posted on 2021-06-10 17:00

Microsoft and five other companies have received fines totaling US$75K from South Korea's Personal Information Protection Commission (PIPC), for running afoul of local data protection laws. The Commission fined Microsoft 16.4 million won (US$14,700) for failing to have protective measures on administrative accounts that led to the leak of over 119,000 email accounts, 144 of which belonged to South Korean residents. Furthermore, when Microsoft announced the leaks, it did so within 24 hours of the incident in English but not until 11 days later in Korean. The PPIC said Korean users should be notified in Korean. South Korean web giant company Kakao’s blockchain subsidiary Ground X and software company Innovation Academy were each handed 25 million won (US$22,400) in penalties for general privacy naughtiness. Ground X was slapped with an extra six million won (US$5,400) fine for not protecting passwords and Innovation Academy wore three million won (US$2,700) for a data leak.


54% of All Employees Reuse Passwords Across Multiple Work Accounts

Permalink - Posted on 2021-06-10 17:00

Data shows that since the start of the pandemic employees have been engaging in poor cybersecurity practices on work-issued devices, with business owners and C-level executives proving to be the worst culprits. At the same time, enterprises are falling short on cybersecurity best practices that need to be implemented for out-of-office environments. Less than a quarter of respondents admit to even implementing 2FA since the start of the pandemic and even then, many are using less secure and less user-friendly forms of 2FA like mobile authentication apps and SMS one-time passcodes. 54% of all employees use the same passwords across multiple work accounts. 22% of respondents still keep track of passwords by writing them down, including 41% of business owners and 32% of C-level executives. 42% of respondents admit to using work-issued devices for personal reasons daily while working from home. Of these, 29% are using work devices for banking and shopping, and 7% admit to watching illegal streaming services. Senior workers are among the biggest offenders, as 44% of business owners and 39% of C-level executives admit to performing personal tasks on work-issued devices every day since working from home, with 23% of business owners and 15% of C-level respondents using them for illegal streaming/watching TV. A year after the pandemic began and work-from-home policies were implemented, 37% of all employees across all sectors are yet to receive cybersecurity training to work from home, leaving businesses largely exposed to evolving risks. 43% of all employees suggest that cybersecurity isn’t the responsibility of the workforce, with 60% believing this should be handled by IT teams.


Meat Processor JBS Paid $11 Million in Ransom to Hackers

Permalink - Posted on 2021-06-10 17:00

The world’s largest meat processor said on Wednesday that it paid an $11 million ransom in Bitcoin to the hackers behind an attack that forced the shutdown last week of all the company’s U.S. beef plants and disrupted operations at poultry and pork plants. The company, JBS, said in a statement that the decision to pay the ransom was made to protect its data and hedge against risk for its customers. The company said most of its facilities were back up and running when the payment was made.


Hackers Breach Gaming Giant Electronic Arts, Steal Game Source Code

Permalink - Posted on 2021-06-10 17:00

Hackers have breached the network of gaming giant Electronic Arts (EA) and claim to have stolen roughly 750 GB of data, including game source code and debug tools. EA confirmed the data breach in a statement sent to BleepingComputer saying that this "was not a ransomware attack, that a limited amount of code and related tools were stolen, and we do not expect any impact to our games or our business." BleepingComputer spoke to the threat actor selling EA's data who claims to have stolen the full FIFA source, EA game clients, and points used as in-game currency.


Spain's Ministry of Labor and Social Economy Hit by Cyber Attack

Permalink - Posted on 2021-06-09 18:00

The Spanish Ministry of Labor and Social Economy (MITES) is working on restoring services after being hit by a cyberattack on Wednesday. While the ministry's website is still up after the attack, both the communications office and the multimedia room are down.


Settlement to Resolve Nebraska Medicine Data Breach Lawsuit Receives Preliminary Approval

Permalink - Posted on 2021-06-09 18:00

In September 2020, Nebraska Medicine and the University of Nebraska Medical Center discovered their systems had been hacked and malware had been downloaded to its network that gave hackers access to the protected health information of up to 219,000 individuals. The attack forced Nebraska Medicine to shut down its systems causing disruption to operations.


Taiwan Kadokawa Notifies Consumers While Responding to Ransomware Attack

Permalink - Posted on 2021-06-09 18:00

Taiwan Kadokawa Co, is part of the Kadokawa corporation group of companies. On June 3, they discovered they had been attacked. In a subsequent press release of June 4 and statement, they explained what appears to be a ransomware attack.


Humana Sued in Federal Court Over Apparent Data Breach

Permalink - Posted on 2021-06-09 18:00

A Humana Inc. customer filed a class-action lawsuit in federal court against the Louisville-based health insurance and health care provider. The suit, filed in the U.S. District Court for the Western District of Kentucky, alleges that a company called Visionary Medical Systems Inc. mishandled sensitive patient data, exposing the data to public access on the internet.


SmartSearch Issues Warning Over Risk of GDPR Breach

Permalink - Posted on 2021-06-09 18:00

Anti-money laundering specialist SmartSearch said regulated businesses in the housing chain which are relying on manual customer records risk non-compliance more than three years after the GDPR laws came into force in the UK. John Dobson, CEO at SmartSearch explained even after this time had lapsed a lot of firms did not have procedures in place to protect customer details. This, he said, had been exacerbated with the disruption caused by the coronavirus outbreak.


MoviePass Operators Settle Data Security Allegations

Permalink - Posted on 2021-06-08 17:00

The operators of subscription service MoviePass have agreed to settle Federal Trade Commission allegations of fraud and data security failures. Under the proposed settlement, MoviePass, Helios, former MoviePass CEO Mitchell Lowe, and former Helios CEO Theodore Farnsworth will be barred from misrepresenting their business and data security practices. The order also states that any businesses controlled by MoviePass, Helios, or Lowe must implement comprehensive information security programs.


Third-Party Phishing Attack Affects Up to 34,862 Lafourche Medical Group Patients

Permalink - Posted on 2021-06-08 17:00

Lafourche Medical Group, a Louisiana-based urgent care center operator, has notified 34,862 patients about a security breach that potentially involved some of their protected health information. On March 30, 2021, Lafourche Medical Group learned that an external accountant had responded to a phishing email that spoofed one of the owners of Lafourche Medical Group and disclosed login credentials to the attacker. The compromised credentials were used to gain access to the group’s Microsoft 365 environment.


Texas Passes Bill Establishing "Wall of Shame" for Data Breaches

Permalink - Posted on 2021-06-08 17:00

On May 31, 2021, the Texas Legislature approved House Bill 3746, which seeks to amend the Texas Business and Commerce Code § 521.053 relating to certain notifications required following a breach of security of computerized data. Notably, the bill directs the Texas attorney general to post on its website a public listing of received data security breach notifications (for any breach involving at least 250 Texas residents) and then update the listing on a monthly basis.


Germany: Pearl Tkes Online Shop Offline After Cyber Attack

Permalink - Posted on 2021-06-08 17:00

On June 5, 2021, the IT systems of Pearl GmbH were attacked by hackers who had access to servers and virtual machines,” writes the company from Buggingen in Baden-Württemberg, without giving any information on whether it was on the extorted train of a ransomware attack.


Unauthorized Access Accounts for 43% of All Breaches Globally

Permalink - Posted on 2021-06-08 17:00

There has been a 450% surge in breaches containing usernames and passwords globally, according to a ForgeRock report. Researchers also found unauthorized access was the leading cause of breaches for the third consecutive year, increasing year-over-year for the past two years, accounting for 43% of all breaches in 2020.


F.B.I. Investigates Cyber Attack That Targeted N.Y.C. Law Department

Permalink - Posted on 2021-06-08 17:00

An early clue that something was amiss with the computers at New York City’s Law Department — the 1,000-lawyer agency that represents the city in court — emerged on Monday when a lawyer for the department wrote to a federal judge in Manhattan, asking for a short delay in filing court papers because of “connectivity” problems. “No one is currently able to log on to the Law Department’s computer system,” the lawyer, Katherine J. Weall, wrote. Later in the day, city officials revealed the cause of the problem: They had been forced to disable the Law Department’s computer network on Sunday afternoon after detecting a cyberattack. That attack is now under investigation by the intelligence bureau of the New York Police Department and the F.B.I.’s cyber task force, the officials said.


Largest Password Compilation of All Time Leaked Online with 8.4 Billion Entries

Permalink - Posted on 2021-06-08 17:00

What seems to be the largest password collection of all time has been leaked on a popular hacker forum. A forum user posted a massive 100GB TXT file that contains 8.4 billion entries of passwords, which have presumably been combined from previous data leaks and breaches. According to the post author, all passwords included in the leak are 6-20 characters long, with non-ASCII characters and white spaces removed. The same user also claims that the compilation contains 82 billion passwords. However, after running our own tests, the actual number turned out to be nearly ten times lower – at 8,459,060,239 unique entries.


Ransomware Struck Another Pipeline Firm — and 70GB of Data Leaked

Permalink - Posted on 2021-06-08 17:00

A group identifying itself as Xing Team last month posted to its dark web site a collection of files stolen from LineStar Integrity Services, a Houston-based company that sells auditing, compliance, maintenance, and technology services to pipeline customers. The data, first spotted online by the WikiLeaks-style transparency group Distributed Denial of Secrets, or DDoSecrets, includes 73,500 emails, accounting files, contracts, and other business documents, around 19 GB of software code and data, and 10 GB of human resources files that includes scans of employee driver's licenses and Social Security cards.


Computer Memory Maker ADATA Hit by Ragnar Locker Ransomware

Permalink - Posted on 2021-06-08 17:00

The Taiwanese memory manufacturer took down all impacted systems after detecting the attack and notified all relevant international authorities of the incident to help track down the attackers. "ADATA was hit by a ransomware attack on May 23rd, 2021," the company told BleepingComputer in an email statement today.


California City Hid Cyber Attack

Permalink - Posted on 2021-06-07 16:00

A California city whose police department recently revealed it had been victimized by cyber-criminals has now acknowledged it suffered an earlier cyber-attack in 2018. Azusa's 63-officer police department was targeted by the DoppelPaymer ransomware gang late last winter. The attack was kept secret while officials worked with the FBI, Los Angeles County Sheriff’s Department, and ransomware consultants to try to retrieve hundreds of highly sensitive files encrypted in the incident. In April, a stash of the department's documents was leaked online after the city elected not to pay the ransom demanded by the gang. Among the information leaked were criminal case files and payroll data containing Social Security numbers, driver’s license numbers, medical information, and financial account information. The city finally publicly acknowledged the hack on May 27 to coincide with the start of Memorial Day weekend, when America's attention typically flits away from the news cycle and toward outdoor social activities and honoring the fallen.


Australia: NSW Health Confirms Data Breached Due to Accellion Vulnerability

Permalink - Posted on 2021-06-07 16:00

The NSW Police Force and Cyber Security NSW have set up Strike Force Martine to determine the impact on NSW government agencies that were caught up in the attack on Accellion.


Australians Lose Record Amount to Scams in 2020

Permalink - Posted on 2021-06-07 16:00

Australians lost a record $851 million to scams in 2020, according to a new report from the Australian Competition and Consumer Commission (ACCC). Investment scams accounted for the biggest losses at $328 million, making up more than a third of total losses. Romance scams were the next biggest category, costing Australians $131 million, while payment redirection scams resulted in $128 million of losses. Meanwhile, health and medical scams increased more than 20-fold compared to 2019, accounting for over $3.9 million in losses. Phishing activity also thrived during the pandemic, especially through government impersonation scams. There were over 44,000 reports of phishing scams, representing a 75% increase.


U.S. Truck and Military Vehicle Maker Navistar Discloses Data Breach

Permalink - Posted on 2021-06-07 16:00

Navistar International Corporation (Navistar), a US-based maker of trucks and military vehicles, says that unknown attackers have stolen data from its network following a cybersecurity incident discovered on May 20, 2021. The company disclosed the attack in an 8-K report filed with the Securities and Exchange Commission (SEC) on Monday.


Phishing Trends Show X-Rated Themes Have Skyrocketed 974%

Permalink - Posted on 2021-06-07 16:00

“Between May 2020 and April 2021, the number of such attacks increased 974%,” the researchers write. “These attacks reach across a broad spectrum of industries and appear to target based on male-sounding usernames in company email addresses.” The researchers note that in addition to stealing information, the attackers can also return to blackmail victims.


U.K. Special Forces Soldiers' Personal Data was Floating Around WhatsApp in a Leaked Army Spreadsheet

Permalink - Posted on 2021-06-04 17:00

An astonishing data security blunder saw the personal data of Special Forces soldiers circulating around WhatsApp in a leaked British Army spreadsheet. The document, seen by The Register, contained details of all 1,182 British soldiers recently promoted from corporal to sergeant – including those in sensitive units such as the Special Air Service, Special Boat Service and the Special Reconnaissance Regiment. Special Forces soldiers’ identities are supposed to be protected from public disclosure in case terrorists target them or their families. Yet yesterday an Excel file was freely being passed around on WhatsApp groups after being leaked from inside the Ministry of Defence.


UF Health Florida Hospitals Back to Pen and Paper After Cyber Attack

Permalink - Posted on 2021-06-04 17:00

UF Health Central Florida has suffered a reported ransomware attack that forced two hospitals to shut down portions of their IT network. While UF Health would not shed further light on the attack, Villages-News reports that the hospitals were affected by a ransomware attack that has forced employees to switch back to pen and paper.


