Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Customer Data. Show all posts
TransUnion
Customer Data Customer Data Exposed Data Breach Fidelity Investment fraud OWASP TransUnion

Fidelity Investments Data Breach Affects 77,099 Customers

 

Fidelity Investments recently disclosed a data breach that impacted 77,099 customers, with details made public in an October 9 filing with the Maine Attorney General’s Office. The breach occurred on August 17, 2024, and was discovered two days later on August 19. According to a letter sent to those affected, unauthorized access was gained to two newly established customer accounts. Using these accounts, the attackers were able to view and obtain personal information, although Fidelity noted that account balances or transactions were not viewed. 

While Fidelity did not disclose the specific types of data stolen, it has assured affected customers by offering 24 months of free credit monitoring and identity restoration services through TransUnion. The absence of service disruptions during the breach suggests that the attack was likely not ransomware-based, although the form of the attack remains undisclosed. Fidelity’s spokesperson, when addressing the breach, said the attackers “viewed customer information” without directly accessing customer accounts. Security experts believe that this kind of attack likely exploited a vulnerability in Fidelity’s web applications. 

Venky Raju, the field chief technology officer at ColorTokens, noted that the attack vector likely involved a misconfiguration in customer-facing applications, allowing the attackers to establish new accounts and access customer information through them. This method aligns with known vulnerabilities in web security, including those listed in the OWASP Top 10 Web Application Security Risks. Exploiting these vulnerabilities can allow attackers to bypass account security and access sensitive data. Cybersecurity analysts have speculated that the breach was primarily an information-gathering exercise. According to Sarah Jones, a cyberthreat intelligence research analyst at Critical Start, the motive behind the breach likely involved gathering data that could be used for future attacks. 

These could range from identity theft and phishing campaigns to more severe scenarios like ransomware demands. The personal information obtained through such breaches can be valuable on its own, or it can serve as a means for launching further, more sophisticated cyberattacks. As the investigation continues, Fidelity is working with external cybersecurity experts to understand the scope of the breach and to implement additional security measures. Customers are encouraged to stay vigilant and monitor their accounts for unusual activity. By providing affected users with credit monitoring and identity restoration services, Fidelity aims to mitigate the risks posed by the breach while ensuring that proper measures are put in place to prevent future incidents.  

While the exact impact of the data breach remains unclear, it serves as another reminder of the growing threats to personal information in the digital age. The evolving tactics of cybercriminals, particularly in exploiting vulnerabilities in web applications, highlight the importance of continuous security assessments and prompt responses to emerging threats.
Read more »
Penetration Testing
Automotive Industry connected technology Customer Data Cybersecurity Dark Web Data Breach Hyundai IoT. IPO Penetration Testing

Hyundai's IPO Documents Reveal Cybersecurity Measures Amid Rising Data Breach Concerns

 

Hyundai’s recent IPO filing sheds light on its cybersecurity stance, offering a detailed look at the obstacles the company has encountered while safeguarding customer data. The red herring prospectus of Hyundai Motor India Ltd (HMIL) not only assesses its financial standing but also exposes past cybersecurity breaches, outlining the company’s risk management strategies.

The IPO launch comes at a time when cybersecurity is a top priority for global businesses, especially in the automotive sector, which increasingly depends on connected technologies. Hyundai's documents disclose two significant data breaches—one in December 2022 and another in February 2023. In both cases, hackers exposed customer information on the dark web.

Hyundai IPO: Key Cybersecurity Disclosures

The first breach, in December 2022, resulted in customer data being leaked online. Following the attack, Hyundai implemented extensive penetration tests to detect vulnerabilities and managed to remove the stolen information from the dark web, according to Autocar Professional. After a second breach in February 2023, the company quickly disabled the vulnerable APIs hackers had used to exploit the system. Hyundai’s prospectus notes the persistent challenge of securing data against cyberattacks, emphasizing that while efforts have been made, the risk of future breaches remains. Hackers may still seek unauthorized access, potentially impacting vehicle operations and customer data, the document warns.

Recognizing these vulnerabilities is vital for investors, especially considering the legal risks the company could face if customer data is compromised. Hyundai has actively outlined its cybersecurity efforts, stressing that protecting customer information is a top priority for the company.

Hyundai’s Next Steps in Cybersecurity

Hyundai’s cybersecurity efforts include assembling a specialized team to manage vulnerabilities and monitor potential cyber threats continuously. This proactive approach is increasingly necessary as cyberattacks become more advanced, particularly with the rise of connected vehicles and IoT technologies.

The automaker adheres to both national and international cybersecurity standards, consistently updating its protocols to align with the evolving threat landscape. This commitment is not just about data protection; it reflects the company’s awareness that consumer trust is key to maintaining its brand reputation as it moves forward with its IPO.

With these cybersecurity incidents in mind, it’s clear that the automotive industry must stay alert in protecting sensitive data. For companies like Hyundai, which handle vast amounts of customer information, the threat of cyber exploitation remains a major concern.
Read more »
Ransom Demand
CloudSEK Customer Data Customer Data Exposed Cybersecurity Breach Data Breach Fortnite IAM system MFA Ransom Demand

Fortinet Cybersecurity Breach Exposes Sensitive Customer Data

 

Fortinet experienced a significant cybersecurity breach involving a third-party cloud drive, where 440 GB of data was leaked by a hacker named “Fortibitch” after the company refused to pay the ransom. The breach affected about 0.3% of Fortinet’s customers, roughly 1,500 corporate users, and included sensitive information such as financial documents, HR data, customer details, and more. Experts highlight that the breach underscores the critical need for implementing rigorous cybersecurity measures like multi-factor authentication (MFA) and robust identity access management (IAM) systems. 

