Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Customer Data. Show all posts
Privacy
Customer Data Federal Trade Commission General Motors Privacy

GM Faces FTC Ban on Selling Customer Driving Data for Five Years

 



General Motors (GM) and its OnStar division have been barred from selling customer-driving data for the next five years. This decision follows an investigation that revealed GM was sharing sensitive customer information without proper consent.  

How Did This Happen?

This became public after it was discovered that GM had been gathering detailed information about how customers drove their vehicles. This included how fast they accelerated, how hard they braked, and how far they travelled. Rather than keeping this data private, GM sold it to third parties, including insurance companies and data brokers.

Many customers did not know about this practice and complained when their insurance premiums suddenly increased. According to reports, one customer complained that they had enrolled in OnStar to enjoy its tracking capabilities, not to have their data sold to third parties.

FTC's Allegations

The Federal Trade Commission (FTC) accused GM of misleading customers during the enrollment process for OnStar’s connected vehicle services and Smart Driver program. According to the FTC, GM failed to inform users that their driving data would be collected and sold.

FTCP Chair Lina Khan said GM tracked and commercially sold the extremely granular geolocation data of consumers and drove behaviour as frequently as every couple of seconds, and the settlement action is taking to protect privacy and prevent people from being subjected to unauthorized surveillance, according to officials.

Terms of Settlement

 Terms of the agreement require GM to:
1. Explain clearly data collection practices.
2. Obtain consent before collecting or sharing any driving data.  
3. Allow customers to delete their data upon request.  
Additionally, GM has ended its OnStar Smart Driver program, which was central to the controversy.

In a brief response, GM stated that it is committed to safeguarding customer privacy but did not address the allegations in detail.

Why This Matters  

This case highlights the growing importance of privacy in the digital age. It serves as a warning to companies about the consequences of using customer data without transparency. For consumers, it’s a reminder to carefully review the terms of services they sign up for and demand accountability from businesses handling personal information.

The action the FTC takes in this move is to make sure that companies give ethical practice priority and respect customers' privacy.







Read more »
Sensitive customer information
Chrome Extension Customer Data Cyber Attacks Cybersecurity measures Data Loss data security Phishing email Sensitive customer information

Cyberattack on Cyberhaven Chrome Extension Exposes Sensitive Data

 


On Christmas Eve, Cyberhaven, a data loss prevention company, experienced a cyberattack targeting its Google Chrome extension. The breach exposed sensitive customer data, including passwords and session tokens. The company has since taken swift measures to address the issue and prevent future incidents.

The attack occurred after a Cyberhaven employee fell victim to a phishing email, inadvertently sharing their credentials. This gave the attacker access to Cyberhaven’s systems, specifically the credentials for the Google Chrome Web Store. Leveraging this access, the attacker uploaded a malicious version (24.10.4) of the Cyberhaven Chrome extension. The compromised version was automatically updated on Chrome-based browsers and remained active from 1:32 AM UTC on December 25 to 2:50 AM UTC on December 26.

Swift Response by Cyberhaven

Cyberhaven’s security team discovered the breach at 11:54 PM UTC on Christmas Day. Within an hour, they removed the malicious extension from the Web Store. CEO Howard Ting praised the team’s dedication, stating, “Our team acted swiftly and with remarkable dedication, interrupting their holiday plans to safeguard our customers and maintain our commitment to transparency.”

While no other Cyberhaven systems, such as CI/CD processes or code signing keys, were affected, the compromised extension potentially enabled the exfiltration of user cookies and authenticated sessions for specific targeted websites. This incident underscores the persistent risks posed by phishing attacks and the critical need for robust security measures.

Mitigation Measures for Users

To mitigate the impact of the breach, Cyberhaven has advised users to take the following steps:

  • Update the extension to version 24.10.5 or newer.
  • Monitor logs for unusual activity.
  • Revoke or reset passwords not protected by FIDOv2.

These proactive measures are essential to prevent further exploitation of compromised credentials.

Enhanced Security Measures

In response to the attack, Cyberhaven has implemented additional security protocols to strengthen its defenses. The company is also working with law enforcement to investigate the breach and identify the attackers, who reportedly targeted other companies as well.

This attack highlights the increasing sophistication of cyber threats, particularly those exploiting human error. Phishing remains one of the most effective tactics for gaining unauthorized access to sensitive systems. Companies must prioritize employee training on recognizing phishing attempts and establish multi-layered security frameworks to mitigate vulnerabilities.

Cyberhaven’s swift response and transparent communication reflect its commitment to customer security and trust. As the investigation continues, this incident serves as a stark reminder of the importance of vigilance in the ever-evolving landscape of cybersecurity threats.

Read more »
Salt Typhoon
AT&T Customer Data Cyber Attacks Salt Typhoon

AT&T Confirms Cyberattack Amid Salt Typhoon Hacking Incident

 

AT&T has confirmed being targeted in the Salt Typhoon hacking attack, a cyber operation suspected to involve China. Despite the attack, the telecommunications giant assured customers that its networks remain secure.

In a statement, AT&T revealed that hackers aimed to access information related to foreign intelligence subjects. The company clarified, “We detect no activity by nation-state actors in our networks at this time.” It further added that only a limited number of individuals’ data had been compromised. Affected individuals were promptly notified, and AT&T cooperated with law enforcement to address the breach.

Investigation and Preventive Measures

To prevent future incidents, AT&T is collaborating with government agencies, other telecom companies, and cybersecurity experts. The company has intensified its monitoring efforts and implemented enhanced measures to safeguard customer data.