Britian: Retailer Furniture Village Confirms Cyber Attack as Systems Outage Rolls into Day 7

Permalink - Posted on 2021-06-04 17:00

Furniture Village – the UK's largest independent furniture retailer with 54 stores nationwide – has been hit by a "cyber-attack", the company confirmed to The Register. Details are still sketchy, but it emerged late last week that some of the retailer’s internal systems had been taken offline. Although its website remains up and running, this is not the case for the back end. The problems emerged last weekend on 29 May when Furniture Village admitted it was experiencing "technical issues" and it was unable to answer calls. This is still the case at the time of publication, 6 days later. By Wednesday, Furniture Village revealed it was “still experiencing technical issues with [its] internal systems” and that the team was working to resolve them as quickly as possible. These included delivery systems, phone systems, and according to customers, payment mechanisms.


Live Streams Go Down Across Cox Radio & TV Stations in Apparent Ransomware Attack

Permalink - Posted on 2021-06-04 17:00

Live streams for radio and TV stations owned by the Cox Media Group, one of the largest media conglomerates in the US, have gone down earlier today in what multiple sources have described as a ransomware attack.


Ireland's Health Service Remains Significantly Disrupted Weeks After Attack

Permalink - Posted on 2021-06-04 17:00

HSE doesn't expect health services to return to normal for "a number of weeks" as it continues to deal with the fallout of the ransomware attack against critical IT infrastructure.


Diverse Six-Justice Majority Rejects Broad Reading of Computer-Fraud Law

Permalink - Posted on 2021-06-04 17:00

The Supreme Court’s decision on Thursday in Van Buren v. United States provides the court’s first serious look at one of the most important criminal statutes involving computer-related crime, the federal Computer Fraud and Abuse Act. Justice Amy Coney Barrett’s opinion for a majority 0f six firmly rejected the broad reading of that statute that the Department of Justice has pressed in recent years. Among other things, the CFAA criminalizes conduct that “exceeds authorized access” of a computer. Crucially, the statute defines that term as meaning “to access a computer with authorization and to use such access to obtain … information … that the accesser is not entitled so to obtain.” The question in Van Buren was whether users violate that statute by accessing information for improper purposes or instead whether users violate the statute only if they access information they were not entitled to obtain. In this case, for example, a Georgia police officer named Nathan Van Buren took a bribe to run a license-plate check. He was entitled to run license-plate checks, but not for illicit purposes. The lower courts upheld a conviction under the CFAA (because he was not entitled to check license-plate records for private purposes). The Supreme Court disagreed, adopting the narrower reading of the CFAA, under which it is a crime only if users access information they were not entitled to obtain.


11th Circuit Upholds Historic $380 Million Equifax Data Breach Settlement

Permalink - Posted on 2021-06-04 17:00

A three-judge panel for the 11th Circuit on Thursday upheld the largest-ever U.S. class action settlement over a consumer data breach, rejecting a bevy of challenges to the $380 million deal. Finalized in January 2020, the settlement compensates U.S. consumers whose personal information was exposed in a cyberattack on the credit bureau Equifax. The breach compromised an estimated 147 million people’s data, including social security numbers and addresses. The deal is supposed to provide up to $20,000 per person for out-of-pocket losses linked to the breach. Other benefits for affected consumers include credit monitoring, identity protection services, as well as reimbursement for time spent addressing identity theft concerns. The settlement benefits will not be distributed, however, until court proceedings are complete. Rehearing petitions and other legal action by those objecting to the settlement could hold up the distribution for months. An extended claims submission period is scheduled to last through January 22, 2024.


Dutch Pizza Chain Discloses Breach After Hacker Tries to Extort Company

Permalink - Posted on 2021-06-04 17:00

New York Pizza, one of the largest pizza restaurant chains in the Netherlands, has disclosed today a security breach after a hacker tried to extort the company over the weekend. “Last Sunday night on Monday morning we received some emails from a hacker,” the company said in a statement published on its website. “This hacker claimed he stole a large amount of customer data from New York Pizza and threatened to publish or sell it.” New York Pizza said they believe the hacker got its hands on the data of approximately 3.9 million users, a number that represents around 22% of the Netherlands’ entire population.


75.9% of Stolen Data in Breaches Involve Personal Information

Permalink - Posted on 2021-06-04 17:00

An in-depth analysis of more than 100 of the largest data breaches in the past decade by Imperva Research Labs reveals a bleak and troubling reality. Not only has there been a greater number and higher frequency of breaches over the last decade, but the vast majority of that data –- 75.9% — can be classified as PII. The rise in both data breaches and the number of records compromised has been dramatic in recent years. Since 2017, the number of data breaches has increased more than 30% each year, with the number of records compromised per breach increasing more than 130% per year in that time.


Mobile, AL County Cyber Attack Shut Down Systems for 3 Days, Sparked Federal Investigation

Permalink - Posted on 2021-06-04 17:00

The attack was first reported by SuspectFile on May 31 after it appeared on the dark web leak site of threat actors calling themselves Pay or Grief (or Grief — this site STILL hasn’t gotten an answer from them as to their name). But on the leak site, they wrote: “The network of Mobile County, Alabama was screwed and now we have about 95 GB data from file servers, including internal company documents, personal and HR data. According to our rules we are publishing this data step by step in case if this company will keep silence.”


Risk and Compliance Firm Reports Breach of 47,035 Records

Permalink - Posted on 2021-06-04 17:00

The risk and compliance firm LogicGate has identified a security incident in which the protected health information of 47,035 individuals has potentially been compromised. LogicGate explained in breach notification letters that an unauthorized individual gained access to credentials for its Amazon Web Services cloud storage servers which are used to store backup files of customers that use its Risk Cloud platform.


DNS Attacks on the Rise, Costing $1 Million Each

Permalink - Posted on 2021-06-04 17:00

According to new research, cyber-attacks using DNS channels to steal data, DDoS victims, and deploy malware have grown in volume and cost throughout the pandemic. EfficientIP’s 2021 Global DNS Threat Report was compiled by IDC from interviews with 1,114 organizations across the world about their experiences of last year. It found that 87% of organizations suffered one or more DNS attack in 2020, up eight percentage points from 2019. On average, victims were hit 7.6 times at the cost of $950,000 per attack. The most common forms of attack were DNS phishing (49%), DNS-based malware (38%), DDoS (29%), DNS hijacking (27%), DNS tunnelling for command and control (24%), zero-day bugs (23%) and cloud misconfiguration abuse (23%).


Malware Will Sit for 83 Hours in an Employees Inbox Before Being Noticed

Permalink - Posted on 2021-06-03 17:00

Research finds that malicious emails spend an average of 83 hours in employees inboxes before being noticed. Barracuda researchers have found it takes, on average, three and half days (83 hours) from when a malicious email attack arrives in an employees inbox, to the point where it’s discovered by a security team or reported by the end-user and removed. The researchers analysed threat patterns and response practices across 3,500 organisations in the companies most recent Threat Spotlight, this month the focus was on analysing what happens after a malicious email manages to bypass an organisation’s security and land in a user’s inbox. They discovered that a medium-sized organisation of 1,100 users will experience around 15 email security incidents per month, and on average 10 employees will be impacted by each attack that finds its way through.


Malware-Related Attacks Jump by 54%

Permalink - Posted on 2021-06-03 17:00

Extensive analysis of cyberthreats in 2020 reveals a 91% jump in attacks on industrial companies and a 54% rise in malware-related attacks compared to 2019. Medical institutions ranked first in ransomware attacks, Positive Technologies reports.


FUJIFILM Shuts Down Network After Suspected Ransomware Attack

Permalink - Posted on 2021-06-03 17:00

FujiFilm is investigating a ransomware attack and has shut down portions of its network to prevent the attack's spread. While FUJIFILM has not stated what ransomware group is responsible for the attack, Advanced Intel CEO Vitali Kremez has told BleepingComputer that FUJIFILM was infected with the Qbot trojan last month.


India: Average Ransomware Payment Exceeds $76,000USD for Each Attack

Permalink - Posted on 2021-06-03 17:00

The recovery cost from the impact of a ransomware attack tripled in the last year in India -- up from $1.1 million (over Rs 8 crore) in 2020 to $3.38 million (more than Rs 24.5 crore) in 2021 as the country topped the list of 30 countries worldwide for ransomware attacks, a new report said on Tuesday. The average ransom payment in India was $76,619 (over Rs 55 lakh). However, paying up often doesn't pay off as Indian organizations that paid the ransom got back, on average, 75 per cent of their data and only 4 per cent got all their data back, according to 'The State of Ransomware 2021' report by global cybersecurity leader Sophos. The findings showed that 67 per cent of Indian organizations whose data was encrypted paid a ransom to get back their data a slight increase on the previous year when 66 per cent paid a ransom.


Many CISOs Blame Cyber Attack Surge on Remote Working

Permalink - Posted on 2021-06-03 17:00

Cybersecurity professionals have seen a surge in cyberattacks in the past year, and many blamed the trend on more employees working from home due to the COVID-19 pandemic, according to a report published on Thursday by VMware. Roughly three-quarters of respondents reported seeing an increase in attacks in the past year, and 78% of them said it was due to remote working. Moreover, 79% of respondents said cyberattacks had become more sophisticated. Over 80% of organizations admitted being breached in the past year — on average, they experienced more than 2 breaches per year — and in more than 80% of cases the incident was serious enough to require reporting to regulators or the involvement of incident response teams. Furthermore, 75% of those that suffered an attack reported some sort of negative impact on reputation.


Banking Fraud Up 159% as Transactions Hit Pre-Pandemic Volumes

Permalink - Posted on 2021-06-02 17:00

Banking fraud attempts soared by 159% from the final three months of 2020 to Q1 2021 as scammers sought to hide their attack in legitimate online activity, according to Feedzai. Data used in the firm’s Financial Crime Report Q2 2021 Edition includes 12 billion global transactions between January-March 2021. The vast majority (93%) of banking fraud during the period, as always, was online. However, while telephone banking made up less than 1% of total transactions, Q1 2021 saw fraud attempts via this channel spike by a dramatic 728% from the previous quarter. The primary tactics cyber-criminals used to defraud banks and their customers include account takeover (42%), followed by new account fraud (23%), impersonation (21%), purchase scams (15%) and phishing (7%).


Teen Crashes Florida School District's Network

Permalink - Posted on 2021-06-02 17:00

A teenage boy from Florida is facing felony charges after carrying out a cyber-attack that knocked 145 schools offline last spring. The unnamed 17-year-old junior at St. Petersburg High School crashed the entire computer network of the Pinellas County School District in Florida by deploying a distributed denial-of-service (DDoS) attack. His actions caused all the schools in the district to lose internet access on March 22 and 23.


Scripps Notifying 147K People of Data Breach

Permalink - Posted on 2021-06-02 17:00

A California healthcare provider is informing more than 147,000 people that their personal data may have been exposed in a recent cyber-attack. Scripps Health, which operates five acute-care hospitals in San Diego, among other facilities, took most of its network offline after detecting a ransomware infection at the beginning of May. The San Diego–based nonprofit system suspended access to several applications, including MyScripps and scripps.org.


Ransomware Attack Hits Nantucket, Martha's Vineyard Ferry Service

Permalink - Posted on 2021-06-02 17:00

Passengers planning to make their way over to the islands of Martha’s Vineyard or Nantucket on Wednesday could see delays due to a ransomware attack, The Steamship Authority said Wednesday. The Steamship Authority is the largest ferry service to the Massachusetts Islands of Martha’s Vineyard and Nantucket from Cape Cod.


The M.T.A. Is Breached by Hackers as Cyber Attacks Surge

Permalink - Posted on 2021-06-02 17:00

A hacking group believed to have links to the Chinese government penetrated the Metropolitan Transportation Authority’s computer systems in April, exposing vulnerabilities in a vast transportation network that carries millions of people every day, according to an M.T.A. document that outlined the breach.


More Than 11,000 People's Personal Information Released in APD Data Leak

Permalink - Posted on 2021-06-02 17:00

Since 2019, 11,402 people have had their birth dates and driver’s license numbers published accidentally, due to a glitch in the Anchorage Police Department records system, the department announced Wednesday. APD said an employee discovered the issue with traffic collision report records in February. Normally, a computer automatically redacts that personal information in records before they are published online. Captain Sean Case said the department identified a simple reason why the records were going out unredacted. “For lack of a better word, there’s a toggle switch, there’s a box you check on that has the public traffic collision report redacted,” he said. “And that box or that toggle switch was unchecked.”


Breached Companies Facing Higher Interest Rates and Steeper Collateral Requirements

Permalink - Posted on 2021-06-02 17:00

Companies are now being penalized financially by banks for data breaches, according to a new study from the American Accounting Association. In a new report, titled "Do Banks Price Firms' Data Breaches?" the organization found that banks are punishing companies that lose customer financial account information or social security numbers through data breaches with substantially higher interest rates and steeper requirements for collateral and covenants. The researcher behind the report analyzed data on 1,081 bank loans to publicly traded companies from 2003 to 2016. Of the 1,081 bank loans, 587 went to companies that had dealt with a data breach and 494 went to companies that had not. Henry Huang, co-author of the study and an associate professor of accounting at Yeshiva University, said he wanted to find a way of quantifying the financial consequences of breaches. The researchers matched companies in similar industries to see whether those that had been breached saw differences in how banks dealt with them. The report showed a clear link between higher interest rates and data breaches, with those that suffered more disastrous breaches faced even tougher treatment from banks. But banks did make a distinction between the companies that had been hacked by criminal groups and those that had lost control of customer data through accidents or mistakes.