Multi-factor authentication is particularly emphasized as a vital layer of defense against unauthorized access, significantly reducing the risk of data exposure when combined with strong identity access management. Organizations need to ensure that they enforce MFA and other identity management protocols consistently, especially for accessing essential systems like SharePoint and cloud storage services. Jim Routh, Chief Trust Officer at Saviynt, pointed out the growing concern over cloud security, given its increased adoption in software development and data storage. He stressed that without proper safeguards, such as MFA and secure access controls, sensitive data is at risk of exposure. 

Cybersecurity analyst Koushik Pal from CloudSEK echoed this sentiment, advocating for stricter IAM policies and urging organizations to regularly monitor repositories for potential misconfigurations, exposed credentials, or sensitive data leaks. This kind of vigilance is necessary for all teams to adhere to security best practices and minimize vulnerabilities. Relying on third-party vendors for data storage, as Fortinet did, is not inherently dangerous but introduces additional risks if strict security protocols are not enforced. The breach serves as a reminder that even established cybersecurity companies can fall victim to attacks, highlighting the need for ongoing vigilance. 

According to Routh, it’s crucial for system administrators to manage accounts meticulously, ensuring that identity access management protocols are properly configured and that privileged access is monitored effectively. The breach exemplifies how cybercriminals exploit security weaknesses to gain unauthorized access to sensitive data. As cloud technologies continue to be integrated into businesses, the responsibility to protect data becomes increasingly important. Cybersecurity experts emphasize that organizations must invest in proper training, regularly update security measures, and remain vigilant to adapt to evolving cyber threats. 

Ensuring that MFA, identity management systems, and monitoring practices are in place can go a long way in protecting against similar breaches in the future. This Fortinet incident serves as a wake-up call, showing that no organization is entirely immune to cyber threats, regardless of its expertise in cybersecurity.
Read more »
Small Businesses
Australia Australian Businesses Customer Data Cyber Security awareness Data Breach Data Leak small business security Small Businesses

Small Trade Businesses Urged to Strengthen Security After Total Tools Data Breach

 

Small trade businesses are on high alert following a significant data breach at Total Tools, a major Australian hardware retailer, which exposed sensitive information of over 38,000 customers. This breach compromised customer names, credit card details, email addresses, passwords, mobile numbers, and shipping addresses, making small trade businesses potential targets for secondary cyberattacks. 

The CEO of the Council of Small Business Organisations Australia (COSBOA), Luke Achterstraat, emphasized the importance of heightened vigilance for businesses, especially those in the construction and trades sector, as they face increased risks of cyber threats. Achterstraat urged all businesses with online hardware accounts to monitor for any unusual activity in the coming days and weeks. He stressed the importance of protecting sensitive data, finances, and client information from potential scams and fraud. COSBOA recommends businesses to immediately review their security protocols, change all passwords linked to Total Tools accounts, and enable two-factor authentication where possible to minimize the risk of unauthorized access. 

To further support small businesses, COSBOA is promoting the Cyber Wardens program, a free eLearning initiative funded by the Federal Government. This program is designed to help small businesses and their employees fortify their digital defenses against cyber threats, equipping them with the knowledge to identify and prevent cyberattacks. COSBOA has partnered with industry bodies such as the Master Builders Association, the National Timber and Hardware Association, and the Master Grocers Association to ensure that small businesses across Australia have access to the necessary resources to safeguard against cybercrime. 

With cyberattacks on the rise, especially in sectors like construction and trades, small businesses must stay informed and prepared. Hackers often exploit vulnerabilities in these industries due to the valuable data they handle, such as payment information, client details, and supplier contracts. Therefore, investing time in employee training and implementing cybersecurity best practices can significantly reduce the risk of future breaches. The recent data leak at Total Tools serves as a critical reminder that even trusted suppliers can fall victim to cyberattacks, putting customers and affiliated businesses at risk. As more companies move toward digital solutions, the importance of cybersecurity can’t be overstated. COSBOA’s efforts, through the Cyber Wardens program, aim to create a more secure environment for Australia’s 2.5 million small businesses, ensuring they are well-equipped to tackle the ever-evolving cyber threats. 

In addition to joining cybersecurity programs, businesses should regularly update software, employ strong, unique passwords, and back up essential data to reduce the impact of potential breaches. By taking these proactive steps, small trade businesses can enhance their digital security, ensuring they remain resilient against future cyber threats.
Read more »
Personal Information
Customer Data Customer Data Exposed Cybersecurity Breach Data Breach Data Leak Data protection Personal Information

Avis Data Breach Exposes Over 400,000 Customers’ Personal Information

 

Over 400,000 customers of Avis, a prominent car rental company known for its presence at U.S. airports, have had their personal data compromised in a recent cybersecurity breach. The company revealed the incident to the public on Monday, stating that the breach occurred between August 3 and August 6. Avis, which is part of the Avis Budget Group, sent notifications to affected customers last week, advising them on how to protect themselves from potential identity theft or fraud. 

The Avis Budget Group, which owns both Avis and Budget, operates over 10,000 rental locations across 180 countries, generating $12 billion in revenue in 2023, according to its most recent financial report. However, the recent data breach has cast a shadow over its operations, highlighting vulnerabilities in its data security measures. In a data breach notice filed with the Iowa Attorney General’s office, Avis disclosed that the compromised information includes customer names, dates of birth, mailing addresses, email addresses, phone numbers, credit card details, and driver’s license numbers. 