The Salt Typhoon attack is not an isolated event; it forms part of a broader wave of cyberattacks targeting major telecom companies. Reports suggest that hackers may have accessed systems used by federal agencies to process lawful wiretapping requests. These systems play a critical role in law enforcement operations, making their compromise particularly alarming.

In October, similar breaches were reported by other telecom providers. Verizon Communications disclosed suspicious activity, and T-Mobile revealed it had thwarted an attempted breach before customer data could be accessed.

White House Deputy National Security Advisor Anne Neuberger stated that nine telecom companies had been targeted in the Salt Typhoon attack but refrained from naming all the affected firms.

China, in response, denied any involvement in the attacks, asserting that it opposes state-sponsored cyber activities.

Lessons for Cybersecurity

The Salt Typhoon attack underscores the critical need for robust cybersecurity practices in the telecom industry. AT&T’s prompt response highlights the importance of transparency and collaboration in addressing cyber threats. This incident serves as a reminder for organizations to invest in stronger protective measures, especially as digital systems become increasingly integral to global operations.

While no system is entirely immune to cyber threats, preparedness and swift action can significantly mitigate potential damage.

Read more »
Password Security
Account security blocking unauthorized access Customer Data Cyber Security Data Safety User Data Password Security

Zello Urges Password Resets Amid Potential Security Incident

 

Zello, a widely used push-to-talk mobile service with over 140 million users, has advised customers to reset their passwords if their accounts were created before November 2, 2024. This precautionary measure follows what appears to be a new security concern, though the exact nature of the issue remains unclear. Zello's actions suggest possible unauthorized access to user accounts. 
 

Zello’s Advisory and User Notification 

 
Starting November 15, 2024, users began receiving notifications from Zello recommending password changes. The notification stated: > 

“As a precaution, we are asking that you reset your Zello app password for any account created before November 2nd, 2024. We also recommend that you change your passwords for any other online services where you may have used the same password.” 
 
The notification also provided a link to a support page with instructions on how to reset passwords through the Zello app. 

Potential Causes: Data Breach or Credential Stuffing? 

 
While Zello has yet to provide further clarification, the lack of detailed communication has raised concerns among users. Efforts by media outlets to obtain a response from the company have been unsuccessful. 
 

The timing and scope of the notice suggest two possibilities: 

 
1. A Data Breach – Unauthorized access to Zello’s systems, potentially compromising user data. 
2. Credential Stuffing – A cyberattack method where attackers use stolen login credentials from other platforms to gain access to Zello accounts. 
 
Notably, the advisory affects only accounts created before November 2, 2024, indicating that the security event may have occurred around that date. 


Past Security Incidents 

This is not the first time Zello has faced a security issue. In 2020, the company experienced a data breach that compromised customer email addresses and hashed passwords, prompting a similar password reset. 

The Importance of Cybersecurity for Essential Services 

 
Zello plays a critical role in communication for sectors such as first responders, transportation, and hospitality, making robust security measures essential. The incident underscores the importance of adopting strong cybersecurity practices: 
- Use Unique, Complex Passwords: Avoid reusing passwords across multiple platforms. 
- Enable Two-Factor Authentication (2FA): Adds an additional layer of security and significantly reduces the risk of unauthorized access. 

User Vigilance and the Need for Transparency 


While Zello’s proactive warning is a positive step, users are calling for greater transparency regarding the root cause of the issue and the measures being taken to prevent future incidents. Organizations like Zello, which support essential communication services, have a heightened responsibility to ensure platform integrity and promptly address security vulnerabilities. 
 
In the meantime, users are strongly encouraged to follow Zello’s instructions and reset their passwords immediately. Taking these precautions can help safeguard personal data and reduce exposure to potential cyber threats. 

As cybersecurity threats continue to evolve, both service providers and users must remain vigilant to ensure the safety and security of their digital ecosystems.
Read more »
TransUnion
Customer Data Customer Data Exposed Data Breach Fidelity Investment fraud OWASP TransUnion

Fidelity Investments Data Breach Affects 77,099 Customers

 

Fidelity Investments recently disclosed a data breach that impacted 77,099 customers, with details made public in an October 9 filing with the Maine Attorney General’s Office. The breach occurred on August 17, 2024, and was discovered two days later on August 19. According to a letter sent to those affected, unauthorized access was gained to two newly established customer accounts. Using these accounts, the attackers were able to view and obtain personal information, although Fidelity noted that account balances or transactions were not viewed. 

While Fidelity did not disclose the specific types of data stolen, it has assured affected customers by offering 24 months of free credit monitoring and identity restoration services through TransUnion. The absence of service disruptions during the breach suggests that the attack was likely not ransomware-based, although the form of the attack remains undisclosed. Fidelity’s spokesperson, when addressing the breach, said the attackers “viewed customer information” without directly accessing customer accounts. Security experts believe that this kind of attack likely exploited a vulnerability in Fidelity’s web applications. 

Venky Raju, the field chief technology officer at ColorTokens, noted that the attack vector likely involved a misconfiguration in customer-facing applications, allowing the attackers to establish new accounts and access customer information through them. This method aligns with known vulnerabilities in web security, including those listed in the OWASP Top 10 Web Application Security Risks. Exploiting these vulnerabilities can allow attackers to bypass account security and access sensitive data. Cybersecurity analysts have speculated that the breach was primarily an information-gathering exercise. According to Sarah Jones, a cyberthreat intelligence research analyst at Critical Start, the motive behind the breach likely involved gathering data that could be used for future attacks. 