Exagrid Paid $2.6m to Conti Ransomware Attackers

Permalink - Posted on 2021-06-02 17:00

According to information obtained by LeMagIT, the ransom was paid in the form of 50.75 Bitcoins on May 13. The caving in to the ransomware attackers' demands became even more embarrassing when the backup appliance vendor accidentally deleted the decryption tool and had to request it again.


Battle for the Galaxy: 6 Million Gamers Hit by Data Leak

Permalink - Posted on 2021-06-02 17:00

A Chinese game developer has accidentally leaked nearly six million player profiles for the popular title Battle for the Galaxy after misconfiguring a cloud database, Infosecurity has learned. AMT Games, which has produced a string of mobile and social titles with tens of millions of downloads between them, exposed 1.5TB of data via an Elasticsearch server.


Model Sues Law Firm Over Data Breach

Permalink - Posted on 2021-06-01 17:00

A fashion model is suing Baltimore-based law firm Goldberg Segalla for allegedly exposing her personal data when filing records in a different data breach lawsuit. Stephanie Hoffman claims the firm leaked her information twice on the Public Access to Court Electronic Records (PACER) service, which provides electronic public access to federal court records. Goldberg Segalla is representing Hoffman's former modeling agency, Major Model Management Inc (MMMI), in an ongoing proposed class-action lawsuit concerning an alleged data breach. That suit, which was also brought by Hoffman, accuses MMMI of failing to adhere to state laws, industry standards and best practices when collecting and storing the personal information of the models it contracted with.


Cyber Attack Victims Being Blame for Rise in Ransomare for Depending on Insurance to Pay

Permalink - Posted on 2021-06-01 17:00

Companies relying on their cyber-insurance policies to pay off ransomware criminals are being blamed for a recent uptick in ransomware attacks. Ransomware victims are increasingly falling back on their cyber-insurance providers to pay the ransom when they’re hit with an extortion cyberattack. But security researchers warn that this approach can quickly become problematic.


20/20 Eye Care Network and Hearing Care Network Notify 3,253,822 Health Plan Members of Breach

Permalink - Posted on 2021-06-01 17:00

20/20 Eye Care Network, Inc. is a managed vision care company in Florida that offers administrative services to health plans. 20/20 Hearing Care Network expands those services into hearing care. On May 28, 20/20’s Chief Compliance Officer notified the Maine Attorney General’s Office of an incident in which their Amazon AWS S3 buckets were accessed and data deleted.


Swedish Health Agency Shuts Down SmiNet After Hacking Attempts

Permalink - Posted on 2021-06-01 17:00

The Swedish Public Health Agency (Folkhälsomyndigheten) has shut down SmiNet, the country's infectious diseases database, on Thursday after it was targeted in several hacking attempts. SmiNet, which is also used to store electronic reports with statistics on COVID-19 infections, was shut down on Thursday to investigate the attacks and was brought back online on Friday evening.


Mexican Government Data Published for Sale

Permalink - Posted on 2021-06-01 17:00

The leaked data has been presumably stolen from multiple e-mail accounts in the result of ATO/BEC and compromise of network resources belonging to several Mexican government agencies. It is hard to determine sensitivity and the end impact in the result of such leaks, but it is one of the elements of an extortion game used by the bad actors. Mexico is the major trading partner of the United States, the second-largest economy in Latin America and the 17th-largest exporter in the world. The number of cyber attacks in the region is significantly growing. In 2020, Mexico was one of the countries.


California: Azusa Police Reveal Ransomware Attack in March

Permalink - Posted on 2021-05-31 18:00

On March 17, the DoppelPaymer threat actors added Azusa Police Department in California to the leak site where they list ransomware victims who have refused to pay their ransom demands. On April 22, the threat actors increased the pressure on the department — or attempted to — by dumping some files as proof that they had accessed the system and exfiltrated data. The files included police records concerning investigations and police business such as patrol officers’ reports. There was also some financial and payroll-related information.


Nuclear Flash Cards: U.S. Secrets Exposed on Learning Apps

Permalink - Posted on 2021-05-31 18:00

US troops charged with guarding nuclear weapons in Europe used popular education websites to create flash cards, exposing their exact locations and top-secret security protocols, according to the investigative site Bellingcat Friday.


Food Giant JBS Foods Shuts Down Production After Cyber Attack

Permalink - Posted on 2021-05-31 18:00

JBS Foods, a leading food company and the largest meat producer globally, had to shut down production at multiple sites worldwide following a cyberattack. The incident impacted multiple JBS production facilities worldwide over the weekend, including those from the United States, Australia, and Canada.


Healthcare Organizations Facing Higher Cyber Insurance Costs for Less Coverage

Permalink - Posted on 2021-05-28 17:00

The number of cyberattacks now being reported is higher than ever before. A couple of years ago, healthcare cyberattacks were being reported at a rate of one per day, but in 2021, there have been months where attacks have been reported at twice that rate. The severity of cyberattacks has also increased and the cost of responding to and recovering from cyberattacks is now much higher. The likelihood of a serious cyberattack occurring and the high costs of remediating such an attack have prompted many healthcare organizations to take out a cyber insurance policy to cover the cost.


Ransomware Attacks Affect Community Access Unlimited and CareSouth Carolina Patients

Permalink - Posted on 2021-05-28 17:00

Hartsville, SC-based CareSouth Carolina has notified 76,035 patients that some of their protected health information has potentially been compromised in a ransomware attack on its IT vendor, Netgain Technologies. CareSouth Carolina was informed by Netgain on January 14, 2021 that the company had experienced a ransomware attack in December 2020, and the attackers had access to servers containing patient data from late November, some of which was exfiltrated prior to the use of ransomware.


Germany: Waschbär Reports Cyber Attack

Permalink - Posted on 2021-05-28 17:00

A more detailed version follows from their May 26 statement: "On Wednesday afternoon, May 19th, 2021, our company was attacked by hackers who smuggled virus software into our IT system. Our IT experts reacted immediately and shut down all systems as a precaution for security reasons. We are currently gaining an overview of the situation and the associated consequences and are already working on possible solutions. We cannot yet say how long the problem will persist and when we can restore normal operation."


Philly Data Breach That Impacted Health Employee Emails Also Hit Other Departments

Permalink - Posted on 2021-05-28 17:00

The City of Philadelphia has released an update on an investigation into a data breach that left some employee email accounts accessible to unauthorized individuals. The incident, initially identified in March 2020, was the result of an employee’s email account that was exposed due to a phishing attack. The breach impacted people receiving services from the Department of Behavioral Health and Intellectual disAbility Services, as well as Community Behavioral Health, a nonprofit contracted by the city to administer the behavioral health Medicaid program, HealthChoices. The city’s investigation has revealed that the breach did impact other city employee emails in departments outside of DBHIDS, and that DBHIDS and CBH accounts were accessed without authorization between March 11 and Nov. 15, 2020. The investigation also showed that other city department emails were accessed from March 2020 to January 2021.


Application Security Not a Priority for Financial Services Institutions

Permalink - Posted on 2021-05-28 17:00

Contrast Security announced the findings of a report based on a comprehensive survey of development, operations, and security professionals and executives at enterprise-level financial services institutions. The report explores the state of application security at these organizations, and the findings indicate that the security of these applications – that have access and control over consumers’ finances – is not a priority or major concern for most of them.


Identity Crime Victims Struggling with Financial, Emotional and Physical Impacts

Permalink - Posted on 2021-05-28 17:00

Nearly 30 percent of people who contact the Identity Theft Resource Center (ITRC) are victims of more than one identity crime. Their latest study covers the 36 months from 2018-2020 and goes beyond the known financial implications of identity crimes and explores the emotional, physical and psychological impacts experienced by victims.


Klarna's Users Reveals Major Data Breach

Permalink - Posted on 2021-05-28 17:00

Klarna, a popular online payment company, was forced to temporarily shut down its service after complaints that users were being indiscriminately logged into other people's accounts.


CEFCO Allegedly Victim of Data Theft

Permalink - Posted on 2021-05-27 17:00

Hackers have posted 42 gigabytes of data allegedly stolen from CEFCO Convenience Stores on a website known as Marketo. The website indicates the stolen data includes “agreements, financial data, account lists, budget reports, NDAs and other interesting documents,” according to the post attached to the file online.


Lawsuit Alleges Colonial Pipeline Was Negligent in Recent Cyber Attack

Permalink - Posted on 2021-05-27 17:00

The lawsuit was filed May 18 in the U.S. District Court for the Northern District of Georgia, according to Bloomberg Law. Plaintiff Ramon Dickerson said the company breached its duty to employ industry security standards which resulted in system outages that harmed consumers by raising prices at the pump.


Japanese Ministries Confirm Impact from Fujitsu Data Breach

Permalink - Posted on 2021-05-27 17:00

On Wednesday, Japan’s Ministry of Foreign Affairs announced that it was impacted by the incident, saying that study material was stolen, and that some personally identifiable information might have been affected as well.


Data Breach at Canada Post

Permalink - Posted on 2021-05-27 17:00

Canada's primary postal operator, Canada Post, confirmed Wednesday that it has suffered a data breach. The security incident occurred following a cyber-attack on one of the Crown corporation's suppliers, Commport Communications, which provides electronic data interchange solutions. Commport Communications was hired by the postal service to manage the shipping manifest data of its large parcel business' customers. Following the cyber-attack, Canada Post has informed 44 of its commercial customers that data belonging to more than 950,000 customers has been compromised.


Number of Breached Records Soars 224% Annually

Permalink - Posted on 2021-05-27 17:00

The volume of compromised records globally has increased on average by 224% each year since 2017, according to new findings shared by Imperva. In light of the GDPR’s third anniversary this week, the data security firm crunched statistics on thousands of breaches over the past few years to better understand the evolving risk to businesses. There were more records reported as compromised in January 2021 alone (878 million) than for the whole of 2017 (826 million). Alongside the increase in this figure over the past four years, there’s been a 34% rise in the number of reported breaches over the period, and a 131% increase in average number of compromised records per incident, said Imperva security researcher, Ofir Shaty.


Scripps Health Still Grappling with Impact of May 1 Ransomware Attack

Permalink - Posted on 2021-05-27 17:00

The hospital chain has been forced to reschedule operations and is working to bring its electronic health record systems back online.


U.K. Police Suffered Thousands of Data Breaches in 2020

Permalink - Posted on 2021-05-26 17:00

There were over 2300 data breach incidents reported by just 22 of the UK’s police forces in 2020, according to new Freedom of Information data. VPNoverview requested information from the UK’s 45 police forces and received responses from 31. All told, the results revealed a national average of 299 data breaches per police station over the period dating from 2016 to the first four months of 2021. This included a combination of human error — for example, staff emailing sensitive information to the wrong recipient — and malicious third-party attacks.


NHS to Share Patient Data with Third Parties, Fueling Privacy and Security Fears

Permalink - Posted on 2021-05-26 17:00

NHS patient data in England will be shared with third parties for research and planning purposes, fueling concerns about privacy and security, it has been reported today. The Financial Times revealed that NHS Digital, which runs the health service’s IT systems, will create a database containing the medical records of around 55 million patients in England who are registered with a GP clinic. This includes sensitive data on mental and sexual health, criminal records and abuse. This information will subsequently be made available to academic and commercial third parties involved in research and planning, although no details on the types of organizations that will have access have been provided.


Rising Cyber Attacks in West Highlight Vulnerabilities

Permalink - Posted on 2021-05-26 17:00

A series of high-profile cyberattacks on targets in the West have highlighted the vulnerability of companies and institutions, making the issue a higher public priority but with no easy solution.


NZ: Volunteer Service Abroad Targetted by "Sophisticated" Ransomware Attack

Permalink - Posted on 2021-05-26 17:00

Ransomware attackers have targeted New Zealand’s largest volunteer agency working in international development. On Wednesday Volunteer Service Abroad (VSA) announced it had been the victim of a “sophisticated” ransomware attack. Last week Waikato District Health Board was brought to its knees by another attack. Chief executive Stephen Goodman​ said the non-governmental organisationwas hit last week, with attackers locking its computer systems and demanding a ransom.


Employee's Accidental Email Leads to a Significant Data Breach Ruling in Federal Appeals Court

Permalink - Posted on 2021-05-26 17:00

A federal appeals court recently addressed whether employees had standing to bring a lawsuit when their personally identifiable information (PII) was inadvertently circulated to other employees at the company, with no indication of misuse or external disclosure. In McMorris v. Carlos Lopez & Associates, LLC, the 2nd Circuit Court of Appeals (hearing cases from New York, Connecticut, and Vermont) determined that the particular plaintiffs at issue did not have standing and that their mere fear of identity theft was insufficient for them to sustain a claim for relief. Importantly, however, the court set forth a three-part framework for how standing could be established in a similar situation.


Average Loss from Compromised Cloud Accounts Is More Than $500,000 a Year

Permalink - Posted on 2021-05-26 17:00

Average total annual financial loss for companies from compromised cloud accounts is more than $500,000, according to new research. The findings came from a survey of 600 IT and security professionals in the U.S. jointly produced by Proofpoint and the Ponemon Institute. The report also noted that 68% of respondents believe cloud account takeovers present a significant security risk to their organizations – and more than 50% indicated that the frequency and severity of cloud account compromises increased over the past year.