A separate filing with the Maine Attorney General revealed that the data breach has impacted a total of 299,006 individuals so far. Texas has the highest number of affected residents, with 34,592 impacted, according to a report filed with the Texas Attorney General. The fact that sensitive personal information was stored in a manner that allowed it to be accessed by cybercriminals has raised serious questions about the company’s data protection practices. Avis first became aware of the data breach on August 5 and took immediate steps to stop the unauthorized access to its systems.

The company stated that it had launched a comprehensive investigation into the incident and enlisted third-party security consultants to help identify the breach’s origins and scope. Avis has not yet disclosed specific details about the nature of the attack, the vulnerabilities exploited, or the identity of the perpetrators, leaving many questions unanswered. This breach underscores the growing challenges faced by companies in protecting customer data in an increasingly digital world. While Avis acted quickly to contain the breach, the company’s reputation could suffer due to the extent of the data compromised and the sensitive nature of the information accessed. 

The breach also serves as a reminder of the importance of robust cybersecurity measures, especially for businesses that handle large volumes of personal and financial data. The incident has also prompted scrutiny from regulators and data privacy advocates. Many are questioning how sensitive customer information was stored and protected and why it was vulnerable to such an attack. Companies like Avis must ensure they are equipped with advanced security systems, encryption protocols, and regular audits to prevent such breaches from occurring in the future. As the investigation continues, Avis customers are advised to monitor their financial accounts closely, watch for signs of identity theft, and take appropriate measures.
Read more »
Ransomware
BlackSuit Customer Data Data Breach Data Leak Financial Loss Ransomware

Private Data of 950K Users Stolen in BlackSuit Ransomware Attack

 

On April 10, 2024, a BlackSuit ransomware assault disclosed 954,177 personally identifiable information, forcing Young Consulting to send out data breach notifications. 

Young Consulting (formerly Connexure) is an Atlanta-based software solutions provider that specialises in the employer stop-loss marketplace. It helps insurance carriers, brokers, and third-party administrators manage, market, underwrite, and administer stop-loss insurance policies.

Earlier this week, the company began notifying nearly a million individuals about a data breach. Among them are Blue Shield of California subscribers whose data was stolen during a ransomware campaign carried out by BlackSuit earlier this year.

The network intrusion occurred on April 10, but the company only noticed it three days later when the perpetrators triggered the encryption of its systems. The subsequent investigation was completed on June 28, finding that the following information had been hacked: full names, Social Security numbers (SSNs), dates of birth, and insurance claim details. 

Those affected will receive free access to Cyberscout's 12-month complimentary credit monitoring service, which they can claim until the end of November 2024. 

According to security experts, potentially affected individuals should take full advantage of this offer immediately, as BlackSuit has already disclosed the stolen information on its darknet-based extortion portal. 

Users should also keep an eye out for unknown communications, phishing messages, fraud efforts, and requests for more information. The attackers claimed responsibility for the attack on Young Consulting on May 7. They followed through on their threats to publish the stolen data a few weeks later, most likely after failing to extort the software company. 

BlackSuit claimed to have leaked far more than what Young Consulting disclosed in notices to affected individuals, including business contracts, contacts, presentations, employee passports, contracts, contacts, family details, medical examinations, financial audits, reports, and payments, as well as various content from personal folders and network shares. 

BlackSuit's operations this year have resulted in enormous financial losses for American businesses, the most notable being the CDK Global outage. Earlier this month, CISA and the FBI claimed that BlackSuit is an updated version of Royal ransomware that has demanded over $500 million in ransom over the last two years.
Read more »
Personal Information
ADT data breach Customer Data Cyberattack Data Breach impact data privacy. Home Security Personal Information

ADT Data Breach: Millions of Customers Potentially Exposed

Home security behemoth ADT has confirmed a substantial data breach affecting an undisclosed number of its six million customers. The incident, which remains shrouded in mystery due to the company's reluctance to provide specifics, involved unauthorized access to sensitive customer information stored within ADT's databases.

Hackers successfully infiltrated the company's systems, exfiltrating data that included customers' home addresses, email addresses, and phone numbers. While ADT has categorically denied any compromise of home security systems, the company has been notably reticent about disclosing the methods used to reach this conclusion. The lack of transparency has raised concerns among customers and cybersecurity experts alike.

The breach came to light following allegations from an anonymous online figure who claimed to have acquired over 30,000 ADT customer records. Although the authenticity of these claims has yet to be independently verified, ADT's admission of a data breach lends credence to the hacker's assertions.

The incident underscores the growing vulnerability of even the most established companies to cyberattacks. As a major player in the home security industry, ADT's breach has far-reaching implications for the broader cybersecurity landscape. Customers are now left grappling with the potential misuse of their personal information, while the company faces mounting pressure to provide a comprehensive and transparent account of the incident.

The breach also highlights the complex web of corporate ownership in today's digital age. ADT's parent company, Apollo Global Management, is a significant player in the financial industry and also owns TechCrunch, a leading technology news outlet. This interconnectedness raises questions about potential conflicts of interest and the extent to which such relationships might influence the handling of cybersecurity incidents.