These could range from identity theft and phishing campaigns to more severe scenarios like ransomware demands. The personal information obtained through such breaches can be valuable on its own, or it can serve as a means for launching further, more sophisticated cyberattacks. As the investigation continues, Fidelity is working with external cybersecurity experts to understand the scope of the breach and to implement additional security measures. Customers are encouraged to stay vigilant and monitor their accounts for unusual activity. By providing affected users with credit monitoring and identity restoration services, Fidelity aims to mitigate the risks posed by the breach while ensuring that proper measures are put in place to prevent future incidents.  

While the exact impact of the data breach remains unclear, it serves as another reminder of the growing threats to personal information in the digital age. The evolving tactics of cybercriminals, particularly in exploiting vulnerabilities in web applications, highlight the importance of continuous security assessments and prompt responses to emerging threats.
Read more »
Penetration Testing
Automotive Industry connected technology Customer Data Cybersecurity Dark Web Data Breach Hyundai IoT. IPO Penetration Testing

Hyundai's IPO Documents Reveal Cybersecurity Measures Amid Rising Data Breach Concerns

 

Hyundai’s recent IPO filing sheds light on its cybersecurity stance, offering a detailed look at the obstacles the company has encountered while safeguarding customer data. The red herring prospectus of Hyundai Motor India Ltd (HMIL) not only assesses its financial standing but also exposes past cybersecurity breaches, outlining the company’s risk management strategies.

The IPO launch comes at a time when cybersecurity is a top priority for global businesses, especially in the automotive sector, which increasingly depends on connected technologies. Hyundai's documents disclose two significant data breaches—one in December 2022 and another in February 2023. In both cases, hackers exposed customer information on the dark web.

Hyundai IPO: Key Cybersecurity Disclosures

The first breach, in December 2022, resulted in customer data being leaked online. Following the attack, Hyundai implemented extensive penetration tests to detect vulnerabilities and managed to remove the stolen information from the dark web, according to Autocar Professional. After a second breach in February 2023, the company quickly disabled the vulnerable APIs hackers had used to exploit the system. Hyundai’s prospectus notes the persistent challenge of securing data against cyberattacks, emphasizing that while efforts have been made, the risk of future breaches remains. Hackers may still seek unauthorized access, potentially impacting vehicle operations and customer data, the document warns.

Recognizing these vulnerabilities is vital for investors, especially considering the legal risks the company could face if customer data is compromised. Hyundai has actively outlined its cybersecurity efforts, stressing that protecting customer information is a top priority for the company.

Hyundai’s Next Steps in Cybersecurity

Hyundai’s cybersecurity efforts include assembling a specialized team to manage vulnerabilities and monitor potential cyber threats continuously. This proactive approach is increasingly necessary as cyberattacks become more advanced, particularly with the rise of connected vehicles and IoT technologies.

The automaker adheres to both national and international cybersecurity standards, consistently updating its protocols to align with the evolving threat landscape. This commitment is not just about data protection; it reflects the company’s awareness that consumer trust is key to maintaining its brand reputation as it moves forward with its IPO.

With these cybersecurity incidents in mind, it’s clear that the automotive industry must stay alert in protecting sensitive data. For companies like Hyundai, which handle vast amounts of customer information, the threat of cyber exploitation remains a major concern.
Read more »
Ransom Demand
CloudSEK Customer Data Customer Data Exposed Cybersecurity Breach Data Breach Fortnite IAM system MFA Ransom Demand

Fortinet Cybersecurity Breach Exposes Sensitive Customer Data

 

Fortinet experienced a significant cybersecurity breach involving a third-party cloud drive, where 440 GB of data was leaked by a hacker named “Fortibitch” after the company refused to pay the ransom. The breach affected about 0.3% of Fortinet’s customers, roughly 1,500 corporate users, and included sensitive information such as financial documents, HR data, customer details, and more. Experts highlight that the breach underscores the critical need for implementing rigorous cybersecurity measures like multi-factor authentication (MFA) and robust identity access management (IAM) systems. 

Multi-factor authentication is particularly emphasized as a vital layer of defense against unauthorized access, significantly reducing the risk of data exposure when combined with strong identity access management. Organizations need to ensure that they enforce MFA and other identity management protocols consistently, especially for accessing essential systems like SharePoint and cloud storage services. Jim Routh, Chief Trust Officer at Saviynt, pointed out the growing concern over cloud security, given its increased adoption in software development and data storage. He stressed that without proper safeguards, such as MFA and secure access controls, sensitive data is at risk of exposure. 

Cybersecurity analyst Koushik Pal from CloudSEK echoed this sentiment, advocating for stricter IAM policies and urging organizations to regularly monitor repositories for potential misconfigurations, exposed credentials, or sensitive data leaks. This kind of vigilance is necessary for all teams to adhere to security best practices and minimize vulnerabilities. Relying on third-party vendors for data storage, as Fortinet did, is not inherently dangerous but introduces additional risks if strict security protocols are not enforced. The breach serves as a reminder that even established cybersecurity companies can fall victim to attacks, highlighting the need for ongoing vigilance. 

According to Routh, it’s crucial for system administrators to manage accounts meticulously, ensuring that identity access management protocols are properly configured and that privileged access is monitored effectively. The breach exemplifies how cybercriminals exploit security weaknesses to gain unauthorized access to sensitive data. As cloud technologies continue to be integrated into businesses, the responsibility to protect data becomes increasingly important. Cybersecurity experts emphasize that organizations must invest in proper training, regularly update security measures, and remain vigilant to adapt to evolving cyber threats. 

