Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Customer Information. Show all posts
Ransomware attack
comcast Comcast data breach Customer Information Data Breach data security Data Theft debt collector FBCS Ransomware attack

Comcast Data Breach: Over 237,000 Customers’ Information Stolen in Cyberattack on Debt Collector

 

Comcast has confirmed that sensitive data on 237,703 of its customers was stolen in a cyberattack on Financial Business and Consumer Solutions (FBCS), a debt collection agency it previously worked with. The breach, which occurred in February 2024, involved unauthorized access to FBCS’s computer systems, resulting in the theft of customer data, including names, addresses, Social Security numbers, and Comcast account information. Although Comcast was initially assured that none of its customers were affected by the breach, FBCS later revealed that the data had indeed been compromised. 

The breach unfolded between February 14 and February 26, 2024. During this period, the attackers downloaded sensitive data and encrypted some systems as part of a ransomware attack. FBCS launched an investigation upon discovering the breach and involved third-party cybersecurity specialists to assess the damage. However, it wasn’t until July 2024 that FBCS contacted Comcast again, informing the company that its customer data had been part of the stolen records. Comcast acted promptly upon receiving this updated information, notifying its affected customers in August and offering support services such as identity and credit monitoring. This move came after FBCS informed Comcast that, due to its current financial difficulties, it could not provide the necessary protection services for those affected. 

Comcast has stepped in to offer these services directly to its customers. The breach exposed not just Comcast’s customers but also a broader group of individuals, with FBCS initially revealing that over 4 million records had been compromised. The exact method of the breach and how the attackers infiltrated FBCS’s systems remain unclear, as FBCS has not disclosed specific technical details. Additionally, no ransomware group has claimed responsibility for the attack, leaving the full scope of the incident somewhat shrouded in mystery. Comcast has made it clear that its own systems, including those of its broadband and television services, were not affected by the breach. The data stolen from FBCS pertains to customers who were registered around 2021, and Comcast had ceased using FBCS for debt collection services by 2020. 

Nevertheless, this breach highlights the risks that third-party service providers can pose to customer data security. In the aftermath, this incident serves as a reminder of the growing threat posed by cyberattacks, particularly ransomware, which has become a common tactic for malicious actors. As companies increasingly rely on third-party vendors for services such as debt collection, the need for stringent security measures and oversight becomes even more critical. Comcast’s experience shows how quickly situations can evolve and how third-party vulnerabilities can directly impact a company’s customers. While Comcast has taken steps to mitigate the damage from this breach, the case of FBCS raises important questions about the security practices of third-party service providers. 

As data breaches become more frequent, customers may find themselves at risk from vulnerabilities in systems beyond the companies with which they interact directly.
Read more »
data security
Bounty CERT-In Crypto Funds cryptocurrency cryptocurrency theft Customer Information Cyber Attacks data security

WazirX Responds to Major Cyberattack with Trading Halt and Bounty Program

 

In the wake of a significant cyberattack, WazirX, one of India’s foremost cryptocurrency exchanges, has taken drastic measures to mitigate the damage. The exchange announced a halt in trading and introduced a bounty program aimed at recovering stolen assets. This attack has severely impacted their ability to maintain 1:1 collateral with assets, necessitating immediate action. 

In a series of posts on X, WazirX detailed their response to the breach. They have filed a police complaint and reported the incident to the Financial Intelligence Unit (FIU) and CERT-In. Co-founder Nischal Shetty emphasized the urgency of the situation, stating that the exchange is reaching out to over 500 other exchanges to block the identified addresses associated with the stolen funds. This broad collaboration is essential as the stolen assets move through various platforms. 

To further their recovery efforts, WazirX is launching a bounty program to incentivize individuals and entities to help freeze or recover the stolen assets. This initiative is part of a broader strategy to trace the stolen funds and enhance the security measures of the exchange. The team is also consulting with several expert groups specializing in cryptocurrency transaction tracking to provide continuous monitoring and support during the recovery process. The exchange expressed gratitude for the support from the broader Web3 ecosystem, underscoring the need for a collective effort to resolve the issue and maintain the integrity of the Web3 community. 

Shetty mentioned that the team is conducting a thorough analysis to understand the extent of the damage caused by the attack. This analysis is crucial for developing an effective recovery plan and ensuring that all possible measures are taken to protect customer funds. In addition to their internal efforts, WazirX is working closely with forensic experts and law enforcement agencies to identify and apprehend the perpetrators. This collaboration aims to ensure that those responsible are brought to justice and that as many stolen assets as possible are recovered. 

The cyberattack has resulted in a substantial loss of approximately $235 million, making it one of the largest hacks of a centralized exchange in recent history. Crypto investigator ZachXBT revealed that the main attacker’s wallet still holds over $104 million in funds, which have yet to be offloaded. 