As the investigation unfolds, industry experts and consumers will be watching closely to see how ADT responds to the crisis. The company's ability to regain customer trust and strengthen its security posture will be crucial in determining the long-term impact of this breach.
Read more »
security measures
Account security AT&T Customer Data Cybersecurity measures Data Breach data security Data Theft security measures

AT&T Data Breach: Essential Steps for Victims to Protect Themselves

 

Telecom giant AT&T recently disclosed a massive data breach affecting nearly all of its approximately 110 million customers. If you were a customer between May 2022 and January 2023, there is a high chance your data, including call and text message records, was accessed through an illegal download from a third-party cloud platform. Customers should watch for contact from AT&T or check their accounts for notifications. First, change your password. 

Since your password is likely compromised, update it on both your AT&T account and any other accounts where it was used. While it’s inconvenient, using different passwords for each service is essential. Numerous tools can create secure, randomly generated passwords, and password managers can help you remember them. Also, activate two-factor authentication on your account and any other accounts using the same password. Combining two login methods enhances security. Given the nature of this leak, consider changing your cell phone number as well. Prepare for an increase in spam calls, but the bigger concern is potential scammers.

Be extra cautious about giving out personal details such as banking information or your address over the phone, as these could be cleverly disguised phishing schemes. Stay vigilant online, as even anonymous phone number information can be pieced together by scammers to identify individuals. Treat every email from unfamiliar addresses as suspicious. Additionally, inform your bank about the breach. They can monitor for any suspicious transactions and introduce new security measures to ensure you are contacting your bank, not an imposter.  

Lastly, protect yourself further by using one of the best VPNs to secure your online data. VPNs not only spoof your IP address location but also securely encrypt your data. There are even free VPN plans like ProtonVPN. Many VPNs also include antivirus elements. For instance, NordVPN has its Threat Protection Pro system, which is effective against phishing. A Surfshark One subscription includes dedicated antivirus software and an Alternative ID feature, which allows you to sign up for services online with randomly generated details, including a decoy phone number. With an Alternative ID, you can create accounts for less trustworthy services (or those frequently attacked, like AT&T) with peace of mind. 

This way, you can minimize spam and rest assured that if your details get leaked, you haven’t actually been compromised. Hackers will have nothing to piece together; you can simply disconnect that ID, generate another random identity, and move on securely.
Read more »
Third-Party Risks
Bank Data Leak Customer Data Data Breach Data Leak Financial Data Breach Fintech Ransomware attack Third-Party Risks

Wise and Evolve Data Breach Highlights Risks of Third-Party Partnerships

 

Wise, a prominent financial technology company, recently disclosed a data breach impacting some customer accounts due to a ransomware attack on their former partner, Evolve Bank & Trust. The breach has raised significant concerns about the security of third-party partnerships, especially in financial services. From 2020 to 2023, Wise partnered with Evolve to provide USD account details for their customers. Last week, Evolve confirmed an attack attributed to the notorious ransomware group LockBit. 

The group leaked the data after the bank refused to pay the ransom. The breach underscores the precarious nature of relying on third-party companies for critical services and trusting their security measures. Evolve has not yet confirmed the specific personal information leaked. However, Wise has taken a transparent approach, confirming that the shared information included names, addresses, dates of birth, contact details, Social Security numbers (SSNs) or Employer Identification Numbers (EINs) for U.S. customers, and other identity document numbers for non-U.S. customers. 

Evolve’s initial investigation suggests that names, SSNs, bank account numbers, and contact information for most of their personal banking customers, as well as customers of their Open Banking partners, were affected. In response to the breach, Wise assured its customers that they no longer work with Evolve Bank & Trust. Currently, USD account details are provided by a different bank, emphasizing their commitment to security and customer trust. 

Wise has implemented additional security protocols and is collaborating with cybersecurity experts to understand the breach’s scope and fortify their defenses. Wise has proactively communicated with its customers, recommending precautionary steps such as changing passwords, enabling two-factor authentication, and monitoring account activity for any suspicious transactions. They have also provided resources and support to help customers protect their information. The breach has heightened concerns among customers regarding the security of their personal and financial information. 

Despite the challenges posed by the breach, Wise’s proactive approach and transparent communication have helped reassure customers. The company continues to work closely with cybersecurity experts to enhance their defenses and prevent future incidents. As the investigation progresses, Wise is determined to provide regular updates and support to affected customers. Their dedication to transparency and user security remains unwavering, ensuring that they take every step necessary to safeguard their users’ information and maintain their trust. 

This incident highlights the growing threat of cyberattacks on financial institutions and the critical need for robust security measures. Customers are reminded to stay alert and take proactive steps to protect their online accounts. Wise’s efforts to address the breach and protect their users underscore their commitment to maintaining trust and security for their customers.
Read more »
Slack
AI Models AI Training Customer Data Cyber Security Data Policies data security GDPR GDPR Breach Privacy Policy Salesforce Slack

Slack Faces Backlash Over AI Data Policy: Users Demand Clearer Privacy Practices

 

In February, Slack introduced its AI capabilities, positioning itself as a leader in the integration of artificial intelligence within workplace communication. However, recent developments have sparked significant controversy. Slack's current policy, which collects customer data by default for training AI models, has drawn widespread criticism and calls for greater transparency and clarity. 

The issue gained attention when Gergely Orosz, an engineer and writer, pointed out that Slack's terms of service allow the use of customer data for training AI models, despite reassurances from Slack engineers that this is not the case. Aaron Maurer, a Slack engineer, acknowledged the need for updated policies that explicitly detail how Slack AI interacts with customer data. This discrepancy between policy language and practical application has left many users uneasy. 