Ensuring that MFA, identity management systems, and monitoring practices are in place can go a long way in protecting against similar breaches in the future. This Fortinet incident serves as a wake-up call, showing that no organization is entirely immune to cyber threats, regardless of its expertise in cybersecurity.
Read more »
Small Businesses
Australia Australian Businesses Customer Data Cyber Security awareness Data Breach Data Leak small business security Small Businesses

Small Trade Businesses Urged to Strengthen Security After Total Tools Data Breach

 

Small trade businesses are on high alert following a significant data breach at Total Tools, a major Australian hardware retailer, which exposed sensitive information of over 38,000 customers. This breach compromised customer names, credit card details, email addresses, passwords, mobile numbers, and shipping addresses, making small trade businesses potential targets for secondary cyberattacks. 

The CEO of the Council of Small Business Organisations Australia (COSBOA), Luke Achterstraat, emphasized the importance of heightened vigilance for businesses, especially those in the construction and trades sector, as they face increased risks of cyber threats. Achterstraat urged all businesses with online hardware accounts to monitor for any unusual activity in the coming days and weeks. He stressed the importance of protecting sensitive data, finances, and client information from potential scams and fraud. COSBOA recommends businesses to immediately review their security protocols, change all passwords linked to Total Tools accounts, and enable two-factor authentication where possible to minimize the risk of unauthorized access. 

To further support small businesses, COSBOA is promoting the Cyber Wardens program, a free eLearning initiative funded by the Federal Government. This program is designed to help small businesses and their employees fortify their digital defenses against cyber threats, equipping them with the knowledge to identify and prevent cyberattacks. COSBOA has partnered with industry bodies such as the Master Builders Association, the National Timber and Hardware Association, and the Master Grocers Association to ensure that small businesses across Australia have access to the necessary resources to safeguard against cybercrime. 

With cyberattacks on the rise, especially in sectors like construction and trades, small businesses must stay informed and prepared. Hackers often exploit vulnerabilities in these industries due to the valuable data they handle, such as payment information, client details, and supplier contracts. Therefore, investing time in employee training and implementing cybersecurity best practices can significantly reduce the risk of future breaches. The recent data leak at Total Tools serves as a critical reminder that even trusted suppliers can fall victim to cyberattacks, putting customers and affiliated businesses at risk. As more companies move toward digital solutions, the importance of cybersecurity can’t be overstated. COSBOA’s efforts, through the Cyber Wardens program, aim to create a more secure environment for Australia’s 2.5 million small businesses, ensuring they are well-equipped to tackle the ever-evolving cyber threats. 

In addition to joining cybersecurity programs, businesses should regularly update software, employ strong, unique passwords, and back up essential data to reduce the impact of potential breaches. By taking these proactive steps, small trade businesses can enhance their digital security, ensuring they remain resilient against future cyber threats.
Read more »
Personal Information
Customer Data Customer Data Exposed Cybersecurity Breach Data Breach Data Leak Data protection Personal Information

Avis Data Breach Exposes Over 400,000 Customers’ Personal Information

 

Over 400,000 customers of Avis, a prominent car rental company known for its presence at U.S. airports, have had their personal data compromised in a recent cybersecurity breach. The company revealed the incident to the public on Monday, stating that the breach occurred between August 3 and August 6. Avis, which is part of the Avis Budget Group, sent notifications to affected customers last week, advising them on how to protect themselves from potential identity theft or fraud. 

The Avis Budget Group, which owns both Avis and Budget, operates over 10,000 rental locations across 180 countries, generating $12 billion in revenue in 2023, according to its most recent financial report. However, the recent data breach has cast a shadow over its operations, highlighting vulnerabilities in its data security measures. In a data breach notice filed with the Iowa Attorney General’s office, Avis disclosed that the compromised information includes customer names, dates of birth, mailing addresses, email addresses, phone numbers, credit card details, and driver’s license numbers. 

A separate filing with the Maine Attorney General revealed that the data breach has impacted a total of 299,006 individuals so far. Texas has the highest number of affected residents, with 34,592 impacted, according to a report filed with the Texas Attorney General. The fact that sensitive personal information was stored in a manner that allowed it to be accessed by cybercriminals has raised serious questions about the company’s data protection practices. Avis first became aware of the data breach on August 5 and took immediate steps to stop the unauthorized access to its systems.

The company stated that it had launched a comprehensive investigation into the incident and enlisted third-party security consultants to help identify the breach’s origins and scope. Avis has not yet disclosed specific details about the nature of the attack, the vulnerabilities exploited, or the identity of the perpetrators, leaving many questions unanswered. This breach underscores the growing challenges faced by companies in protecting customer data in an increasingly digital world. While Avis acted quickly to contain the breach, the company’s reputation could suffer due to the extent of the data compromised and the sensitive nature of the information accessed. 

The breach also serves as a reminder of the importance of robust cybersecurity measures, especially for businesses that handle large volumes of personal and financial data. The incident has also prompted scrutiny from regulators and data privacy advocates. Many are questioning how sensitive customer information was stored and protected and why it was vulnerable to such an attack. Companies like Avis must ensure they are equipped with advanced security systems, encryption protocols, and regular audits to prevent such breaches from occurring in the future. As the investigation continues, Avis customers are advised to monitor their financial accounts closely, watch for signs of identity theft, and take appropriate measures.
Read more »
Ransomware
BlackSuit Customer Data Data Breach Data Leak Financial Loss Ransomware

Private Data of 950K Users Stolen in BlackSuit Ransomware Attack

 

On April 10, 2024, a BlackSuit ransomware assault disclosed 954,177 personally identifiable information, forcing Young Consulting to send out data breach notifications. 

Young Consulting (formerly Connexure) is an Atlanta-based software solutions provider that specialises in the employer stop-loss marketplace. It helps insurance carriers, brokers, and third-party administrators manage, market, underwrite, and administer stop-loss insurance policies.