Japanese Government Offices Hacked

Permalink - Posted on 2021-05-26 17:00

Hackers have accessed information-sharing software developed by Japan's Fujitsu, resulting in data leaks from Japanese government offices. Fujitsu's ProjectWEB software is widely used by public offices and businesses. The hackers accessed the software at Narita Airport east of Tokyo and stole data on air traffic control, prompting the Cabinet Secretariat's national cybersecurity center to alert establishments that use the software. On Wednesday, the land, infrastructure and transport ministry reported that at least 76,000 email addresses of its employees and business partners were leaked, along with data on the ministry's internal mail and Internet settings. The cybersecurity center reported that data on the center's information system were stolen from several of its offices.


Court Finds GCHQ Breached Citizen's Privacy with Its Bulk Surveillance Regime

Permalink - Posted on 2021-05-26 17:00

The UK's intelligence agency was found to not have sufficient safeguards in place when performing bulk surveillance of civilians and, ultimately, breached the right to privacy.


Over 65% of Australians Across All Age Brackets Worry About Privacy in New Tech.

Permalink - Posted on 2021-05-25 17:00

Almost 70% of Australians, regardless of their age, are concerned about their privacy when using new technology, according to a survey conducted by the Australian Communications and Media Authority (ACMA). "Such deep immersion in the online world also brings with it a range of risks and challenges -- from privacy and security concerns to exposure to misinformation and disinformation, scams, online bullying, and other harms," ACMA said. This finding arose as part of two new reports that were released by ACMA on Tuesday. The first report provides data about the digital preferences of Australians aged 65 or over, while the second report looks at same type of data for Australians in the 18 to 34-year-old age bracket.


Zocdoc says "Programming Errors" Exposed Access to Patients' Data

Permalink - Posted on 2021-05-25 17:00

The New York-based company revealed the issue in a letter to the California attorney general’s office, which requires companies with more than 500 residents of the state affected by a security lapse or breach to disclose the incident. Zocdoc confirmed that around 7,600 users across the U.S. are impacted by the security incident. Zocdoc, which lets prospective patients book appointments with doctors and dentists, said that it gives each medical or dental practice usernames and passwords for its staff to access appointments made through Zocdoc, but that “programming errors” — essentially a software bug in Zocdoc’s own systems — “allowed some past or current practice staff members to access the provider portal after their usernames and passwords were intended to be removed, deleted or otherwise limited.”


Arizona: Phoenix Chiropractic Practice Offline After Ransomware Attack

Permalink - Posted on 2021-05-25 17:00

Spine & Disc Medical Center in Phoenix, Arizona is a chiropractic practice. They have apparently been the victims of a ransomware attack by Avaddon threat actors, who added them to their leak site and dumped some data as proof of claims.


France: Cyber Attack Against the ISERBA Group

Permalink - Posted on 2021-05-25 17:00

The ISERBA Group is a property maintenance firm (plumbing, heating, electricity, carpentry, etc.). An undated notice on their web site indicates that they have been the victim of a cyber attack. There does not seem to be any other news coverage or updates since then, so it seems to be a serious attack.


Clinical Laboratory Settles HIPAA Security Rule Violations with OCR for $25,000

Permalink - Posted on 2021-05-25 17:00

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced a settlement has been reached with Peachstate Health Management, LLC, dba AEON Clinical Laboratories as a result of multiple violations of the HIPAA Security Rule.


Bose Admits Ransomware Hit: Employee Data Accessed

Permalink - Posted on 2021-05-25 17:00

High-end audio-tech specialist Bose has disclosed a ransomware attack, which it said rippled “across Bose’s environment” and resulted in the possible exfiltration of employee data. The incident began on March 7, according to a disclosure letter sent to the Attorney General’s Office in New Hampshire, which kicked off a successful incident-response process, the company said. While the letter didn’t mention how much the ransom was, a company spokeswoman confirmed to media that Bose declined to pay up and instead was able to rely on its own resources to regain control of its environment.


Only Two-Fifths of U.K. Firms Report Data Breaches on Time

Permalink - Posted on 2021-05-25 17:00

It’s three years today since the GDPR was launched across Europe but UK businesses are still failing to meet some of its most basic reporting requirements, CrowdStrike has warned. The security vendor polled a sample of 500 UK business decision makers between April 30 and May 10 to better understand uptake of the legislation, and the Data Protection Act 2018, which applies its principles in UK law. Unfortunately, the poll found that just 42% of UK firms that have been breached report the incident to the regulator within 72 hours, as required by law. The study found a general lack of awareness and visibility elsewhere: 67% of respondents said they consider themselves “prepared” should they become a breach victim, but only around a third (36%) have actually readied specific protocols to deal with the fallout of such an incident. Over a fifth (22%) claimed they either don’t know or don’t think the GDPR applies to the UK following Brexit. What’s more, two-thirds of businesses either don’t know (41%) or underestimated (25%) the maximum amount the Information Commissioner’s Office (ICO) can fine erring companies: 4% of global annual turnover or £17 million, whichever is higher.


8.3 Million Plaintext Passwords Exposed in DailyQuiz Data Breach

Permalink - Posted on 2021-05-25 17:00

The personal details of 13 million DailyQuiz users have been leaked online earlier this year after a hacker breached the quiz builder’s database and stole its content, which he later put up for sale. The data, of which The Record has obtained copies from two different sources, contains details about 12.8 million users, including plaintext passwords, emails, and IP addresses for 8.3 million accounts. The stolen data has been sold on hacking forums and Telegram channels since January 2021 for a price of $2,000 paid in cryptocurrency, but leaked into the public domain this month, after it was exchanged through different data brokers, and eventually came into the hands of a security researcher, who shared it with The Record.


1.7 Million Customers' Data Likely Leaked from Japan Dating App Operator

Permalink - Posted on 2021-05-25 17:00

Japanese dating app operator Net Marketing Co. said Friday personal data of 1.71 million users, including names and face photos, was likely leaked due to unauthorized access to its server. The operator of the Omiai dating app said customer information provided to the company between January 2018 and last month might have been stolen, as its probe found its data server was hacked at least several times last month.


TPG Confirms Data on Dark Web Belongs to Its Customer

Permalink - Posted on 2021-05-24 16:00

TPG Telecom has confirmed that data freely available to download on the dark web belongs to one of its customers, following a cyber security breach of TPG’s servers in April. The 5 gigabyte download, available at no charge on at least one dark web site, comes from one of the customers of TPG’s TrustedCloud service, a cloud-hosting service which the company was already in the process of decommissioning when it was hacked on April 25, a TPG spokesperson told The Australian Financial Review.


England: Customers Hit as Ransomware Incident Blacks Out Doncaster Insurance F

Permalink - Posted on 2021-05-24 16:00

In 2018, the firm and Radford were fined more than £1 million for inadvertently spending £17.3m of client money on working capital and payments to directors. The Financial Conduct Authority fined the firm £684,000 for failing to arrange adequate protection for client money over nine years while Mr Radford was fined £468,600 after the FCA decided he ‘is not fit and proper to have any responsibility for client money or insurer money’… ‘on the basis of his lack of competence to perform such functions’. DarkSide reportedly demanded £15 million ransom to provide a decryptor key and not to publicly dump data.


India: Private Schools See Student Data Compromise Due to Gov't Mishandling of Database

Permalink - Posted on 2021-05-24 16:00

Private schools have complained of a data security breach by officials with the Department of Primary and Secondary Education, while student information was fed into the Unified District Information System for Education (UDISE+) database.


Amex Fined After Sending Over Four Million Spam Emails

Permalink - Posted on 2021-05-24 16:00

American Express is the latest big-name brand to receive a fine from the UK’s data protection regulator after spamming millions of customers. The Information Commissioner’s Office (ICO) fined American Express Services Europe (Amex) £90,000 after it sent over four million marketing emails to customers who did not want them. The ICO said it began its investigation after complaints from some of those customers, who claimed to have opted out of receiving the missives.


Cyber Insurance Premiums, Take-Up Rates Surge

Permalink - Posted on 2021-05-24 16:00

According to the GAO, cyber insurance adoption is picking up. The GAO found that the take-up rate for cyber insurance rose from 26% in 2016 to 47% in 2020. Along with that adoption, insurance brokers said that more frequent and severe cyberattacks have led to premium increases. The GAO said more than half of the respondents in its report saw prices go up 10% to 30% in late 2020. In addition, cyberattacks have led insurers to reduce coverage limits for some sectors including healthcare and education.


Hacker Leaks 180 Million India Domino's Pizza Customer Records

Permalink - Posted on 2021-05-24 16:00

In a major data leak, customer information related to 18 crore orders placed with Domino’s India have been made public by a hacker who claims to have breached the pizza major’s servers.


Bergen Logistics Left Databse Exposed

Permalink - Posted on 2021-05-24 16:00

Recently, the IT security researchers at Website Planet uncovered an exposed database belonging to Bergen Logistics that stored 467,979 records all relevant to their shipments and customers. This means that any clients that conducted business with Bergen or anyone who received a package from Bergen within the USA, could possibly be affected by this data leak.


Indonesia National Health Insurance Database Leaked

Permalink - Posted on 2021-05-24 16:00

Indonesia’s government has admitted to leaks of personal data from the agency that runs its national health insurance scheme. On May 20th Kominfo, Indonesia’s Ministry of Communication and Information Technology, acknowledged it was aware of a post on notorious stolen-data-mart Raidforums offering to sell a million records leaked from the Badan Penyelenggara Jaminan Sosial (BPJS), an agency that runs national health insurance scheme Jaminan Kesehatan Nasional (JKN).


Boeing 747 Systems Compromised by Researchers

Permalink - Posted on 2021-05-24 16:00

Researchers from infosec biz Pen Test Partners established a persistent shell on an in-flight entertainment (IFE) system from a Boeing 747 airliner after exploiting a vulnerability dating back to 1999. It's an attack that's more of a curiosity than anything else: it's too difficult to pull off during an actual flight, and it's rare these days to see a 747 passenger service, anyway.


Cyber Insurance Firms Start Tapping Out as Ransomware Continues to Rise

Permalink - Posted on 2021-05-24 16:00

A global insurance carrier refuses to write new ransomware policies in France, while insurers rewrite policies. Are we heading toward a day when ransomware incidents become uninsurable?


Czech Republic: National Library Reports Outage Due to Cyber Attack

Permalink - Posted on 2021-05-21 17:00

Last month, DataBreaches.net reported an attack on the municipality of Olomouc in the Czech Republic. This month, we report an attack on Národní knihovna ČR, the national library of the Czech Republic. The library has not stated whether this was a ransomware incident or some other type of incident.


Toyota Admits to Twin Cyber Attacks

Permalink - Posted on 2021-05-21 17:00

Toyota has admitted to a pair of cyber-attacks. The first hit the European operations of its subsidiary Daihatsu Diesel Company, a Toyota-owned company entity that designs engines. In a statement [PDF] dated May 16th, Daihatsu said it “experienced a problem in accessing its file server in the internal system on 14 May 2021.” “After a brief investigation, a cyber-attack by an unauthorised access from a third party was confirmed as a cause of this issue,” the statement adds.


Sierra College Victim of Ransomware Incident

Permalink - Posted on 2021-05-21 17:00

"We are currently experiencing technical difficulties on the Sierra College website and some other online systems. This is the result of an external ransomware attack on our systems. We are working with law enforcement and third-party cybersecurity and forensic experts to investigate this incident, assess the potential impact, and bring our systems back online."


Tulsa Cyber Security Attack Similar to Pipeline Attack

Permalink - Posted on 2021-05-21 17:00

A cybersecurity attack on the city of Tulsa’s computer system was similar to an attack on the Colonial Pipeline and that the hacker is known, officials said Thursday. “I can’t share anything other than we know who did it,” Mayor G.T. Bynum said, adding that the city did not pay the hackers. “They wanted to talk with us about what (a ransom) would be for them not to announce (the attack) and we never engaged them.”


E-commerce Giant Suffers Major Data Breach in Codecov Incident

Permalink - Posted on 2021-05-21 17:00

E-commerce platform Mercari has disclosed a major data breach incident that occurred due to exposure from the Codecov supply-chain attack. As earlier reported by BleepingComputer, popular code coverage tool Codecov had been a victim of a supply-chain attack that lasted for two months. During this two-month period, threat actors had modified the legitimate Codecov Bash Uploader tool to exfiltrate environment variables (containing sensitive information such as keys, tokens, and credentials) from Codecov customers' CI/CD environments. Using the credentials harvested from the tampered Bash Uploader, Codecov attackers reportedly breached hundreds of customer networks.


CNA Financial Paid $40 Million in Ransom After March Cyber Attack

Permalink - Posted on 2021-05-21 17:00

According to the two people familiar with the CNA attack, the company initially ignored the hackers’ demands while pursuing options to recover their files without engaging with the criminals. But within a week, the company decided to start negotiations with the hackers, who were demanding $60 million. Payment was made a week later, according to the people.


Air India Data Breach Impacts 4.5 Million Customers

Permalink - Posted on 2021-05-21 17:00

Air India disclosed a data breach after personal information belonging to roughly 4.5 million of its customers was leaked two months following the hack of Passenger Service System provider SITA in February 2021. The Indian national carrier first informed passengers that SITA was the victim of a cyberattack on March 19.


661 Fines Issued Snce GDPR Became Enforceable, Totaling €292 Million

Permalink - Posted on 2021-05-20 17:00

3 years since rolling out in May 2018, there have been 661 GDPR fines issued by European data protection authorities. Every one of the 28 EU nations, plus the United Kingdom, has issued at least one GDPR fine.