Slack's privacy principles state that customer data, including messages and files, may be used to develop AI and machine learning models. In contrast, the Slack AI page asserts that customer data is not used to train Slack AI models. This inconsistency has led users to demand that Slack update its privacy policies to reflect the actual use of data. The controversy intensified as users on platforms like Hacker News and Threads voiced their concerns. Many felt that Slack had not adequately notified users about the default opt-in for data sharing. 

The backlash prompted some users to opt out of data sharing, a process that requires contacting Slack directly with a specific request. Critics argue that this process is cumbersome and lacks transparency. Salesforce, Slack's parent company, has acknowledged the need for policy updates. A Salesforce spokesperson stated that Slack would clarify its policies to ensure users understand that customer data is not used to train generative AI models and that such data never leaves Slack's trust boundary. 

However, these changes have yet to address the broader issue of explicit user consent. Questions about Slack's compliance with the General Data Protection Regulation (GDPR) have also arisen. GDPR requires explicit, informed consent for data collection, which must be obtained through opt-in mechanisms rather than default opt-ins. Despite Slack's commitment to GDPR compliance, the current controversy suggests that its practices may not align fully with these regulations. 

As more users opt out of data sharing and call for alternative chat services, Slack faces mounting pressure to revise its data policies comprehensively. This situation underscores the importance of transparency and user consent in data practices, particularly as AI continues to evolve and integrate into everyday tools. 

The recent backlash against Slack's AI data policy highlights a crucial issue in the digital age: the need for clear, transparent data practices that respect user consent. As Slack works to update its policies, the company must prioritize user trust and regulatory compliance to maintain its position as a trusted communication platform. This episode serves as a reminder for all companies leveraging AI to ensure their data practices are transparent and user-centric.
Read more »
Stolen Data
Customer Data Data Breach EasyPark Phone Parking Service RingGo Stolen Credentials Stolen Data

RingGo: Phone Parking Service Suffers Data Breach, Customer Data Stolen


UK-based pay-by-phone parking service – RingGo – has suffered a data breach, where information including partial credit card numbers of several of its customers has been leaked. 

The EasyPark-owned company informed that the data of at least 950 customers had been stolen by the hackers. The data included names, phone numbers, addresses, email addresses and parts of credit card numbers.

According to the company, the compromised information is “non-sensitive” and claims that “no combination of this stolen data can be used to perform payments.”

However, it has warned customers have been warned against phishing scams, where threat actors use stolen customer details to send them emails and text messages, that look convincing, in order to scam the target victims. 

While British customers were the least affected by the breach, data of thousands of Europe-based customers are feared to be compromised. It needs to be made clear as to who is behind the data breach. 

Easypark further informs that it was “reaching out to all affected customers.” Meanwhile, RingGo claims to be “UK’s number one parking app,” with over 19 million customers. 

Using the company's app, drivers pay for parking using their smartphones by providing information about their vehicle, like the license plate number, and payment information, like a credit or debit card.

The Information Commissioner's Office (ICO) in the UK and the corresponding European agency have received reports from Stockholm-based EasyPark, according to a Tuesday Guardian report.

According to a statement published on the company’s website, the attack first came to light on December 10: "The attack resulted in a breach of non-sensitive customer data."

“We deeply care about our customers and want to make sure you are fully informed about this incident […] Our security team, including external security experts, is working hard to ensure effective security and privacy measures are in place[…]We are deeply sorry this happened and will continue to work hard every day to earn your trust.”

Owned by private equity firms Vitruvian Partners and Verdane, the company has operations across 4,000 cities in 23 countries, encompassing most of western Europe, the US, and Australia. Since its founding in 2001, it has expanded via several acquisitions.  

Read more »
Personal Data
Customer Data Data Breach data compromised Lyca Mobile Personal Data

Lyca Mobile Suffers Data Breach: Customers’ Personal Data Compromised


UK-based mobile virtual network operator (MVNO) running under EE network infrastructure – Lyca Mobile, has recently confirmed that it has suffered a cyberattack, resulting in unauthorized access to its customers’ personal data. 

Apparently, the cyberattack has affected millions of customers worldwide, with the exception of individuals in the United States, Australia, Ukraine, and Tunisia. On September 30, Lyca Mobile learned of the intrusion and took immediate measures, including isolating and shutting down the vulnerable systems.

The company further confirmed that it has reported the issues to security experts, and an investigation is ongoing. 

Lyca Mobile’s Update 

Lyca Mobile stressed in its official statement its commitment to minimize customer damage and pledged continued efforts to securely restore affected services. 

The company has informed the appropriate regulatory authorities and is working closely with them. Lyca Mobile cautioned impacted users to be on the lookout for any unusual activity and to take extra precautions to protect their information. 

The measures include resetting Lyca Mobile passwords, especially in case the user is using more than one account. Also, the company has urged online users to be cautious of unsolicited emails or any form of communication that asks for personal or financial information.

"Be suspicious of unsolicited requests for your personal or financial details. If you receive an e-mail which you're not sure about, treat it with caution, or if you have been a victim of fraud or cyber crime, contact your bank immediately and you should report this to the police," the company said in the statement.

"The security of your personal information is very important to us. As our investigation progresses, we will consider whether we need to take any further steps to help protect that information. While we hope to bring all of our systems back online as soon as possible, we are doing so carefully to minimize any further issues," it added.

The data compromised in the breach include identification information, such as names, addresses, and contact details, and interactions with customer service, recorded for up to 60 days. 