Earlier this week, the company began notifying nearly a million individuals about a data breach. Among them are Blue Shield of California subscribers whose data was stolen during a ransomware campaign carried out by BlackSuit earlier this year.

The network intrusion occurred on April 10, but the company only noticed it three days later when the perpetrators triggered the encryption of its systems. The subsequent investigation was completed on June 28, finding that the following information had been hacked: full names, Social Security numbers (SSNs), dates of birth, and insurance claim details. 

Those affected will receive free access to Cyberscout's 12-month complimentary credit monitoring service, which they can claim until the end of November 2024. 

According to security experts, potentially affected individuals should take full advantage of this offer immediately, as BlackSuit has already disclosed the stolen information on its darknet-based extortion portal. 

Users should also keep an eye out for unknown communications, phishing messages, fraud efforts, and requests for more information. The attackers claimed responsibility for the attack on Young Consulting on May 7. They followed through on their threats to publish the stolen data a few weeks later, most likely after failing to extort the software company. 

BlackSuit claimed to have leaked far more than what Young Consulting disclosed in notices to affected individuals, including business contracts, contacts, presentations, employee passports, contracts, contacts, family details, medical examinations, financial audits, reports, and payments, as well as various content from personal folders and network shares. 

BlackSuit's operations this year have resulted in enormous financial losses for American businesses, the most notable being the CDK Global outage. Earlier this month, CISA and the FBI claimed that BlackSuit is an updated version of Royal ransomware that has demanded over $500 million in ransom over the last two years.
Read more »
Personal Information
ADT data breach Customer Data Cyberattack Data Breach impact data privacy. Home Security Personal Information

ADT Data Breach: Millions of Customers Potentially Exposed

Home security behemoth ADT has confirmed a substantial data breach affecting an undisclosed number of its six million customers. The incident, which remains shrouded in mystery due to the company's reluctance to provide specifics, involved unauthorized access to sensitive customer information stored within ADT's databases.

Hackers successfully infiltrated the company's systems, exfiltrating data that included customers' home addresses, email addresses, and phone numbers. While ADT has categorically denied any compromise of home security systems, the company has been notably reticent about disclosing the methods used to reach this conclusion. The lack of transparency has raised concerns among customers and cybersecurity experts alike.

The breach came to light following allegations from an anonymous online figure who claimed to have acquired over 30,000 ADT customer records. Although the authenticity of these claims has yet to be independently verified, ADT's admission of a data breach lends credence to the hacker's assertions.

The incident underscores the growing vulnerability of even the most established companies to cyberattacks. As a major player in the home security industry, ADT's breach has far-reaching implications for the broader cybersecurity landscape. Customers are now left grappling with the potential misuse of their personal information, while the company faces mounting pressure to provide a comprehensive and transparent account of the incident.

The breach also highlights the complex web of corporate ownership in today's digital age. ADT's parent company, Apollo Global Management, is a significant player in the financial industry and also owns TechCrunch, a leading technology news outlet. This interconnectedness raises questions about potential conflicts of interest and the extent to which such relationships might influence the handling of cybersecurity incidents.

As the investigation unfolds, industry experts and consumers will be watching closely to see how ADT responds to the crisis. The company's ability to regain customer trust and strengthen its security posture will be crucial in determining the long-term impact of this breach.
Read more »
security measures
Account security AT&T Customer Data Cybersecurity measures Data Breach data security Data Theft security measures

AT&T Data Breach: Essential Steps for Victims to Protect Themselves

 

Telecom giant AT&T recently disclosed a massive data breach affecting nearly all of its approximately 110 million customers. If you were a customer between May 2022 and January 2023, there is a high chance your data, including call and text message records, was accessed through an illegal download from a third-party cloud platform. Customers should watch for contact from AT&T or check their accounts for notifications. First, change your password. 

Since your password is likely compromised, update it on both your AT&T account and any other accounts where it was used. While it’s inconvenient, using different passwords for each service is essential. Numerous tools can create secure, randomly generated passwords, and password managers can help you remember them. Also, activate two-factor authentication on your account and any other accounts using the same password. Combining two login methods enhances security. Given the nature of this leak, consider changing your cell phone number as well. Prepare for an increase in spam calls, but the bigger concern is potential scammers.

Be extra cautious about giving out personal details such as banking information or your address over the phone, as these could be cleverly disguised phishing schemes. Stay vigilant online, as even anonymous phone number information can be pieced together by scammers to identify individuals. Treat every email from unfamiliar addresses as suspicious. Additionally, inform your bank about the breach. They can monitor for any suspicious transactions and introduce new security measures to ensure you are contacting your bank, not an imposter.  

Lastly, protect yourself further by using one of the best VPNs to secure your online data. VPNs not only spoof your IP address location but also securely encrypt your data. There are even free VPN plans like ProtonVPN. Many VPNs also include antivirus elements. For instance, NordVPN has its Threat Protection Pro system, which is effective against phishing. A Surfshark One subscription includes dedicated antivirus software and an Alternative ID feature, which allows you to sign up for services online with randomly generated details, including a decoy phone number. With an Alternative ID, you can create accounts for less trustworthy services (or those frequently attacked, like AT&T) with peace of mind. 