This highlights the ongoing challenges and complexities of securing digital assets in the ever-evolving cryptocurrency landscape. WazirX’s proactive measures and the support from the broader community will be crucial in navigating this crisis and reinforcing the security frameworks essential for the future of cryptocurrency exchanges.
Read more »
Security
AI technology Customer Information Data Breach Data Hackers OpenAI Security

Hacker Breaches OpenAI, Steals Sensitive AI Tech Details


 

Earlier this year, a hacker successfully breached OpenAI's internal messaging systems, obtaining sensitive details about the company's AI technologies. The incident, initially kept under wraps by OpenAI, was not reported to authorities as it was not considered a threat to national security. The breach was revealed through sources cited by The New York Times, which highlighted that the hacker accessed discussions in an online forum used by OpenAI employees to discuss their latest technologies.

The breach was disclosed to OpenAI employees during an April 2023 meeting at their San Francisco office, and the board of directors was also informed. According to sources, the hacker did not penetrate the systems where OpenAI develops and stores its artificial intelligence. Consequently, OpenAI executives decided against making the breach public, as no customer or partner information was compromised.

Despite the decision to withhold the information from the public and authorities, the breach sparked concerns among some employees about the potential risks posed by foreign adversaries, particularly China, gaining access to AI technology that could threaten U.S. national security. The incident also brought to light internal disagreements over OpenAI's security measures and the broader implications of their AI technology.

In the aftermath of the breach, Leopold Aschenbrenner, a technical program manager at OpenAI, sent a memo to the company's board of directors. In his memo, Aschenbrenner criticised OpenAI's security measures, arguing that the company was not doing enough to protect its secrets from foreign adversaries. He emphasised the need for stronger security to prevent the theft of crucial AI technologies.

Aschenbrenner later claimed that he was dismissed from OpenAI in the spring for leaking information outside the company, which he argued was a politically motivated decision. He hinted at the breach during a recent podcast, but the specific details had not been previously reported.

In response to Aschenbrenner's allegations, OpenAI spokeswoman Liz Bourgeois acknowledged his contributions and concerns but refuted his claims regarding the company's security practices. Bourgeois stated that OpenAI addressed the incident and shared the details with the board before Aschenbrenner joined the company. She emphasised that Aschenbrenner's separation from the company was unrelated to the concerns he raised about security.

While the company deemed the incident not to be a national security threat, the internal debate it sparked highlights the ongoing challenges in safeguarding advanced technological developments from potential threats.


Read more »
Information Security
Businesses Customer Information Cyber Threats Data Breach Data Storage Information Security

The Role of Immutable Data Storage in Strengthening Cybersecurity


 

In today’s rapidly advancing digital world, how organisations store their data is crucial to their cybersecurity strategies. Whether protecting sensitive customer information, securing intellectual property, or ensuring smooth business operations, effective data storage methods can prominently impact an organisation's defence against cyber threats.

Modern businesses are experiencing a massive increase in data generation. This surge is driven by technological innovation, growing customer interactions, and expanding business operations. As data continues to grow at an exponential rate, organisations must find ways to fully utilise this data while also ensuring its security and availability.

Cyberattacks are becoming more frequent and sophisticated, making data protection a top priority for businesses. Ransomware attacks, in particular, are a major concern. These attacks involve cybercriminals encrypting an organisation’s data and demanding a ransom for its release. According to the Verizon 2023 Data Breach Investigations report, ransomware is involved in over 62% of incidents linked to organised crime and 59% of financially motivated incidents. The consequences of such attacks are severe, with businesses taking an average of 9.9 days to return to normal operations after a ransomware incident. Additionally, 1 in 31 companies worldwide faces weekly ransomware attacks, underscoring the urgent need for robust data protection measures.

Immutable data storage has become a key strategy in bolstering cybersecurity defences. Unlike traditional storage methods, which allow data to be modified or deleted, immutable storage ensures that once data is written, it cannot be altered or erased. This feature is crucial for maintaining data integrity and protecting critical information from tampering and unauthorised changes.

By adopting immutable storage solutions, organisations can significantly reduce the risks associated with cyberattacks, particularly ransomware. Even if attackers manage to penetrate the network, the immutable data remains unchanged and intact, rendering ransom demands ineffective. This approach not only protects sensitive information but also helps maintain business continuity during and after an attack.

As businesses continue to face the growing threat of cybercrime, adopting advanced data storage solutions like immutable storage is essential. By ensuring that data cannot be altered or deleted, organisations can better protect themselves from the devastating impacts of cyberattacks, safeguard critical information, and maintain operations without interruption. In an age where data is both a valuable asset and a prime target, robust storage strategies are indispensable to a comprehensive cybersecurity strategy.



Read more »
US Cyber Security
Customer Information Cyber Security data security Data Theft IT systems breach sensitive data theft US Cyber Security

Back-to-Back Cyberattacks Disrupt Car Dealers in the US and Canada

 

In recent weeks, car dealerships across the United States and Canada have been severely disrupted by consecutive cyberattacks, underlining the growing vulnerability of the automotive retail sector. These attacks, involving sophisticated ransomware operations, have caused significant operational challenges, impacting the ability of dealerships to conduct business as usual. 

The cybercriminals targeted dealership IT systems, locking down critical data and demanding hefty ransoms for its release. This tactic has not only paralyzed daily operations but also jeopardized sensitive customer information. The attacks have disrupted everything from vehicle sales and service appointments to finance and insurance processes, causing substantial financial losses and reputational damage. 