Also, the online accounts include information of customer’s credit card information, where Lyca Mobile records the last four digits and expiration date, with the full number encrypted for enhanced security. However, the company does not retail the 3-digit CVV code.

Additionally, the issue has disrupted the operation of Lyca Mobile’s number porting functionality, temporarily preventing PAC code issuing. The company stated that it is attempting to resolve this problem and fully restart all services.  

Read more »
Phishing Attacks
AP Stylebook Associated Press Customer Data Customer Data Exposed Cyberattack Data Breach Media Outlets Phishing Attacks

AP Stylebook Data Breach: Associated Press Warns That The Breach Led to Phishing Attacks


The Associated Press has warned of what potentially is a data breach in AP Stylebook servers, impacting their customers. Reportedly, the data has been used by the threat actors in launching their targeted phishing attacks. 

The AP Stylebook is a widely popular guide for grammar enthusiasts, used for a better insight in punctuations and writing styles by journalists, magazines and newsrooms.

About the Breach

The Associate press came up with a warning this week, informing AP Stylebook of their old third-party-managed site (no longer in use) that had apparently been under the hacker’s control between July 16 and July 22, 2023. The breach consequently led to the compromise of 224 customers’ data.

According to their report, the compromised data included customers’ personal information such as: 

  • Customer’s name 
  • Email address 
  • Residential address (street, city, state, zip code) 
  • Phone number 
  • User ID 
Also, customers who had registered to their tax-exempt IDs such as Social Security Number or Employer Identification Number, have also compromised their IDs in the breach. 

As stated by the AP, initial information regarding the possible breach reached them on July 20, 2023, when AP Stylebook users reported receiving phishing emails requesting that they update their credit card information. 

After learning of the phishing attack, the AP disabled their outdated site in order to stop any further attacks.

By the end of July, the company began warning AP Stylebook customers about the phishing attacks, informing them that the fraudulent mails were sent from 'support@getscore.my[.]id' with a subject similar to "Regarding AP Stylebook Order no. 07/20/2023 06:48:20 am." 

The Associated Press further advised AP Stylebook customers to reset their passwords upon their next login. 

With only 224 customers affected, this was hardly a significant data breach, however hackers who are always on the lookout for journalists' and media businesses' login information, make the breach noteworthy.

Acquiring illicit access to networks belonging to any media organization could consequently result in a variety of cyberattacks like extortion and ransomware attacks, data theft or even cyber espionage.

Some other examples of local or global media organizations that suffered a ransomware or cyberespionage attack includes News Corp, the Philadelphia Inquirer and the German newspaper Heilbronn Stimme.

Read more »
Gustaffo
Customer Data Data Breach European Hotel Chain Data Falkensteiner Gustaffo

Information of European Hotel Chain’s Customers Discovered in Unprotected Server


A researcher has recently found an unprotected server storing the personal data of several Falkensteiner hotel chain clients in Europe. 

Falkensteiner, the Austria-based hotel chain has hotels that are spread across Central and Eastern Europe, including Austria, Italy, Croatia, Slovakia, Serbia, and the Czech Republic. 

The compromised data of Falkensteiner was apparently discovered by researcher Anurag Sen, from the cloud security company CloudDefense.AI. Sen most recently found a US government computer that was leaking private emails from the US military. 

In an analysis conducted by Sen, it was found that the exposed customer data was linked to Gustaffo, a firm providing IT solutions for the hospitality sector. 

The researcher claims that he alerted Falkensteiner and Gustaffo, but neither one of them responded. Sen informed the company, but shortly thereafter he found that the server was protected. 

According to Sen, before it was taken offline, the compromised Elasticsearch server hosted more than 11 GB of data. In the exposed database, he discovered more than 102,000 records with full names, contact information (phone and email), and booking information. 

The researcher has shown his discontent with how the impacted companies have addressed the issue. “They haven’t responded to his emails and haven’t notified customers about the data breach,” he says. 

Gustaffo, however, claims that after learning about the leak from another researcher, they actually secured the server. The Austria-based company, which does have a responsible disclosure procedure, informed that its analysis revealed the problem was contained to a single system and that only about 13,000 individuals' personal information was compromised. 

Gustaffo representatives further explain that many of the records are probably duplicates, taking into account that the company does not store data of more than 13,000 customers. 

The company adds that it has taken every necessary measure and performed security updates to its system and is in contact with the government authorities to help handle the situation. 

Moreover, while no initial statement was provided by Falkensteiner, the company has recently addressed the issue and said, “we have been informed about a possible weakness in the database access systems at one of our subcontractors. FMTG takes the security of our customer’s data very seriously. Therefore, we are looking closely into this issue and cooperating with the subcontractor to improve their IT systems. We also informed the relevant data protection authority.”  

Read more »
User Privacy
Customer Data Digital Security Privacy Privacy Policy User Privacy

 Digital Resignation is Initial Stage of Safeguarding Privacy Online

 

Several internet businesses gather and use our personal information in exchange for access to their digital goods and services. With the use of that data, they can forecast and affect our behavior in the future. Recommendation algorithms, targeted marketing, and individualized experiences are examples of this type of surveillance capitalism.

Many customers are unhappy with these methods, especially after knowing how their data is obtained, despite tech companies' claims that these personalized experiences and advantages improve the user's experience.

Digital resignation refers to the circumstance in which users of digital services continue to do so while being aware that the businesses providing those services are violating their privacy by conducting extensive monitoring, manipulating them, or otherwise negatively affecting their well-being.