This way, you can minimize spam and rest assured that if your details get leaked, you haven’t actually been compromised. Hackers will have nothing to piece together; you can simply disconnect that ID, generate another random identity, and move on securely.
Read more »
Third-Party Risks
Bank Data Leak Customer Data Data Breach Data Leak Financial Data Breach Fintech Ransomware attack Third-Party Risks

Wise and Evolve Data Breach Highlights Risks of Third-Party Partnerships

 

Wise, a prominent financial technology company, recently disclosed a data breach impacting some customer accounts due to a ransomware attack on their former partner, Evolve Bank & Trust. The breach has raised significant concerns about the security of third-party partnerships, especially in financial services. From 2020 to 2023, Wise partnered with Evolve to provide USD account details for their customers. Last week, Evolve confirmed an attack attributed to the notorious ransomware group LockBit. 

The group leaked the data after the bank refused to pay the ransom. The breach underscores the precarious nature of relying on third-party companies for critical services and trusting their security measures. Evolve has not yet confirmed the specific personal information leaked. However, Wise has taken a transparent approach, confirming that the shared information included names, addresses, dates of birth, contact details, Social Security numbers (SSNs) or Employer Identification Numbers (EINs) for U.S. customers, and other identity document numbers for non-U.S. customers. 

Evolve’s initial investigation suggests that names, SSNs, bank account numbers, and contact information for most of their personal banking customers, as well as customers of their Open Banking partners, were affected. In response to the breach, Wise assured its customers that they no longer work with Evolve Bank & Trust. Currently, USD account details are provided by a different bank, emphasizing their commitment to security and customer trust. 

Wise has implemented additional security protocols and is collaborating with cybersecurity experts to understand the breach’s scope and fortify their defenses. Wise has proactively communicated with its customers, recommending precautionary steps such as changing passwords, enabling two-factor authentication, and monitoring account activity for any suspicious transactions. They have also provided resources and support to help customers protect their information. The breach has heightened concerns among customers regarding the security of their personal and financial information. 

Despite the challenges posed by the breach, Wise’s proactive approach and transparent communication have helped reassure customers. The company continues to work closely with cybersecurity experts to enhance their defenses and prevent future incidents. As the investigation progresses, Wise is determined to provide regular updates and support to affected customers. Their dedication to transparency and user security remains unwavering, ensuring that they take every step necessary to safeguard their users’ information and maintain their trust. 

This incident highlights the growing threat of cyberattacks on financial institutions and the critical need for robust security measures. Customers are reminded to stay alert and take proactive steps to protect their online accounts. Wise’s efforts to address the breach and protect their users underscore their commitment to maintaining trust and security for their customers.
Read more »
Slack
AI Models AI Training Customer Data Cyber Security Data Policies data security GDPR GDPR Breach Privacy Policy Salesforce Slack

Slack Faces Backlash Over AI Data Policy: Users Demand Clearer Privacy Practices

 

In February, Slack introduced its AI capabilities, positioning itself as a leader in the integration of artificial intelligence within workplace communication. However, recent developments have sparked significant controversy. Slack's current policy, which collects customer data by default for training AI models, has drawn widespread criticism and calls for greater transparency and clarity. 

The issue gained attention when Gergely Orosz, an engineer and writer, pointed out that Slack's terms of service allow the use of customer data for training AI models, despite reassurances from Slack engineers that this is not the case. Aaron Maurer, a Slack engineer, acknowledged the need for updated policies that explicitly detail how Slack AI interacts with customer data. This discrepancy between policy language and practical application has left many users uneasy. 

Slack's privacy principles state that customer data, including messages and files, may be used to develop AI and machine learning models. In contrast, the Slack AI page asserts that customer data is not used to train Slack AI models. This inconsistency has led users to demand that Slack update its privacy policies to reflect the actual use of data. The controversy intensified as users on platforms like Hacker News and Threads voiced their concerns. Many felt that Slack had not adequately notified users about the default opt-in for data sharing. 

The backlash prompted some users to opt out of data sharing, a process that requires contacting Slack directly with a specific request. Critics argue that this process is cumbersome and lacks transparency. Salesforce, Slack's parent company, has acknowledged the need for policy updates. A Salesforce spokesperson stated that Slack would clarify its policies to ensure users understand that customer data is not used to train generative AI models and that such data never leaves Slack's trust boundary. 

However, these changes have yet to address the broader issue of explicit user consent. Questions about Slack's compliance with the General Data Protection Regulation (GDPR) have also arisen. GDPR requires explicit, informed consent for data collection, which must be obtained through opt-in mechanisms rather than default opt-ins. Despite Slack's commitment to GDPR compliance, the current controversy suggests that its practices may not align fully with these regulations. 

As more users opt out of data sharing and call for alternative chat services, Slack faces mounting pressure to revise its data policies comprehensively. This situation underscores the importance of transparency and user consent in data practices, particularly as AI continues to evolve and integrate into everyday tools. 

The recent backlash against Slack's AI data policy highlights a crucial issue in the digital age: the need for clear, transparent data practices that respect user consent. As Slack works to update its policies, the company must prioritize user trust and regulatory compliance to maintain its position as a trusted communication platform. This episode serves as a reminder for all companies leveraging AI to ensure their data practices are transparent and user-centric.
Read more »
Stolen Data
Customer Data Data Breach EasyPark Phone Parking Service RingGo Stolen Credentials Stolen Data

RingGo: Phone Parking Service Suffers Data Breach, Customer Data Stolen


UK-based pay-by-phone parking service – RingGo – has suffered a data breach, where information including partial credit card numbers of several of its customers has been leaked. 

The EasyPark-owned company informed that the data of at least 950 customers had been stolen by the hackers. The data included names, phone numbers, addresses, email addresses and parts of credit card numbers.

According to the company, the compromised information is “non-sensitive” and claims that “no combination of this stolen data can be used to perform payments.”

However, it has warned customers have been warned against phishing scams, where threat actors use stolen customer details to send them emails and text messages, that look convincing, in order to scam the target victims. 