Update: Nocona General Hospital "Recently" Learned of a Breach

Permalink - Posted on 2021-05-20 17:00

According to its notification to HHS 3,254 patients were impacted. Letters were reportedly sent to them on April 30. For many of them, their protected health information may still be freely available on the internet, but they will have no idea of that.


Update: Rehoboth Mckinley Christian Health Care Services Notified 209,000 Patients of Ransomware

Permalink - Posted on 2021-05-20 17:00

As it has done in similar attacks, the threat actors dumped a small sample of files as proof. The files include copies of handwritten injury reports and other reports related to named individuals’ care. The reports include demographic and protected health information. The sample also contains images of driver’s licenses and a Social Security card, a prescription, and a passport.


Hackers Targeted SolarWinds Earlier Than Previously Known

Permalink - Posted on 2021-05-20 17:00

The hackers who carried out the massive SolarWinds intrusion were in the software company’s system as early as January 2019, months earlier than previously known, the company’s top official said Wednesday.


PHI of up to 50,000 Patients of Arizona Asthma and Allergy Institute Exposed Online

Permalink - Posted on 2021-05-20 17:00

Arizona Asthma and Allergy Institute in Peoria, AZ has discovered the protected health information of up to 50,000 patients has been temporarily exposed online and could potentially have been accessed by an unauthorized individual. The affected patient data had been exposed for a brief period in September 2020 under the name of a different organization. Upon discovery of the security incident, a third-party computer forensics firm was engaged to investigate and determine the scope of the security breach and the extent to which patient data had been affected.


Exchange Server Attackers Launched Scans Within Five Minutes of Disclosure

Permalink - Posted on 2021-05-20 17:00

Threat actors are “winning the race” to find vulnerable assets to exploit, launching scans within minutes of CVE announcements, a leading security vendor has warned. The 2021 Cortex Xpanse Attack Surface Threat Report from Palo Alto Networks was compiled from scans of 50 million IP addresses associated with 50 global enterprises, carried out January-March 2021. The report revealed that as soon as new vulnerabilities are announced by vendors, attackers rush to take advantage, utilizing cheap cloud computing power to back their efforts.


Blind SQL Injection Flaw in WP Statistics Impacted 600K+ Sites

Permalink - Posted on 2021-05-20 17:00

Researchers from the Wordfence Threat Intelligence discovered a Time-Based Blind SQL Injection vulnerability in WP Statistics, which is a WordPress plugin with over 600,000 active installs. The plugin was developed by VeronaLabs, it provides complete website statistics to site owners. The vulnerability could be exploited by an unauthenticated attacker to extract sensitive information from a WordPress website using the vulnerable plugin.


U.K. Recruitment Firm Exposes Application CV Data

Permalink - Posted on 2021-05-20 17:00

FastTrack Reflex Recruitment firm recently joined the ranks of other companies that have been affected by data leaks due to misconfigured AWS S3 buckets. This data breach majorly affected the applicants whose CVs containing personal information were leaked, reports the research team at Website Planet.


100M Users' Data Exposed via Third-Party Cloud Misconfigurations

Permalink - Posted on 2021-05-20 17:00

Mobile app developers have potentially exposed the data of more than 100 million users due to misconfigurations of third-party cloud services, report researchers who analyzed Android apps. The Check Point Research (CPR) team examined 23 Android applications and found multiple kinds of misconfigurations that may have exposed emails, chat messages, location, passwords, and photos. These misconfigurations may have also put developers' internal resources at risk. In 13 of these applications, CPR found publicly available sensitive data from real-time databases that allow app developers to store data in the cloud and ensure it's synchronized to connected clients in real time. Some real-time databases were not configured with authentication, so the team could access data like chats and passwords by simply sending a request to the database.


Recruiter's Cloud SNAFU Exposes 20,000 CVs and ID Documents

Permalink - Posted on 2021-05-19 17:00

Tens of thousands of jobseekers have had their personal information exposed by a misconfigured cloud account, according to researchers. A team at Website Planet discovered the AWS S3 bucket left unprotected and unsecured by FastTrack Reflex Recruitment, now TeamBMS. The 5GB trove contained 21,000 files including CVs featuring personal information such as email addresses, full names, mobile phone numbers, home addresses and social network URLs. Other details included dates of birth, passport numbers and applicant photos, according to Website Planet.


UHS Data Breach Lawsuit Proceeds

Permalink - Posted on 2021-05-19 17:00

A lawsuit filed against an American healthcare provider over a 2020 data breach has been allowed to proceed, but only for one patient. Sensitive data belonging to UHS was exfiltrated in September last year when the company was targeted by the Ryuk ransomware gang. All UHS sites in Puerto Rico and the US were affected by the cyber-attack, which caused the company's IT systems to go offline for a month. Some scheduled appointments were postponed as a result. The Fortune 500 healthcare organization said in March that the attack had cost it an estimated $67m in downtime and related expenses.


Health Plan of San Joaquin Notifying More Than 420,000 of Email Hack Last Year

Permalink - Posted on 2021-05-19 16:00

On or about October 12, Health Plan of San Joaquin (HPSJ) learned of unusual activity affecting its email system. On October 23, 2020, the investigation determined that an unknown person(s) had accessed a number of HPSJ employee email accounts between September 26, 2020 and October 12, 2020. Yesterday, HPSJ sent out notifications and notified the Maine Attorney General’s Office of the incident, reporting that “the information that could have been subject to unauthorized access includes name, address, and Social Security number.” Their notification did not indicate what else it included or whether all those being notified were health plan members or also included any employees or dependents. DataBreaches.net has sent an email inquiry to HPSJ requesting clarification on how many people had ePHI potentially accessed or viewed and will update this post if a response is received.


Update: CaptureRx Incident Impacted Almost 2 Mllion People

Permalink - Posted on 2021-05-19 16:00

For the past two months, DataBreaches.net has been tracking reports involving NEC Networks, LLC d/b/a CaptureRx. CaptureRx is a specialty pharmacy benefits manager whose services include prescription claims processing, patient assistance program administration, and public health service 340B drug program administration. CaptureRx provides these services for pharmacies and healthcare providers across the United States. This week, in its newest filing with a state regulator, we have learned that a total of 1,919,938 individuals (presumably patients) have been impacted by the incident.


New York: Filters Fast Settles Charges Stemming from Failure to Patch Critical Vulnerability

Permalink - Posted on 2021-05-19 16:00

In 2019, Filters Fast experienced a data breach when a threat actor exploited a plugin vulnerability in vBulletin. Using SQL injection, the attacker was able to obtain consumers’ cardholder names, billing addresses, expiration dates, validation codes, and primary account numbers for purchases made between June, 2019 and July, 2020. Filters Fast did not detect any vulnerability in their system or breach. When when notified in February 2020 that they were a “common point of compromise,” they investigated but claimed they did not find anything. In March, 2020, they had their web host rebuild the server “out of an abundance of caution,” but the bad code remained on the server, and hence, continued to compromise the checkout process.


Wyoming Health Director, Tech. Officer Quit After Data Leak

Permalink - Posted on 2021-05-19 16:00

Wyoming’s health director and chief information officer have resigned after a data leak involving the personal information of tens of thousands of people who were tested for the coronavirus. A state Department of Health employee working with computer code accidentally released COVID-19 test results, as well as blood alcohol test results going back to 2012, for 164,000 people in late 2020 and early 2021.


Irish Patients' Data Stolen by Hackers Shows Up in Negotiation Chat

Permalink - Posted on 2021-05-19 16:00

Medical and personal information about Irish patients stolen by hackers last week is now being shared online, screenshots and files seen by the Financial Times show. The records offered online by hackers to further their demands for almost $20m in ransom also include internal health service files, such as minutes of meetings, equipment purchase details and correspondence with patients.


Packaging Vendor Ardagh Admits Cyber Attack Disrupted Operations

Permalink - Posted on 2021-05-19 16:00

European glass and metal packaging manufacturer Ardagh Group has admitted falling victim to a cyber-attack. According to Ardagh, even though its metal beverage packaging and glass packaging facilities remained operational, the attack still caused shipping delays and interruption in some supply chain operations.


New Zealand Hospitals Infected by Ransomware, Cancel Some Surgeries

Permalink - Posted on 2021-05-19 16:00

New Zealand's Waikato District Health Board (DHB) has been hit with a strain of ransomware that took down most IT services Tuesday morning and drastically reduced services at six of its affiliate hospitals. The attack disabled all IT services except email. Patient notes became inaccessible, clinical services were disrupted, and surgeries postponed. Phone lines went down and hospitals were forced to accept urgent patients only.


Florida Water Plant Compromise Came Hours After Worker Visited Malicious Site

Permalink - Posted on 2021-05-19 16:00

The website, which belonged to a Florida water utility contractor, had been compromised in late December by hackers who then hosted malicious code that seemed to target water utilities, particularly those in Florida. More than 1,000 end-user computers visited the site during the 58-day window that the site was infected. One of those visits came on February 5 at 9:49 am ET from a computer on a network belonging to the City of Oldsmar. In the evening of the same day, an unknown actor gained unauthorized access to the computer interface used to adjust the chemicals that treat drinking water for the roughly 15,000 residents of the small city about 16 miles northwest of Tampa. The intruder changed the level of lye to 11,100 parts per million, a potentially fatal increase from the normal amount of 100 ppm.


Credential Stuffing Reaches 193 Billion Login Attempts Annually

Permalink - Posted on 2021-05-19 16:00

Attackers turned the credential-stuffing knob to 11 in 2020, inundating websites with 193 billion failed attempts to gain access to targeted users' accounts using stolen or reused credentials, according to Akamai's new "State of the Internet" report. In fact, the number of login attempts using credentials increased more than 310%, from 47 billion in 2019, although Akamai attributed an unspecified amount of the precipitous rise to more customers and improved visibility into such attacks. Overall Web attacks, such as SQL injection attacks, showed only a modest increase, growing to 6.3 billion in 2020, up from 6.2 billion in 2019.


Q1 2021 Sees 2.9 Million DDoS Attacks Launched

Permalink - Posted on 2021-05-18 16:00

Approximately 2.9 million Distributed Denial of Service (DDoS) attacks were launched in the first quarter of 2021, according to research from NETSCOUT’s ATLAS Security Engineering & Response Team (ASERT). The estimated figure represents a 31% increase compared to the same period in 2020. All three months of the year's first quarter saw more than 900,000 DDoS attacks, which researchers said exceeded the existing baseline of 800,000 per month.


Argentina Orders Facebook to Suspend WhatsApp Data Sharing

Permalink - Posted on 2021-05-18 16:00

Argentina has ordered Facebook to suspend its data use policy allowing it to collect information from users of its WhatsApp messaging app, the government announced on Monday. The suspension will last at least six months and aims to prevent "the abuse of a dominant position," said a resolution published in the official bulletin. In the meantime, the national agency that protects personal data and access to public information will lead an investigation into Facebook's plans.


Utah: Astro Team Threat Actors Dump Patient-Related Files Allegedly from Eduro Healthcare

Permalink - Posted on 2021-05-18 16:00

On April 7, a relatively new group of threat actors called Astro Team added Eduro Healthcare to their dedicated leak site, claiming to have exfiltrated 40 GB of data. Astro Team’s ransomware has reportedly been linked to Mount Locker ransomware. On April 23, Astro Team dumped all the data, presumably because Eduro failed to pay unspecified ransom demands. Whether Eduro ever responded at all is unknown to DataBreaches.net. Nor can DataBreaches.net report with confidence that Eduro’s system(s) were encrypted, but given what is known about Astro Team, it seems plausible.


Japan to Restrict Private Sector Use of Foreign Equipment and Tech.

Permalink - Posted on 2021-05-18 16:00

After seeing the Colonial Pipeline hack unfold in the US, the Japanese government reportedly wants to impose stricter security regulations on the private sector to ensure the same thing does not happen in Japan.


Commercial Third Party Code Creating Security Blind Spots

Permalink - Posted on 2021-05-18 16:00

Despite the fact that third party code in IoT projects has grown 17% in the past five years, only 56% of OEMs have formal policies for testing security, a VDC Research reveals. Meanwhile, when asked to rank the importance of security to current projects, 73.6% of respondents said it was important, very important or critical.


Double-Extortion Ransomware Attacks on the Rise

Permalink - Posted on 2021-05-18 16:00

Zscaler announced a report featuring analysis of key ransomware trends and details about the most prolific ransomware actors, their attack tactics and the most vulnerable industries being targeted. In late 2019, there was a growing preference for “double-extortion” attacks in some of the more active and impactful ransomware families. These attacks are defined by a combination of unwanted encryption of sensitive data by malicious actors and exfiltration of the most consequential files to hold for ransom. Affected organizations, even if they are able to recover the data from backups, are then threatened with public exposure of their stolen data by criminal groups demanding ransom. In late 2020, the team noticed that this tactic was further augmented with synchronized DDoS attacks, overloading victim’s websites and putting additional pressure on organizations to cooperate.


Student Health Insurance Carrier Guard.me Suffers a Data Breach

Permalink - Posted on 2021-05-18 16:00

On May 12th, Guard.me discovered suspicious activity on their website that led them to take down their website. When visiting the website, visitors are automatically redirected to a maintenance page warning that the site is down while the insurance provider increases security on the site.