The Cambridge Analytica scandal and Edward Snowden's disclosures about widespread government spying shed light on data-collecting techniques, but they also leave individuals feeling helpless and accustomed to the idea that their data will be taken and exploited without their express agreement. Digital resignation is what we call this.

Acknowledging and improving these tactics is the responsibility of both policymakers and businesses. Dealing with data gathering and use alone will not result in corporate accountability for privacy issues.

Our daily lives are completely surrounded by technology. But it's impossible to obtain informed consent when the average person lacks the motivation or expertise necessary to understand confusing terms and conditions rules.

However, the European Union passed regulations that acknowledge these destructive market dynamics and have begun to hold platforms and internet giants accountable. 

With the passage of Law 25, Québec has updated its privacy rules. The purpose of the law is to give people more protection and control over their personal information. It grants individuals the right to seek the transfer of their personal data to another system, its correction or deletion (the right to be forgotten), as well as the right to notice before an automated decision is made.

Additionally, it mandates that businesses designate a privacy officer and committee and carry out privacy impact analyses for any project involving personal data. Also, it is necessary to gain explicit agreement and to communicate terms and rules clearly and transparently. 


Read more »
Vulnerabilities and Exploits
Customer Data data security Flaws Hacker Security Security flaw Vulnerabilities and Exploits

Major Experian Security Vulnerability Exploited, Attackers Access Customer Credit Reports

 

As per experts, the website of consumer credit reporting giant Experian comprised a major privacy vulnerability that allowed hackers to obtain customer credit reports with just a little identity data and a small change to the address displayed in the URL bar. 

Jenya Kushnir, a cybersecurity researcher, discovered the vulnerability on Telegram after monitoring hackers selling stolen reports and collaborated with KrebsOnSecurity to investigate it further. The concept was straightforward: if you had the victim's name, address, birthday, and Social Security number (all of which could be obtained from a previous incident), you could go to one of the websites offering free credit reports and submit the information to request one.

The website would then redirect you to the Experian website, where you would be asked to provide more personally identifiable information, such as questions about previous addresses of living and such.
And this is where the flaw can be exploited. 

There is no need to answer any of those questions; simply change the address displayed in the URL bar from "/acr/oow/" to "/acr/report," and you will be presented with the report. While testing the concept, Krebs discovered that changing the address first redirects to "/acr/OcwError," but changing it again worked: "Experian's website then displayed my entire credit file," according to the report.

The good news (if it can be called that) is that Experian's reports are riddled with errors. In the case of Krebs, it contained a number of phone numbers, only one of which was previously owned by the author.

Experian has remained silent on the matter, but the issue appears to have been resolved in the meantime. It's unknownfor how long the flaw was active on the site or how many fraudulent reports were generated during that time.
Read more »
User Privacy
Customer Data Data Breach Data Leak FCC Telecom Firms United States User Privacy

FCC Wants Telecom Companies to Notify Data Breaches More Quickly

 

The Federal Communications Commission of the United States intends to improve federal law enforcement and modernise breach notification needs for telecommunications firms so that customers are notified of security breaches as soon as possible.

The FCC's proposals (first made public in January 2022) call for getting rid of the current requirement that telecoms wait seven days before notifying customers of a data breach. 

Additionally, the Commission wants telecommunications providers to notify the FBI, Secret Service, and FCC of any significant breaches. 

According to FCC Chairwoman Jessica Rosenworcel, "We propose to eliminate the antiquated seven business day mandatory waiting period before notifying customers, require the reporting of accidental but harmful data breaches, and ensure that the agency is informed of major data breaches.

In a separate press release, the FCC stated that it was considering "clarifying its rules to require consumer notification by carriers of inadvertent breaches and to require notification of all reportable breaches to the FCC, FBI, and U.S. Secret Service." 

In 2007, the Commission passed the first regulation mandating that telecoms and interconnected VoIP service providers notify federal law enforcement agencies and their clients of data breaches. 

The severity of recent telecom hacks demonstrates the need for an update to the FCC's data breach rules to bring them into compliance with federal and state data breach laws governing other industries. For instance, Comcast Xfinity customers reported in December that their accounts had been compromised as a result of widespread attacks that avoided two-factor authentication.

Verizon informed its prepaid customers in October that their accounts had been compromised and that SIM swapping attacks had used the exposed credit card information.

According to reports, T-Mobile has also experienced at least seven breaches since 2018. The most recent one was made public after Lapsus$ hackers broke into the business' internal systems and stole confidential T-Mobile source code.

Finally, in order to end an FCC investigation into three separate data breaches that affected hundreds of thousands of customers, AT&T paid $25 million in April 2016.

"The law requires carriers to protect sensitive consumer information but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect consumers and strengthen reporting requirements," Rosenworcel stated. "To better protect consumers, boost security, and lessen the impact of future breaches, this new proceeding will take a much-needed, fresh look at our data breach reporting rules."
Read more »
Passwords
1Password Manager Customer Data Customer Passwords Cyber Crime Hackers Hacking Passwords

Hackers Had Internal Access for 4 Days

Password management solution LastPass has confirmed that the company was hacked and the hackers had access to its development system for four days. The company stated in a blog post that nearly two weeks back, it detected some “unusual activity” in portions of its “LastPass development environment”, and immediately carried out an investigation for the same. 

As per the company’s reports, the hackers likely gained access to some of its source code through “a single compromised developer account”. The hackers were able to compromise a company developer’s endpoint to gain access to the Development environment, impersonating the developer after he “authenticated using multi-factor authentication,” which allowed them to get hold of some of the source code and “some proprietary LastPass technical information”. However, the company claims that no user data was compromised during the action.  