While British customers were the least affected by the breach, data of thousands of Europe-based customers are feared to be compromised. It needs to be made clear as to who is behind the data breach. 

Easypark further informs that it was “reaching out to all affected customers.” Meanwhile, RingGo claims to be “UK’s number one parking app,” with over 19 million customers. 

Using the company's app, drivers pay for parking using their smartphones by providing information about their vehicle, like the license plate number, and payment information, like a credit or debit card.

The Information Commissioner's Office (ICO) in the UK and the corresponding European agency have received reports from Stockholm-based EasyPark, according to a Tuesday Guardian report.

According to a statement published on the company’s website, the attack first came to light on December 10: "The attack resulted in a breach of non-sensitive customer data."

“We deeply care about our customers and want to make sure you are fully informed about this incident […] Our security team, including external security experts, is working hard to ensure effective security and privacy measures are in place[…]We are deeply sorry this happened and will continue to work hard every day to earn your trust.”

Owned by private equity firms Vitruvian Partners and Verdane, the company has operations across 4,000 cities in 23 countries, encompassing most of western Europe, the US, and Australia. Since its founding in 2001, it has expanded via several acquisitions.  

Read more »
Personal Data
Customer Data Data Breach data compromised Lyca Mobile Personal Data

Lyca Mobile Suffers Data Breach: Customers’ Personal Data Compromised


UK-based mobile virtual network operator (MVNO) running under EE network infrastructure – Lyca Mobile, has recently confirmed that it has suffered a cyberattack, resulting in unauthorized access to its customers’ personal data. 

Apparently, the cyberattack has affected millions of customers worldwide, with the exception of individuals in the United States, Australia, Ukraine, and Tunisia. On September 30, Lyca Mobile learned of the intrusion and took immediate measures, including isolating and shutting down the vulnerable systems.

The company further confirmed that it has reported the issues to security experts, and an investigation is ongoing. 

Lyca Mobile’s Update 

Lyca Mobile stressed in its official statement its commitment to minimize customer damage and pledged continued efforts to securely restore affected services. 

The company has informed the appropriate regulatory authorities and is working closely with them. Lyca Mobile cautioned impacted users to be on the lookout for any unusual activity and to take extra precautions to protect their information. 

The measures include resetting Lyca Mobile passwords, especially in case the user is using more than one account. Also, the company has urged online users to be cautious of unsolicited emails or any form of communication that asks for personal or financial information.

"Be suspicious of unsolicited requests for your personal or financial details. If you receive an e-mail which you're not sure about, treat it with caution, or if you have been a victim of fraud or cyber crime, contact your bank immediately and you should report this to the police," the company said in the statement.

"The security of your personal information is very important to us. As our investigation progresses, we will consider whether we need to take any further steps to help protect that information. While we hope to bring all of our systems back online as soon as possible, we are doing so carefully to minimize any further issues," it added.

The data compromised in the breach include identification information, such as names, addresses, and contact details, and interactions with customer service, recorded for up to 60 days. 

Also, the online accounts include information of customer’s credit card information, where Lyca Mobile records the last four digits and expiration date, with the full number encrypted for enhanced security. However, the company does not retail the 3-digit CVV code.

Additionally, the issue has disrupted the operation of Lyca Mobile’s number porting functionality, temporarily preventing PAC code issuing. The company stated that it is attempting to resolve this problem and fully restart all services.  

Read more »
Phishing Attacks
AP Stylebook Associated Press Customer Data Customer Data Exposed Cyberattack Data Breach Media Outlets Phishing Attacks

AP Stylebook Data Breach: Associated Press Warns That The Breach Led to Phishing Attacks


The Associated Press has warned of what potentially is a data breach in AP Stylebook servers, impacting their customers. Reportedly, the data has been used by the threat actors in launching their targeted phishing attacks. 

The AP Stylebook is a widely popular guide for grammar enthusiasts, used for a better insight in punctuations and writing styles by journalists, magazines and newsrooms.

About the Breach

The Associate press came up with a warning this week, informing AP Stylebook of their old third-party-managed site (no longer in use) that had apparently been under the hacker’s control between July 16 and July 22, 2023. The breach consequently led to the compromise of 224 customers’ data.

According to their report, the compromised data included customers’ personal information such as: 

  • Customer’s name 
  • Email address 
  • Residential address (street, city, state, zip code) 
  • Phone number 
  • User ID 
Also, customers who had registered to their tax-exempt IDs such as Social Security Number or Employer Identification Number, have also compromised their IDs in the breach. 

As stated by the AP, initial information regarding the possible breach reached them on July 20, 2023, when AP Stylebook users reported receiving phishing emails requesting that they update their credit card information. 

After learning of the phishing attack, the AP disabled their outdated site in order to stop any further attacks.

By the end of July, the company began warning AP Stylebook customers about the phishing attacks, informing them that the fraudulent mails were sent from 'support@getscore.my[.]id' with a subject similar to "Regarding AP Stylebook Order no. 07/20/2023 06:48:20 am." 

The Associated Press further advised AP Stylebook customers to reset their passwords upon their next login. 

With only 224 customers affected, this was hardly a significant data breach, however hackers who are always on the lookout for journalists' and media businesses' login information, make the breach noteworthy.

Acquiring illicit access to networks belonging to any media organization could consequently result in a variety of cyberattacks like extortion and ransomware attacks, data theft or even cyber espionage.

Some other examples of local or global media organizations that suffered a ransomware or cyberespionage attack includes News Corp, the Philadelphia Inquirer and the German newspaper Heilbronn Stimme.

