Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Bank Data Leak. Show all posts

Wise and Evolve Data Breach Highlights Risks of Third-Party Partnerships

 

Wise, a prominent financial technology company, recently disclosed a data breach impacting some customer accounts due to a ransomware attack on their former partner, Evolve Bank & Trust. The breach has raised significant concerns about the security of third-party partnerships, especially in financial services. From 2020 to 2023, Wise partnered with Evolve to provide USD account details for their customers. Last week, Evolve confirmed an attack attributed to the notorious ransomware group LockBit. 

The group leaked the data after the bank refused to pay the ransom. The breach underscores the precarious nature of relying on third-party companies for critical services and trusting their security measures. Evolve has not yet confirmed the specific personal information leaked. However, Wise has taken a transparent approach, confirming that the shared information included names, addresses, dates of birth, contact details, Social Security numbers (SSNs) or Employer Identification Numbers (EINs) for U.S. customers, and other identity document numbers for non-U.S. customers. 

Evolve’s initial investigation suggests that names, SSNs, bank account numbers, and contact information for most of their personal banking customers, as well as customers of their Open Banking partners, were affected. In response to the breach, Wise assured its customers that they no longer work with Evolve Bank & Trust. Currently, USD account details are provided by a different bank, emphasizing their commitment to security and customer trust. 

Wise has implemented additional security protocols and is collaborating with cybersecurity experts to understand the breach’s scope and fortify their defenses. Wise has proactively communicated with its customers, recommending precautionary steps such as changing passwords, enabling two-factor authentication, and monitoring account activity for any suspicious transactions. They have also provided resources and support to help customers protect their information. The breach has heightened concerns among customers regarding the security of their personal and financial information. 

Despite the challenges posed by the breach, Wise’s proactive approach and transparent communication have helped reassure customers. The company continues to work closely with cybersecurity experts to enhance their defenses and prevent future incidents. As the investigation progresses, Wise is determined to provide regular updates and support to affected customers. Their dedication to transparency and user security remains unwavering, ensuring that they take every step necessary to safeguard their users’ information and maintain their trust. 

This incident highlights the growing threat of cyberattacks on financial institutions and the critical need for robust security measures. Customers are reminded to stay alert and take proactive steps to protect their online accounts. Wise’s efforts to address the breach and protect their users underscore their commitment to maintaining trust and security for their customers.

UK Military Data Breach via Outdated Windows 7 System

A Windows 7 machine belonging to a high-security fencing company was the stunning weak link in a shocking cybersecurity incident that exposed vital military data. This hack not only underlines the need for organizations, including those that don't seem to be in the military industry, to maintain strong digital defenses, but it also raises questions about the health of cybersecurity policies.

The attack was started by the LockBit ransomware organization, which targeted Zaun, the high-security fencing manufacturer, according to reports from TechSpot and CPO Magazine. The attackers took advantage of a flaw in the Windows 7 operating system, which Microsoft no longer officially supports and as a result, is not up to date with security patches. This emphasizes the dangers of employing old software, especially in crucial industries.

The compromised fencing company was entrusted with safeguarding the perimeters of sensitive military installations in the UK. Consequently, the breach allowed the attackers to access vital data, potentially compromising national security. This incident underscores the importance of rigorous cybersecurity measures within the defense supply chain, where vulnerabilities can have far-reaching consequences.

The breach also serves as a reminder that cybercriminals often target the weakest links in an organization's cybersecurity chain. In this case, it was a legacy system running an outdated operating system. To mitigate such risks, organizations, especially those handling sensitive data, must regularly update their systems and invest in robust cybersecurity infrastructure.

As investigations continue, the fencing company and other organizations in similar positions need to assess their cybersecurity postures. Regular security audits, employee training, and the implementation of the latest security technologies are critical steps in preventing such breaches.

Moreover, the incident reinforces the need for collaboration and information sharing between the public and private sectors. The government and military should work closely with contractors and suppliers to ensure that their cybersecurity practices meet the highest standards, as the security of one entity can impact many others in the supply chain.

The breach of military data through a high-security fencing firm's Windows 7 computer serves as a stark reminder of the ever-present and evolving cybersecurity threats. It highlights the critical importance of keeping software up to date, securing supply chains, and fostering collaboration between various stakeholders. 

Australian Medibank Alert Customers After Private Data Leak

The major health insurer in Australia, Medibank Private Ltd (MPL.AX), revealed on Wednesday that the hacker may leak additional stolen data if the company continues to refuse to pay the demanded ransom. 

Prime Minister Anthony Albanese acknowledged that he is one of the millions of Australian Medibank customers who may have been impacted by the most recent cyberattack, but he supported the insurer's refusal to pay a ransom.

"For some, this is incredibly difficult. It will worry me that part of this information has been made public as I am also a Medibank Private customer," said Albanese.

According to Medibank, additional Australian customers' private medical information will likely be posted on the dark web as the perpetrators of the most recent cyberattack try to put more pressure on the insurance.