The company states that all of its “products and services are operating normally.” The Investigation for the hack is still ongoing and the company states that it has “implemented additional enhanced security measures.” 

LastPass CEO Karim Toubba stated that “There is no evidence of any threat actor activity beyond the established timeline [...] there is no evidence that this incident involved any access to customer data or encrypted password vaults”. 

The company restated that despite the unauthorized access, the hacker did not succeed in getting hold of any sensitive user data owing to system design and zero trust access (ZTA) is put in place to avert such incidents in the future. 

ZTA includes complete segregation of the Development and Production environment and the company’s own inability to access any of its customer’s password vaults without the master password set by the customers. “Without the master password, it is not possible for anyone other than the owner of a vault data,” the CEO stated. 

Lastly, LastPass also mentioned that it has restored to the services of a leading cybersecurity firm to enhance its source code safety practices and will ensure its system’s security, deploying additional endpoint security guardrails in both Development and Production environments to better detect and prevent any attack aiming at its systems.
Read more »
Sensitive data
BlackBerry CaaS Customer Data Malvertising Campaign malware Online Traffic Phishing and Spam Sensitive data

Russian Hackers Employ Malicious Traffic Direction Systems to Spread Malware



Researchers have discovered possible linkages among a subscription-based crimeware-as-a-service (Caas) solution as well as a cracked copy of Cobalt Strike according to what they presume is being offered as a tool for customers to stage post-exploitation operations. 

Prometheus is an open-source activity monitoring and warning system for cloud applications that are based on metrics. Nearly 800 cloud-native companies, namely Uber, Slack, Robinhood, as well as others, employ it. 

Prometheus offers convenient observation of a system's state along with hardware and software metrics like memory use, network utilization, and software-specific defined metrics by scraping real-time information from numerous endpoints (ex. number of failed login attempts to a web application).

Prometheus has an understood policy of omitting built-in support for security features like authentication and encryption because the numeric metrics it collects are not deemed sensitive data. This allows the company to focus on creating monitoring-related services. It's being advertised on Russian underground forums as a traffic direction system (TDS) which allows bulk phishing redirection to rogue landing pages, designed to deliver malware payloads on targeted computers for $250 per month. 

"A system of a malicious technology, malicious email circulation, illicit folders across authorized platforms, traffic diversion, and the capacity to deliver infected files are the significant elements of Prometheus," the BlackBerry Research and Intelligence Team stated in a report. 

The redirection comes from one of two places: malicious advertisements on normal websites, or websites that have been tampered with to install harmful code. The attack network begins with a spam email that contains an HTML file or a Google Docs page; when opened, it redirects the victim to a compromised website that hosts a PHP backdoor fingerprint smudges the machine to determine whether to serve the victim with malware or redirect the user to another page that may contain a phishing scam.

While TDS's aren't a novel concept, the level of sophistication, support, and cheap financial cost lend validity to the hypothesis that this is a trend that will likely emerge in the threat environment in the near future, the researchers wrote.

In addition to enabling these techniques, it is strongly advised for anyone with a Prometheus implementation to query the previously listed endpoints to see if sensitive data was exposed before the identification and TLS functionalities in Prometheus were implemented.
Read more »
VPN
Customer Data Cyber Crime cybercriminals Europol VPN

VPNLab.net Service was Seized Because it was Used by Criminals to Spread Ransomware

 

Following a coordinated worldwide police investigation, a VPN service used by criminals to spread ransomware, malware, and facilitate other forms of cybercrime has been knocked offline. The 15 servers used by the VPNLab.net service have been seized or disrupted as part of a combined operation by Europol, Germany's Hanover Police Department, the FBI, the UK's National Crime Agency (NCA), and others. 

According to Europol, VPNLab.net was founded in 2008 and provides services based on OpenVPN technology and 2048-bit encryption to give online anonymity for as little as $60 per year. The service also offered a double VPN, with servers located in a variety of countries. "This made VPNLab.net a popular choice for cybercriminals, who could use its services to carry on committing their crimes without fear of detection by authorities," the agency said. 

According to Europol, several investigations have revealed criminals using the VPNLab.net service to enable illegal operations such as virus dissemination. Other incidents demonstrated the service's usage in the setup of infrastructure and communications for ransomware operations, as well as the actual deployment of malware. Cybercriminals also utilized the site to spread malware while evading authorities — but now that the servers have been seized, law enforcement is reviewing customer data in an attempt to identify cybercriminals and victims of cyberattacks.

The vpnlab.net domain presently shows a warning telling visitors that the domain has been seized by legal enforcement. According to the statement, authorities obtained consumer data held on confiscated servers, and an inquiry has been initiated. Europol has not revealed which types of malware and ransomware were distributed using the VPN provider. As a consequence of the investigation, more than 100 organizations have been identified as being vulnerable to cyberattacks, and law enforcement is collaborating with them to mitigate any possible compromise. 

"The actions carried out under this investigation make clear that criminals are running out of ways to hide their tracks online," said Edvardas Šileris, head of Europol's European Cybercrime Centre (EC3). "Each investigation we undertake informs the next, and the information gained on potential victims means we may have pre-empted several serious cyberattacks and data breaches," he added. 

On January 17, 2022, authorities from Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the United States, and the United Kingdom joined forces to disrupt VPNLab, with assistance from Europol.
Read more »
Subscribe to: Posts (Atom)