FBI says Cyber Crime Complaints More Than Doubled in 14 Months

Permalink - Posted on 2021-05-18 16:00

The FBI's Internet Crime Complaint Center (IC3) has seen a massive 100% in cybercrime complaints over the past 14 months. When the IC3 first began logging complaints in 2000, it took seven years to reach 1 million complaints. Since then, it has taken an average of 29.5 months for each additional million complaints. For the period between March 2020 and May 2021, the IC3 saw a massive increase of 1 million complaints in just 14 months.


City Pay $350,000 in Ruling After Careless Employee Sends Unsecured Data

Permalink - Posted on 2021-05-17 17:00

The city of Fullerton, California, has agreed to pay $350,000 to settle a lawsuit it brought against two bloggers it accused of hacking the city’s Dropbox account. Joshua Ferguson and David Curlee frequently made public record requests in the course of covering city government for a local blog, Friends for Fullerton’s Future. The city used Dropbox to fulfill large file requests, and in response to a June 6, 2019, request for records related to police misconduct, Ferguson and Curlee were sent a link to a Dropbox folder containing a password-protected zip file. But a city employee also sent them a link to a more general “Outbox” shared folder that contained potential records request documents that had not yet been reviewed by the city attorney. The folder wasn’t password protected or access restricted. At the time, there were 19 zip files in the outbox, five of which were not password protected.


Despite Warnings, Cloud Misconfiguration Problem Remains Disturbing

Permalink - Posted on 2021-05-17 17:00

Cloud Security Posture Management (CSPM) firm Aqua Security has analyzed the anonymized cloud configuration data of hundreds of its clients over a period of 12 months. The intent was to discover the size of the cloud misconfiguration problem, and the response from industry to known issues. For its analysis, Aqua separated the group into SMBs (who used Aqua to scan up to just a few hundred cloud resources), and enterprises (who scanned anything from a few hundred to a few hundred thousand cloud resources. In general, and probably as a reflection of resources, it found that smaller companies fixed fewer of the known issues over the 12 month period, but did so at a faster rate than enterprises. Less than 1% of enterprises fixed all misconfiguration issues, while 8% of SMBs did so. The size of the problem remains disturbing, despite all the warnings over the last few years. In January 2020, the NSA called misconfiguration the most common cloud vulnerability; which it described as having high prevalence but requiring low attacker sophistication.


140,000 SEIU 775 Benefits Group Members' PHI Potentially Compromised

Permalink - Posted on 2021-05-17 17:00

SEIU 775 Benefits Group in Washington has notified approximately 140,000 of its members that some of their protected health information has been exposed. Around April 4, 2020, SEIU 775 Benefits Group’s IT team detected anomalous activity within the group’s data systems, including the apparent deletion of certain data files.


85% of Breaches Involve the Human Element

Permalink - Posted on 2021-05-17 17:00

The Verizon report examines more breaches than ever before, and sheds light on how the most common forms of cyber attacks affected the international security landscape during the global pandemic. This year’s report saw 5,258 breaches from 83 contributors across the globe, a third more breaches analyzed than last year.


New York: Student Names, Vendor Bank Account Info. Exposed in BPS Cyber Attack

Permalink - Posted on 2021-05-17 17:00

When ransomware hit the Buffalo Public Schools in March, the district told students and families that investigators had not determined that any personal information had been exposed. Two months later, investigators have found that such information was exposed. Personal information about an unknown number of students, parents and employees has been exposed, along with bank account information for an unknown number of vendors, the district revealed in letters recently. Student names, district ID numbers, birthdates, grade levels, schools, addresses, phone numbers and parent names were among the information exposed in the attack, according to a letter sent May 7 to families by Kroll, a security consulting firm, on behalf of the district.


Herff Jones Credit Card Breach Impacts College Students Across the U.S.

Permalink - Posted on 2021-05-17 17:00

Graduating students from several universities in the U.S. have been reporting fraudulent transactions after using payment cards at popular cap and gown maker Herff Jones. In the wake of the reports that started last Sunday, the company started an investigation to determine the extent of the data breach.


Insurer AXA hit by Ransomware After Dropping Support for Ransom Payments

Permalink - Posted on 2021-05-17 17:00

Branches of insurance giant AXA based in Thailand, Malaysia, Hong Kong, and the Philippines have been struck by a ransomware cyber attack. As seen by BleepingComputer yesterday, the Avaddon ransomware group claimed on their leak site that they had stolen 3 TB of sensitive data from AXA's Asian operations. Additionally, BleepingComputer observed an ongoing Distributed Denial of Service (DDoS) against AXA's global websites making them inaccessible for some time yesterday.


Apex America Hit by Sodinokibi Ransomware

Permalink - Posted on 2021-05-14 17:00

DataBreaches.net was able to see some of REvil’s attempts to persuade Apex America to pay what was originally set as a $7 million ransom. After a number of days, someone presumably from Apex America (although that has not been confirmed) showed up in the chat to ask REvil what their lowest price would be. REvil answered “6kk” ($6 million). That was 5 days ago, and Apex America or whoever it was in that chat has not responded since.


Brazil: Rede Bahia Suffers a Cyber Attack and Reported Data Breach

Permalink - Posted on 2021-05-14 17:00

Rede Bahia, a Brazilian business conglomerate with16 multimedia vehicles focused on Bahia and Bahian people, was hit with a ransomware attack that impacted its functioning. As of today, the firm is still working to restore all functioning.


Toshiba Hacked with DarkSide Ransomware

Permalink - Posted on 2021-05-14 17:00

A Toshiba Corp unit said it was hacked by the DarkSide ransomware group, overshadowing an announcement of a strategic review for the Japanese conglomerate under pressure from activist shareholders to seek out suitors.


SMBs Increasingly Face Same Cyber Threats as Large Enterprises

Permalink - Posted on 2021-05-14 17:00

For the first time since the Verizon Data Breach Investigations Report began tracking cyberattack techniques, threat patterns affecting small and medium businesses began to closely align with the patterns affecting large firms. This year, 80% of breaches in SMBs and 74% of breaches in large businesses were born of system intrusion, basic web application attacks, and miscellaneous errors (like distributing a file unintentionally), according to the 2020 Verizon DBIR released Thursday. External hackers comprised 57% of SMB and 64% of large business incidents. For both SMBs and large firms, hackers acted with financial motives around 90% of the time, espionage motives around 5% of the time.


Chemical Distributor Pays $4.4 Million to DarkSide Ransomware

Permalink - Posted on 2021-05-14 17:00

Chemical distribution company Brenntag paid a $4.4 million ransom in Bitcoin to the DarkSide ransomware gang to receive a decryptor for encrypted files and prevent the threat actors from publicly leaking stolen data.


Ireland: HSE Computer Systems Infected with Ransomware

Permalink - Posted on 2021-05-14 17:00

Taoiseach Micheál Martin has insisted Ireland will not pay any ransom to hackers who attacked the state’s health service. Earlier, Minister of State for Communications Ossian Smyth has said a bitcoin ransom was demanded following a cyber attack on Health Service Executive (HSE) computer systems.


Georgia’s HB 156, Requiring State Notice for Utility Cyber Security Incidents, Is Now in Effect

Permalink - Posted on 2021-05-13 16:00

Georgia’s governor has signed into law House Bill 156, creating specific notice requirements for state agencies and utilities that experience cybersecurity attacks, data breaches or malware and requiring notice to the state director of emergency management in Georgia within two hours of notifying the federal emergency management agencies. In addition, the law requires the Georgia state director of emergency management and homeland security to develop additional rules and regulations related to the notice requirements.


Gary, Indiana Targeted by Ransomware Attack

Permalink - Posted on 2021-05-13 16:00

The city of Gary is trying to recover from a ransomware attack. All of its servers are now being restored and rebuilt. The FBI and the Department of Homeland Security were both alerted and a city spokesperson says they’re still investigating if anyone’s personal information was stolen.


Cyber Attacks Cost Small U.S. Businesses $25k Annually

Permalink - Posted on 2021-05-13 16:00

Cyber-attacks are leaving small businesses in the United States with big dents in their annual budgets, according to new research by international insurance company Hiscox. Data analyzed in the creation of the "Hiscox Cyber Readiness Report 2021" revealed that the average financial cost of a cyber-attack to a small business in the US over 12 months is "high at $25,612." The annual report, which was first published five years ago, surveys over 6,000 professionals from the US, UK, Belgium, France, Germany, the Netherlands, Spain, and Ireland who are responsible for their company’s cybersecurity. Respondents completed the online survey between November 5, 2020, and January 8, 2021. Responses revealed that 23% of small businesses in the United States had suffered at least one cyber-attack during the past 12 months. More than a third of US small businesses (35%) said that they do not fully disclose to all relevant internal and external stakeholders when a cybersecurity incident happens.


Trailer Maker Utility Targeted in Ransomware Attack

Permalink - Posted on 2021-05-13 16:00

Utility Trailer Manufacturing, one of the largest U.S. producers of trailers for the trucking industry, was targeted in an apparent ransomware attack that exposed personal information of numerous employees. The California-based company told FreightWaves that it had “suffered a cyber event” that disrupted some systems temporarily. The company disclosed the incident after the Clop ransomware gang leaked over 5 gigabytes of data to the dark web this week.


Colonial Pipeline Paid Hackers Nearly $5 Million in Ransom

Permalink - Posted on 2021-05-13 16:00

Colonial Pipeline Co. paid nearly $5 million to Eastern European hackers on Friday, contradicting reports earlier this week that the company had no intention of paying an extortion fee to help restore the country’s largest fuel pipeline, according to two people familiar with the transaction.


Green Energy Company Volue Hit by Ransomware

Permalink - Posted on 2021-05-13 16:00

The attack was discovered on May 5, when Volue said some of its operations had been impacted. Volue’s investigation is ongoing.


Manchester Coucil Exposed Thousands of Plate Numbers

Permalink - Posted on 2021-05-13 16:00

Manchester City Council exposed online the number plates of more than 60,000 cars slapped with parking tickets, breaking data protection laws as it did so. In what appears to be a sincere if misguided attempt to provide public accountability over parking wardens, the council publishes income from parking tickets online in the open data section of its website.


Firms Struggle to Secure Multicloud Misconfigurations

Permalink - Posted on 2021-05-13 16:00

Companies continue to struggle to correctly configure their cloud infrastructure, with small and midsize businesses (SMBs) fixing only an average of 40% of misconfiguration issues and enterprises fixing 70% of such issues, according to a new report from cloud security firm Aqua Security.


Half of Government Security Incidents Caused by Missing Patches

Permalink - Posted on 2021-05-12 16:00

Cybersecurity is both a driver and a major barrier to public sector IT modernization, according to new research from BAE Systems Applied Intelligence. The cyber consultancy polled 250 managers with IT responsibility in UK central governmental organizations, to better understand the interplay between security and digital transformation. The research revealed that most (60%) UK government departments have digital transformation plans in place and that these have been accelerated in the majority of cases by the pandemic. Mitigating the risk of vulnerabilities was cited by three-quarters (75%) of respondents as the main reason for driving these legacy upgrades.


Colonial Pipeline Attack Leads to Calls for Cyber Regs

Permalink - Posted on 2021-05-12 16:00

Several lawmakers have called for national breach notification laws that would require businesses and government agencies to report when they are victims of an attack. Lawmakers have also started to pose questions to regulatory agencies that oversee cybersecurity in the gas and oil industry.


Cyber Attack Steals Info. of One Million in Turkey's Konya

Permalink - Posted on 2021-05-12 16:00

A municipality official confirmed the attack but did not disclose its scale. The Sözcü newspaper claims the ID numbers and other personal information of about 1 million people were stolen in the cyberattack, predominantly those who had sent emails to the municipality. A suspect using the user name Maxim Gorki put a database containing the information on a hacker forum.


Texas: Herff Jones Data Breach Leaves Students' Bank Information Compromised

Permalink - Posted on 2021-05-12 16:00

A data breach at UH [University of Houston] graduation cap and gown vendor, Herff Jones, has some students’ bank information compromised. No notice appears on Herff Jones’s web site at this time.


Washington D.C. Police Allegedly Offered $100,000 to Hackers to Stop Leak

Permalink - Posted on 2021-05-12 16:00

The cybercriminals who hacked and attempted to extort the Washington D.C. Metropolitan Police Department have now published what they claim are screenshots of their conversation with the police. Motherboard has not independently verified the specific conversation but the materials released by the hacking group thus far have proven to be legitimate. In the screenshots, hackers with the Babuk ransomware group attempt to convince the police to pay up, or else they will leak all the data they stole. The negotiations broke when the person on the police side of the conversation offered $100,000, instead of the $4 million the hackers asked for.


Data from Indiana and Oregon School Districts Dumped by Ransomware Threat Actors

Permalink - Posted on 2021-05-11 17:00

his week, two sets of threat actors dumped data from K-12 school districts in Indiana and Oregon. Both districts had disclosed ransomware incidents in April. There does not yet seem to be any notice on the school district’s web site about this newest development.


Norway: Volue ASA Hit by Ryuk Ransomware

Permalink - Posted on 2021-05-11 17:00

Volue is Norwegian software company. On May 5, they reportedly became a victim of a ransomware attack. The attack impacted some of Volue Technology’s front-end customer platforms.