A sample of customer information, which included names, addresses, dates of birth, phone numbers, and email addresses, was discovered to have been placed online on the dark web this morning. In other instances, the passport numbers of foreign students who had registered with Medibank Group's partner company ahm were also made public.

If a hacker gained access to the prime minister's personal or medical information, it is not immediately evident. According to Medibank, information on 9.7 million of both current and former clients was exposed.

Federal Cyber Security Minister Clare O'Neil stated in a statement on Wednesday that Medibank's decision to forego paying a ransom is in line with the government's recommendation. Customers that were affected were encouraged to be extremely vigilant against extortion attempts. On Wednesday, Medibank Chief Executive David Koczkar called the occurrence 'a criminal crime.'

Since September, there has been an increase in cyberattacks in Australia, with at least eight businesses reporting intrusions, including the telecom company Optus, which is owned by Singapore Telecommunications (STEL.SI).

Conti Cyberattack Reported via Bank Indonesia

 

The Indonesian central bank was hit by ransomware, but the threat was reduced and the attack had no impact on the country's essential services. As per the bank, the situation was contained before it had a negative influence on BI's essential services, as Reuters initially reported.

"Last month, BI was informed of a ransomware attack. The bank was targeted by a cyber-attack. This is a true crime, the bank had witnessed," said Erwin Haryono, spokesman for Bank Indonesia. 

According to CNN Indonesia, the criminals allegedly took "non-critical" staff data and planted ransomware payloads on multiple computers on the bank's network during the attack on a central bank branch on the island of Sumatra. While Bank Indonesia didn't disclose who was behind the ransomware assault, security experts believe it was perpetrated by the Conti ransomware gang. 

Conti is a Russian-speaking ransomware cell that has infected over 400 companies globally, including 290 in the United States alone. Phishing emails (malicious URLs or attachments) or stolen/cracked windows remote protocol (RDP) credentials are primarily used attack vectors by Conti attackers to access victim networks. 

The group appears to target high-profile company networks, which infiltrate by using BazarLoader or TrickBot malware to gain illegal remote access to crucial devices. Threat actors strive to spread the infection by infecting additional linked devices after compromising the network. The cybercriminals then take records, encrypt servers and desktops, and demand a ransom payment. 

The Conti ransomware group claimed responsibility for the attack and listed Bank Indonesia among its victims on a Tor leaks site, claiming to have stolen about 14 GB (13.88 GB) of data.

Ransomware is used by cybercriminals to infiltrate selected network operations, infect critical data, and encrypt systems, rendering it unavailable to others. To decrypt infected systems, threat actors demand a ransom. If the victim continues to resist, hackers can threaten to expose secret information in order to put more pressure on the individual or organization.

Bank Indonesia should analyze the severity of the attack, according to Miftah Fadhli, a cybersecurity specialist at the NGO Institute of Policy Research and Advocacy (ELSAM), because it might "carry a major danger" and affect its transactions.

African Bank Alerts of Data Breach With Personal Details Compromised

 

South African retail bank African Bank has confirmed that one of its debt recovery partners, Debt-IN, was targeted by a ransomware attack in April 2021. 

Expert security advice determined at the time that there was no indication that the ransomware assault resulted in a data leak – nevertheless, Debt-IN is now aware of the fact that the personal information of some customers, including several African Bank Loan customers under debt review, has been breached. 

Debt-IN is certain that no data communicated after April 1, 2021, has been compromised, as per the bank. 

It stated, “A robust mitigation plan has been implemented by Debt-IN to contain and reduce any further adverse impact.”

“We have been collaborating with Debt-IN to address this breach. We have notified the relevant regulatory authorities and we are also in the process of alerting customers who have been affected, via email and SMS.” 

African Bank's fraud prevention team has significantly enhanced security safeguards to protect all clients as an added precaution. 

“If you detect any suspicious activity, or feel that your information has been compromised, you can apply for a free Protective Registration listing with the Southern African Fraud Prevention Services (SAFPS),” the bank added. 

“This will alert banks and credit providers that an identity has been compromised. You can apply by emailing protection@safps.org.za.” 

Latest in a line of high-profile data breaches

Customers of African Bank can contact 0861 111 011 if they detect suspicious activity on their accounts. The breach is the most recent in a string of high-profile data breaches and cyber assaults in South Africa this year. 

Following an investigation into the data breach at Experian in August 2020, the Hawks caught a 36-year-old suspect in Gauteng last week (15 September). 

The South African Banking Risk Information Centre (SABRIC) stated that Experian, a consumer credit reporting firm, has suffered a data breach, compromising the personal information of millions of South Africans. 

Experian initially disclosed that there had been a data breach that leaked personal details of up to 24 million South Africans and 793,749 business enterprises to a potential criminal. 

In recent months, the Justice Department was also targeted by a ransomware attack, and it is currently working to restore its systems. In July, Transnet was also targeted in a similar manner.