Read more »
Gustaffo
Customer Data Data Breach European Hotel Chain Data Falkensteiner Gustaffo

Information of European Hotel Chain’s Customers Discovered in Unprotected Server


A researcher has recently found an unprotected server storing the personal data of several Falkensteiner hotel chain clients in Europe. 

Falkensteiner, the Austria-based hotel chain has hotels that are spread across Central and Eastern Europe, including Austria, Italy, Croatia, Slovakia, Serbia, and the Czech Republic. 

The compromised data of Falkensteiner was apparently discovered by researcher Anurag Sen, from the cloud security company CloudDefense.AI. Sen most recently found a US government computer that was leaking private emails from the US military. 

In an analysis conducted by Sen, it was found that the exposed customer data was linked to Gustaffo, a firm providing IT solutions for the hospitality sector. 

The researcher claims that he alerted Falkensteiner and Gustaffo, but neither one of them responded. Sen informed the company, but shortly thereafter he found that the server was protected. 

According to Sen, before it was taken offline, the compromised Elasticsearch server hosted more than 11 GB of data. In the exposed database, he discovered more than 102,000 records with full names, contact information (phone and email), and booking information. 

The researcher has shown his discontent with how the impacted companies have addressed the issue. “They haven’t responded to his emails and haven’t notified customers about the data breach,” he says. 

Gustaffo, however, claims that after learning about the leak from another researcher, they actually secured the server. The Austria-based company, which does have a responsible disclosure procedure, informed that its analysis revealed the problem was contained to a single system and that only about 13,000 individuals' personal information was compromised. 

Gustaffo representatives further explain that many of the records are probably duplicates, taking into account that the company does not store data of more than 13,000 customers. 

The company adds that it has taken every necessary measure and performed security updates to its system and is in contact with the government authorities to help handle the situation. 

Moreover, while no initial statement was provided by Falkensteiner, the company has recently addressed the issue and said, “we have been informed about a possible weakness in the database access systems at one of our subcontractors. FMTG takes the security of our customer’s data very seriously. Therefore, we are looking closely into this issue and cooperating with the subcontractor to improve their IT systems. We also informed the relevant data protection authority.”  

Read more »
User Privacy
Customer Data Digital Security Privacy Privacy Policy User Privacy

 Digital Resignation is Initial Stage of Safeguarding Privacy Online

 

Several internet businesses gather and use our personal information in exchange for access to their digital goods and services. With the use of that data, they can forecast and affect our behavior in the future. Recommendation algorithms, targeted marketing, and individualized experiences are examples of this type of surveillance capitalism.

Many customers are unhappy with these methods, especially after knowing how their data is obtained, despite tech companies' claims that these personalized experiences and advantages improve the user's experience.

Digital resignation refers to the circumstance in which users of digital services continue to do so while being aware that the businesses providing those services are violating their privacy by conducting extensive monitoring, manipulating them, or otherwise negatively affecting their well-being.

The Cambridge Analytica scandal and Edward Snowden's disclosures about widespread government spying shed light on data-collecting techniques, but they also leave individuals feeling helpless and accustomed to the idea that their data will be taken and exploited without their express agreement. Digital resignation is what we call this.

Acknowledging and improving these tactics is the responsibility of both policymakers and businesses. Dealing with data gathering and use alone will not result in corporate accountability for privacy issues.

Our daily lives are completely surrounded by technology. But it's impossible to obtain informed consent when the average person lacks the motivation or expertise necessary to understand confusing terms and conditions rules.

However, the European Union passed regulations that acknowledge these destructive market dynamics and have begun to hold platforms and internet giants accountable. 

With the passage of Law 25, Québec has updated its privacy rules. The purpose of the law is to give people more protection and control over their personal information. It grants individuals the right to seek the transfer of their personal data to another system, its correction or deletion (the right to be forgotten), as well as the right to notice before an automated decision is made.

Additionally, it mandates that businesses designate a privacy officer and committee and carry out privacy impact analyses for any project involving personal data. Also, it is necessary to gain explicit agreement and to communicate terms and rules clearly and transparently. 


Read more »
Vulnerabilities and Exploits
Customer Data data security Flaws Hacker Security Security flaw Vulnerabilities and Exploits

Major Experian Security Vulnerability Exploited, Attackers Access Customer Credit Reports

 

As per experts, the website of consumer credit reporting giant Experian comprised a major privacy vulnerability that allowed hackers to obtain customer credit reports with just a little identity data and a small change to the address displayed in the URL bar. 

Jenya Kushnir, a cybersecurity researcher, discovered the vulnerability on Telegram after monitoring hackers selling stolen reports and collaborated with KrebsOnSecurity to investigate it further. The concept was straightforward: if you had the victim's name, address, birthday, and Social Security number (all of which could be obtained from a previous incident), you could go to one of the websites offering free credit reports and submit the information to request one.

The website would then redirect you to the Experian website, where you would be asked to provide more personally identifiable information, such as questions about previous addresses of living and such.
And this is where the flaw can be exploited. 

There is no need to answer any of those questions; simply change the address displayed in the URL bar from "/acr/oow/" to "/acr/report," and you will be presented with the report. While testing the concept, Krebs discovered that changing the address first redirects to "/acr/OcwError," but changing it again worked: "Experian's website then displayed my entire credit file," according to the report.

The good news (if it can be called that) is that Experian's reports are riddled with errors. In the case of Krebs, it contained a number of phone numbers, only one of which was previously owned by the author.

Experian has remained silent on the matter, but the issue appears to have been resolved in the meantime. It's unknownfor how long the flaw was active on the site or how many fraudulent reports were generated during that time.
Read more »
Subscribe to: Posts (Atom)