Ransomware Attack on New York Medical Group Impacts 330K Patients

Permalink - Posted on 2021-05-11 17:00

The New York medical group practice, Orthopedic Associates of Dutchess County, has announced the protected health information of certain patients was potentially stolen in a recent cyberattack. The security incident was detected on March 5, 2021 when suspicious activity was identified in its systems. An investigation into the incident confirmed its systems had been accessed by unauthorized individuals on or around March 1, 2021. The attackers gained access to certain systems and encrypted files and issued a ransom demand for the keys to unlock the encrypted files.


Germany Bans Facebook from Processing WhatsApp Data

Permalink - Posted on 2021-05-11 17:00

A German privacy watchdog has banned social media company Facebook from harvesting data on WhatsApp users. Hamburg’s data protection commissioner said that WhatsApp's privacy policy was in breach of European data protection rules following a recent change.


200K Veterans' Medical Records May Have Been Stolen by Ransomware Gang

Permalink - Posted on 2021-05-11 17:00

A database filled with the medical records of nearly 200,000 U.S. military veterans was exposed online by a vendor working for the Veterans Administration, according to an analyst, who also presented evidence the data might have been exfiltrated by ransomware attackers.


Apple Execs Chose to Keep a Hack of 128 Million iPhones Quiet

Permalink - Posted on 2021-05-11 17:00

Emails from the Epic Games lawsuit show Apple brass discussing how to handle a 2015 iOS hack. The company never directly notified affected users.


University of California Confirms Personal Information Stolen in Cyber Attack

Permalink - Posted on 2021-05-11 17:00

The University of California (UC) this week confirmed that personal information was stolen in a cyberattack involving the Accellion File Transfer Appliance (FTA) service. The incident, which took place in late December 2020, after a critical vulnerability was identified in the decades-old file sharing service, impacted tens of companies, government agencies, and universities. UC initially confirmed impact from the incident in early April, after the operators of Clop ransomware, which orchestrated the attack on Accellion’s service, published on their Tor-based leaks website information allegedly stolen from the university and other entities.


Three Affiliated Tribes Hit by Ransomware Attack, Holding Tribal Information Hostage

Permalink - Posted on 2021-05-11 17:00

On April 28, the Three Affiliated Tribes—the Mandan, Hidatsa & Arikara Nation—announced to its staff and employees that its server was hacked and believe it was by malicious software called ransomware. Since the server was hacked, the tribe has been unable to access files, email and critical information.


Ransomware Gang Leaks Data from Metropolitan Police Department

Permalink - Posted on 2021-05-11 17:00

Babuk Locker ransomware operators have leaked personal files belonging to police officers from the Metropolitan Police Department (also known as MPD or DC Police) after negotiations went stale. The documents published on Babuk Locker's dark web leak portal include 150 MB worth of data from DC Police officers' personal files.


Application Attacks Spike as Criminals Target Remote Workers

Permalink - Posted on 2021-05-11 17:00

Cybercriminals' change in strategy during the COVID-19 pandemic caused application-specific and Web application attacks to spike, according to a new report that finds these threats made up 67% of all attacks last year, a number that has more than doubled in the past two years.


Massive Amazon Fake Review Scam Exposed in Data Breach

Permalink - Posted on 2021-05-10 16:00

Amazon has spent years rooting out fake reviews and other seller scams from its e-commerce platform. But the latest discovery from security researchers at SafetyDetectives found what appears to be a sophisticated scheme by Amazon vendors to procure fake reviews for their products. SafetyDetectives's cybersecurity team found a China-based Elasticsearch server of direct messages between Amazon vendors and customers running fake review schemes in exchange for free products. In total, the 7GB treasure trove contained over 13 million records, including the email addresses and WhatsApp/Telegram phone numbers of vendor contacts, plus email addresses, names, PayPal account details, and Amazon account profiles of reviewers, impacting approximately 200,000 people.


Twilio, HashiCorp Among Codecov Supply Chain Hack Victims

Permalink - Posted on 2021-05-10 16:00

The massive blast radius from the Codecov supply chain attack remains shrouded in mystery as security teams continue to assess the fallout from the breach but a handful of victims are starting to publicly acknowledge possible exposure of sensitive developer secrets.


City of Chicago Hit by Data Breach at Law Firm Jones Day

Permalink - Posted on 2021-05-10 16:00

The city of Chicago on Friday said that employee emails were compromised in a Jones Day data breach involving Accellion’s FTA file sharing service. The cyber-attack started in December 2020, when a critical vulnerability was identified in the 20-year-old large file transfer service that reached end-of-life on April 30, 2021.


City of Tulsa Hit by Ransomware Over the Weekend

Permalink - Posted on 2021-05-10 16:00

The city of Tulsa, Oklahoma, one of the 50 largest cities in the US, has been hit by a ransomware attack over the weekend that affected the city government’s network and brought down official websites. The attack, which took place on the night between Friday and Saturday, is currently being handled by the city’s IT team, which have managed to restore the city’s websites, a spokesperson told The Record. IT teams are still working to recover impacted systems from backups.


7 May 2021 News Lawsuit Filed Over Contact Tracing Data Breach

Permalink - Posted on 2021-05-07 17:00

A federal lawsuit has been filed against Pennsylvania and a vendor contracted by the state's Department of Health (DOH) over a data breach that exposed the personal health information (PHI) of thousands of Pennsylvanians. The plaintiffs allege that the data breach was a “direct result of Defendants’ failure to implement adequate and reasonable cybersecurity procedures and protocols." In the suit, Insight Global is accused of maintaining “unsecure spreadsheets, databases and or documents containing the PHI (public health information).”


Insurer AXA Halts Ransomware Crime Reimbursement in France

Permalink - Posted on 2021-05-07 17:00

In an apparent industry first, the global insurance company AXA said Thursday it will stop writing cyber-insurance policies in France that reimburse customers for extortion payments made to ransomware criminals. AXA, among Europe’s top five insurers, said it was suspending the option in response to concerns aired by French justice and cybersecurity officials during a Senate roundtable in Paris last month about the devastating global epidemic of ransomware.


South Africa: NCape Municipality Battles Devastating Ransomware Attack

Permalink - Posted on 2021-05-07 17:00

The Nama Khoi Municipality in the Northern Cape Province is struggling to restore IT systems that were hit by a ransomware attack last year. What’s a bit bizarre about this report is that they report that the Pysa threat actors have not even yet demanded any ransom. DataBreaches.net checked the threat actors’ leak site. They listed the attack as occurring on November 29, 2020. And then they started dumping data as proof.


Edinburgh Mental Health Clinic in Probe After Client Information Accessed in Scam

Permalink - Posted on 2021-05-07 17:00

An Edinburgh mental health clinic is at the centre of a probe into a data breach resulting in hundreds of client contact details being accessed as part of a phishing scam. Bosses at The Edinburgh Practice, which offers a range of psychological and psychiatric counselling, were accused of failing to properly notify patients of the attack, despite a host of complaints. It comes after dozens of service users at the private clinic raised concerns with the Information Commissioner’s Office (ICO) when they received emails from scammers seeking to harvest their personal information through a virus disguised as an important document from the clinic.


NHS Vaccination Website Leaks People's Medical Data

Permalink - Posted on 2021-05-07 17:00

A gaping security hole has been discovered in the NHS vaccination booking website, which can be easily exploited to find out whether someone has received a jab. The problem relates to the way the website treats different users, depending on how far along they are in the vaccination process.


Wolfe Eye Clinic Victim of Lorenz Threat Actors

Permalink - Posted on 2021-05-07 17:00

There is no notice of any cyberattack on the web site of Wolfe Eye Clinic in Iowa, but the clinic has been investigating and addressing an alleged attack for more than one month now while patient care continues at their multiple locations. On April 1, threat actors known as Lorenz added the clinic to its relatively new dedicated leak site. Unlike some other dedicated leak sites that appear to just dump data to pressure victims into paying extortion demands, Lorenz has offered downloads for which interested parties — or the victim — can buy the key to open. The threat actors also seem to be offering to sell access to the clinic’s internal network.


U.S. Physics Laboratory Exposed Documents, Credentials

Permalink - Posted on 2021-05-07 17:00

The Fermilab physics laboratory in the U.S. has tidied up its systems after security researchers found weaknesses exposing documents, proprietary applications, personal information, project details and credentials. Fermilab, which is part of the U.S. Department of Energy, is a world-famous particle accelerator and physics laboratory in Batavia, Illinois. One database the researchers discovered allowed unauthenticated access to 5,795 documents and 53,685 file entries.


19 Petabytes of Data Exposed Across 29,000+ Unprotected Databases

Permalink - Posted on 2021-05-07 17:00

CyberNews researchers found that more than 29,000 databases worldwide are still completely unprotected and publicly accessible, leaving close to 19,000 terabytes of data exposed to anyone, including threat actors.


U.S. Defense Contractor BlueForce Apparently Hit by Ransomware

Permalink - Posted on 2021-05-07 17:00

The Conti ransomware operators demanded nearly $1 million in bitcoin during ransomware negotiations and threatened to publish the defense contractor's data on its leak site.


Most Organizations Feel More Vulnerable to Breaches Amid Pandemic

Permalink - Posted on 2021-05-07 17:00

More than half of business see the need for significant long-term changes to IT due to COVID-19, research finds. Assessing Cybersecurity Risk in Today's Enterprises, finds 38% of respondents describe their data as being at "significantly higher" or "imminent" risk because of COVID-19-related threats. The research also found 51% expect their organizations to make significant long-term changes to IT and business operations as a result of the pandemic. Cloud security is top of mind for IT and security teams as 41% express concern about exploits targeting cloud service providers. When asked about which aspects of cloud services were most concerning from a security perspective, 45% cited a lack of visibility into their organization's data as it is transmitted or stored via cloud services.


Half of U.K. Manufacturers Suffered a Cyber Attack Last Year

Permalink - Posted on 2021-05-06 17:00

Half of British manufacturers and even more in the automotive sector suffered a successful cyber-attack last year, but cost remains a major barrier to improvements, according to an industry body. Make UK, which represents the sector, claimed that the 47% figure overall rose to 62% for carmakers.


Financial Services Experience 125% Rise in Exposure to Mobile Phishing

Permalink - Posted on 2021-05-06 17:00

Financial services and insurance organizations experienced a 125% rise in exposure to mobile phishing attacks in 2020 compared to 2019, according to Lookout’s Financial Services Threat Report. The cloud security firm also found that malware and app risk exposure went up by more than 400% on average per quarter last year among the industry’s employees and customers. This was despite a 50% growth in mobile device management deployment during this period.


Network Intrusions and Ransomware Attacks Overtake Phishing as Main Breach Cause

Permalink - Posted on 2021-05-06 17:00

Network intrusion incidents have overtaken phishing as the leading cause of healthcare data security incidents, which has been the main cause of data breaches for the past 5 years. In 2020, 58% of the security incidents dealt with by BakerHostetler’s Digitial Assets and Data Management (DADM) Practice Group were network intrusions, most commonly involving the use of ransomware.


France: Ransomware Attack on Environmental Center Resulted in Data Loss

Permalink - Posted on 2021-05-06 17:00

La Nouvelle Republique reports that the Permanent Center for Environmental Initiatives of Gâtine (CPIE) experienced a cyberattack on April 18 that resulted in irretrievable data loss.. “We had a cryptographic virus that got into our computer server. When we opened the system, all our files had the same name. And if we wanted to decrypt them, we had to pay a ransom to do that,” says Adèle Gamache, director of CPIE, adding: We have lost everything in terms of files since April 2020: educational tools, booklets, action sheets.


Orthopedic Associates of Dutchess County Notifies More Than 330,000 Patients of Breach

Permalink - Posted on 2021-05-06 17:00

On March 5, Orthopedic Associates of Dutchess County in New York (“OADC”) became aware of suspicious activity involving its systems. Their investigation determined that an unauthorized actor gained access to certain OADC systems on or about March 1, 2021, encrypted files, and then claimed to have removed and/or viewed certain files.


Malware Group Leaks Millions of Stolen Authentication Cookies

Permalink - Posted on 2021-05-06 17:00

To add insult to injury, after users were infected by a malware strain that stole their passwords and personal data, the malware operators forgot to secure their backend servers, which leaked sensitive user information for hundreds of thousands of victims for more than a month.


CaptureRx Data Breach Impacts Healthcare Providers

Permalink - Posted on 2021-05-06 17:00

At least a few American healthcare suppliers have suffered a facts breach following a cyber-attack on an administrative expert services company in Texas. CaptureRx, which is based mostly in San Antonio, fell sufferer to a ransomware attack on February 6. On February 19, an investigation into the attack identified that specified documents experienced been accessed without authorization. During the attack, cyber-criminals exfiltrated information containing the particular overall health details (PHI) of much more than 24,000 persons.


Faxton St. Luke's Healthcare Vendor Faces Data Breach

Permalink - Posted on 2021-05-06 17:00

Faxton St. Luke’s Healthcare (FSLH), an affiliate of the Mohawk Valley Health System (MVHS), was notified on March 30, 2021, that Capture RX, a third party business associate, experienced a data breach on Feb. 6, 2021. The breach included limited data on 17,655 patients of FSLH.


Shoppers Choose Guest Checkouts Over Security Fears

Permalink - Posted on 2021-05-05 16:00

A quarter (22%) of shoppers use guest checkouts because they’re concerned about handing more personal data over to e-commerce providers, according to a new study. E-commerce search specialist Empathy.co commissioned Censuswide to poll a representative sample of 4000 British consumers to better understand their online preferences. It revealed widespread mistrust of online stores and a desire to gain more control over personal data. Only 13% said they’re not concerned about how their data is used at all, while over two-fifths (42%) claimed that they’re extra careful when providing personal data and accepting legal notices. A further two-fifths (40%) agreed that they don’t like being asked for unnecessary or sensitive data.


Peloton's Leaky API Spilled Riders' Private Data

Permalink - Posted on 2021-05-05 16:00

Peloton has hit a pothole. Its API was leaking riders’ private data, it ignored a vulnerability disclosure from a penetration testing company, and it partially fixed the hole but didn’t get around to telling the researcher until he reached out to a cybersecurity journalist for some help.


Lawmakers Call for Investigation into Breach of the Contact Tracing Data of 72,000 Pennsylvanians

Permalink - Posted on 2021-05-05 16:00

Lawmakers in the Commonwealth of Pennsylvania are calling for an investigation into a data breach involving the contact tracing information of 72,000 Pennsylvanians after it was discovered that sensitive information was being shared via unauthorized channels without the necessary security protections. An investigation conducted by Target 11 found employees had been recording contact tracing information in the free versions of Google Sheets and were sharing those spreadsheets and other documents with colleagues via personal email accounts for contact tracing purposes. The free versions of these Google services are not HIPAA compliant and should not have been used.


Florida Girl, 18, Faces 16-Year Jail for Hacking 'Homecoming Queen' Contest with Mom's Help

Permalink - Posted on 2021-05-05 16:00

Emily and her assistant principal mother Laura Rose Carroll are accused of hacking student school accounts to cast fake votes and make her win the contest.


Canada's Boutin Transport Company Victim of a Cyber Attack

Permalink - Posted on 2021-05-05 16:00

Groupe Boutin Inc. is a firm in Quebec providing logistics, transportation, and warehousing services, as well as private fleets. The attack has been claimed by CL0P threat actors, who have listed the company on their leak site and have dumped a number of files allegedly from Boutin’s server(s).


Americans Turn to VPNs to Prevent Online Fraud and Hacking

Permalink - Posted on 2021-05-05 16:00

New York, NY-based coupon engine CouponFollow, part of NextGen Shopping surveyed 1,666 US adults before the pandemic and a further 1,834 US adults in February 2021 to understand how Americans view their internet security and data privacy. The report showed that almost seven in ten (69%) of Americans are concerned about the security of their data when using public Wi-fi, and nearly two in three (64%) are worried about it when using the internet at home. A similar percentage (65%) are concerned that their medical or financial data might be shared -- or sold on -- by their ISP. Online privacy worries almost half (47%) of Americans who are concerned about their privacy when using public Wi-Fi. Nearly a third (30%) worry about their privacy even when using the Internet at home.


SmileDirectClub Reveals Cyber Security Incident That Could Cost Millions

Permalink - Posted on 2021-05-04 16:00

SmileDirectClub was the victim of a cybersecurity threat last month that could cost the teledentistry firm as much as $15 million, the company announced in a filing made Monday with the U.S. Securities and Exchange Commission.


Gifford says Vendor Had Data Breach

Permalink - Posted on 2021-05-04 16:00

Gifford Health Care last month notified federal authorities of a data breach involving a vendor that helps administer one of the Randolph-based medical center’s drug-pricing programs. Gifford notified the U.S. Department of Health and Human Services on April 23 of a “hacking/IT incident” involving a network server, according to HHS records.


Hackers Break into Glovo, Europe's $2 Billion Amazon Rival

Permalink - Posted on 2021-05-04 16:00

A cybercriminal has managed to break into the $2 billion-valued Spanish delivery startup Glovo. The hacker was selling access to both customer and courier accounts, with the ability to change their passwords. It comes just a month after Glovo, which aims to become the Amazon of Europe, a rival also capable of delivering anything, announced a huge $530 million round, taking its overall funding to over $1 billion and boosting plans to take the company public in the next few years.


Health Aid of Ohio Security Incident Affects Up to 141,00 Individuals

Permalink - Posted on 2021-05-04 16:00

Health Aid of Ohio, a Parma, OH-based full-service home medical equipment provider, has discovered unauthorized individuals gained access to its systems and exfiltrated some files from its network. The breach was detected on February 19, 2021 when suspicious network activity was detected. Action was quickly taken to eject the attackers from the network and secure all patient data. An investigation into the breach confirmed that files were accessed and exfiltrated from Health Aid’s systems, but it was not possible to determine exactly which files had been removed from its systems. It is possible that some of the exfiltrated files contained the protected health information of VA plan members.


Third Parties Caused Data Breaches at 51% of Organizations

Permalink - Posted on 2021-05-04 16:00

Remote access is becoming an organization's weakest attack surface, according to new research published today by the Ponemon Institute and third-party remote access provider SecureLink. The new report, titled “A Crisis in Third-party Remote Access Security,” reveals a disparity between an organization's perceived third-party access security threat and the protective measures it puts in place. Researchers found that organizations are exposing their networks to non-compliance and security risks by not taking action to reduce third-party access risk. Nearly half (44%) of organizations were found to have experienced a security breach within the last 12 months. Of those organization, three-quarters (74%) said that the breach had occurred because too much privileged access had been given to third parties.


Telstra Service Provider Hit by Cyber Attack as Hackers Claim SIM Card Information Stolen

Permalink - Posted on 2021-05-04 16:00

Hackers have claimed they have gained access to “tens of thousands” of SIM cards after a cyber attack against an Australian telecom firm. The victim, Melbourne-based Schepisi Communications, describes itself as a “platinum partner” of Telstra that supplies phone numbers and cloud storage services on behalf of the telecommunications giant. The company’s website has been offline for days after a hacker group said it infiltrated the company’s data systems and posted a disturbing ransom note on the dark web.


Over 40 Apps with More Than 100 Million Installs Found Leaking AWS Keys

Permalink - Posted on 2021-05-04 16:00

The AWS key leakage was spotted in some of the major apps such as Adobe Photoshop Fix, Adobe Comp, Hootsuite, IBM's Weather Channel, and online shopping services Club Factory and Wholee. The findings are the result of an analysis of over 10,000 apps submitted to CloudSEK's BeVigil, a mobile app security search engine.


Hackers Leak 150 Million User Records from Iranian Raychat App

Permalink - Posted on 2021-05-04 16:00

The hacker behind the data leak claims they downloaded the Raychat app data when the company exposed its entire database online between December 2020 to January 2021. The data leak which has been seen and analyzed by Hackread.com includes: Full names; IP addresses; Email addresses (The exact number leaked email address is yet unclear); Bcrypt passwords; Telegram messenger IDs, etc.


Twilio Discloses Impact from Codecov Supply-Chain Attack

Permalink - Posted on 2021-05-04 16:00

Cloud communications company Twilio has now disclosed that it was impacted by the recent Codecov supply-chain attack in a small capacity. As reported by BleepingComputer last month, popular code coverage tool Codecov had been a victim of a supply-chain attack that lasted for two months. During this two-month period, threat actors had modified the legitimate Codecov Bash Uploader tool to exfiltrate environment variables (containing sensitive information such as keys, tokens, and credentials) from Codecov customers' CI/CD environments. Using the credentials harvested from the tampered Bash Uploader, Codecov attackers reportedly breached hundreds of customer networks.


Cyber Security Control Failures Listed as Top Emerging Risk

Permalink - Posted on 2021-05-03 16:00

Cybersecurity control failures was listed as the top emerging risk in 1Q21 in a global poll of 165 senior executives across function and geography, according to Gartner. Despite a myriad of risks resulting from the pandemic, such as the new work environment and environmental, social and governance (ESG) concerns, cybersecurity risk was singled out with notable consistency across all geographic regions and most industries, cited by 67% of respondents. The next highest cited risk, “the new working model” was cited by 43% of respondents. “Many organizations were forced to implement quick fixes to serious operational gaps as a result of their initial pandemic responses,” said Matt Shinkman, VP with the Gartner Risk and Audit Practice.


58% of Orgs Predict Remote Workers Will Expose Them to Data Breach Risk

Permalink - Posted on 2021-05-03 16:00

35% of UK IT decision makers admitted that their remote workers have already knowingly put corporate data at risk of a breach in the last year according to an annual survey conducted by Apricorn. This is concerning given that over one in ten surveyed IT decision makers also noted that they either have no control over where company data goes or where it is stored (15%) and their technology does not support secure mobile/remote working (12%). Additionally, 58 percent still believe that remote workers will expose their organization to the risk of a data breach. This figure has risen steadily year on year from 44 percent in 2018, yet despite the pandemic, the number of organizations expecting their remote workers to put them at risk of a data breach in 2021 has remained level. Furthermore, 26% of organizations noted that their remote workers don’t care about security. Whilst this figure has dropped from 34 per cent last year, phishing (37%), employee negligence (27%), remote workers (15%) and third parties (13%) are still big avenues for attack and actionable cause of a breach.


eCommerce Fraud Losses to Surpass $20 Billion This Year

Permalink - Posted on 2021-05-03 16:00

The value of losses due to eCommerce fraud will rise this year, from $17.5 billion in 2020 to over $20 billion by 2021; a growth of 18% over a single year, according to a study from Juniper Research.


TurgenSec Finds 345,000 Files from Filipino Solicitor-General's Office Were Breached

Permalink - Posted on 2021-05-03 16:00

Sensitive documents from the solicitor-general of the Philippines, including information on ongoing legal cases and passwords, were breached and made publicly available online, the UK security firm has said.


Alaska Court System Briefly Forced Offline Amid Cyber Threat

Permalink - Posted on 2021-05-03 16:00

The Alaska Court System has temporarily disconnected most of its operations from the internet after a cybersecurity threat on Saturday, including its website and removing the ability to look up court records.


Scripps Health Hit by Cyber Attack

Permalink - Posted on 2021-05-03 16:00

Scripps Health confirmed Sunday their technology servers were hacked overnight, forcing the health care system to switch to offline chart systems and causing a disruption to their patient portals. Scripps did not provide any information on how the cyberattack occurred or state exactly what systems were affected by the breach.


Ransomware Attack On Midwest Transplant Network Affects More Than 17,000

Permalink - Posted on 2021-05-03 16:00

Families of organ, eye and tissue donors are receiving letters this week from the Midwest Transplant Network informing them of a data breach affecting more than 17,000 individuals. The attackers were able to obtain some personal health information about deceased donors and organ recipients, including names, dates of birth and types of organ donation or transplantation procedures.


France: Colis Privé Reports a Cyber Attack Is Causing Disruption in Operations

Permalink - Posted on 2021-05-03 16:00

Colis Privé specializes in home and relay delivery of packages to you, individuals, within 24 to 48 hours. It is a subsidiary of Hopps Group. The firm announced a breach on its web site.


Whistler Ransomware Attack Could Affect Thousands

Permalink - Posted on 2021-05-03 16:00

A ransomware attack on the Resort Municipality of Whistler (RMOW) could have far-reaching consequences, according to a cyber security expert, but there’s no way of knowing for sure until a full forensic investigation is completed.


Data Breach Alerts in Singapore Up on New Reporting Rules

Permalink - Posted on 2021-05-03 16:00

The number of data breach alerts Singapore's data protection watchdog received tripled in the February-March period compared with the previous two months. This comes amid a string of potential personal data leaks reported in recent months. Legal and information technology security experts said the increase could have been due to a new data breach notification requirement companies must follow from Feb 1, as well as rising cyber-security threats.


Canada: B.C. Student Loan Website Down After Being Taken Over by Hackers

Permalink - Posted on 2021-05-03 16:00

The website that B.C. students visit to manage their student loans appears to have been hacked. At around 9 p.m. Sunday people on Twitter reported the landing page for studentaidbc.ca was replaced with a black page with green writing and music playing in the background. The site remained down as of 7:30 a.m. Monday. The LearnLive BC website was also down. This apparent hacking comes just days before the summer semester starts for students in early May.


Virgin Active Goes Offline After Sophisticated Cyber Attack

Permalink - Posted on 2021-05-03 16:00

Virgin Active SA says it was forced to go offline after being targeted by sophisticated cybercriminals. Forensic experts are probing the extent of the attack to determine if any information was compromised.


Hackers Hit H&M Israel as Local Firms Fight New Wave of Cyber Attacks

Permalink - Posted on 2021-05-03 16:00

At least four Israeli companies, one NGO may have been targeted by what experts say could be a new attack by the Iranian group that was behind previous hacks.


TRB's Registration Database Hacked in Ransomware Attack

Permalink - Posted on 2021-05-03 16:00

The Transportation Research Board’s annual meeting registration services database was compromised in March by cybercriminals in a ransomware attack, the organization announced April 28. “As a result of the attack, personal information for those who registered for TRB annual meetings from 2015-2021, may have been exposed and obtained in the attack,” TRB said in an email to all conference registrants since 2015. The vendor, J. Spargo & Associates Inc., based in Fairfax, Va., alerted TRB to the hack on March 14, TRB said.


Californian Healthcare Provider Discovers Patient Data was Exposed on the Internet for Over a Year

Permalink - Posted on 2021-04-30 17:00

Doctors Medical Center of Modesto (DCM) in California has discovered a contractor used by a former vendor accidentally exposed patient data over the Internet. DCM had contracted with the SaaS platform provider Medifies to provide virtual waiting room services. On April 2, 2021, DCM discovered the data of some of its patients was accessible over the Internet. DCM contacted Medifies about the exposed data and the issue was corrected the same day and the data was secured. The investigation into the breach confirmed an error had been made when performing a software update which allowed the data to be accessed via the Internet. The error was made by a Medifies software development contractor.