One of the primary concerns stemming from these incidents is the exposure of customer data. Personal details, financial information, and even vehicle identification numbers (VINs) are at risk, potentially leading to identity theft and financial fraud. This breach of trust can have long-term consequences for the affected dealerships, eroding customer confidence and loyalty. The recent wave of cyberattacks has prompted a swift response from the automotive industry and cybersecurity experts. Dealerships are being urged to enhance their cybersecurity protocols, including implementing stronger encryption methods, regular system audits, and comprehensive employee training programs. 

These measures are essential to fortify defenses against future attacks and safeguard sensitive information. The automotive sector, much like other industries, must recognize the persistent threat posed by cybercriminals. As these attacks become increasingly sophisticated, the need for proactive and robust cybersecurity strategies is more critical than ever. This includes not only technical defenses but also a culture of awareness and vigilance among employees. 

In the wake of these attacks, industry bodies and regulatory authorities are also calling for greater collaboration and information sharing. By working together, dealerships can better understand emerging threats, share best practices, and develop collective defenses against cyber adversaries. The disruptions caused by these back-to-back cyberattacks serve as a stark reminder of the importance of cybersecurity in the digital age. 

For car dealerships, the priority must now be on bolstering their defenses to protect their operations and the personal data of their customers. As the automotive industry continues to embrace digital transformation, ensuring robust cybersecurity measures will be key to maintaining business continuity and customer trust.
Read more »
VPN
Customer Information DHCP. Technology TunnelVision VPN

New Attack Renders Most VPN Apps Vulnerable

 


A new attack, dubbed TunnelVision, has materialised as a threat to the security of virtual private network (VPN) applications, potentially compromising their ability to protect user data. Researchers have detected vulnerabilities affecting nearly all VPN apps, which could allow attackers to intercept, manipulate, or divert traffic outside of the encrypted tunnel, undermining the fundamental purpose of VPNs.


How TunnelVision Works

TunnelVision exploits a flaw in the Dynamic Host Configuration Protocol (DHCP) server, the system responsible for assigning IP addresses on a network. By manipulating a specific setting called option 121, attackers can divert VPN traffic through the DHCP server, bypassing the encrypted tunnel meant to secure the data. This manipulation allows attackers to intercept, read, drop, or modify the traffic, compromising the user's privacy and the integrity of the VPN connection.


Implications for VPN Users

The consequences of TunnelVision are severe. Despite users trusting that their data is securely transmitted through the VPN, the reality is that some or all of the traffic may be routed outside of the protected connection. This means that sensitive information, such as passwords, financial details, or personal communications, could be exposed to interception or manipulation by unauthorized parties.

The vulnerability affects a wide range of operating systems and devices, with the exception of Android, which does not implement option 121 in its DHCP server. For other operating systems, including Linux, there are no complete fixes available. Even with mitigations in place, such as minimising the effects on Linux, TunnelVision can still exploit side channels to compromise security.

While there is no foolproof solution to the TunnelVision attack, certain measures can reduce the risk. Running the VPN inside a virtual machine or connecting through a cellular device's Wi-Fi network can enhance security by isolating the VPN connection from potential attacks. However, these solutions may not be accessible or practical for all users, highlighting the need for further research and development in VPN security.

TunnelVision represents a harrowing threat to the integrity of VPNs, undermining their ability to protect user data from interception and manipulation. With the potential for widespread exploitation, it is essential for VPN providers and users to be aware of the risks and take appropriate measures to steer clear of potential attacks. 


Read more »
Identity Theft
Customer Information cyber attack Data Breach Data Leak data security Experian Identity Theft

Wells Fargo Data Breach: Safeguarding Customer Information in a Digital Age

 

In a digital age where data breaches have become all too common, the recent disclosure of a data breach at Wells Fargo, a prominent multinational financial services corporation, has once again brought cybersecurity concerns to the forefront. The breach, impacting the personal information of two clients, underscores the challenges faced by financial institutions in safeguarding sensitive data and maintaining customer trust. 

The breach exposed clients' names and mortgage account numbers, raising significant concerns about the security of personal information within the financial services sector. According to Wells Fargo, the breach was not the result of a cyberattack but rather an employee breaching company policy by transferring information to a personal account. While the exact timeline and duration of unauthorized access remain unclear, Wells Fargo has taken swift action to address the situation and mitigate risks to affected individuals. 

In response to the breach, Wells Fargo has prioritized the welfare of its customers and has taken proactive steps to assist those impacted. The company has offered complimentary two-year subscriptions to Experian IdentityWorks5M, a comprehensive identity theft detection service. This includes daily monitoring of credit reports, internet surveillance to monitor identity-related activity, and full-service identity restoration in the event of theft. Affected individuals are encouraged to activate their subscriptions within 60 days from the date printed on the notification letter, either online or by phone. The team is available via phone during specified hours and offers language assistance services for non-English speakers, as well as support for individuals with hearing or speech difficulties. 

While the specifics of the data breach are still under investigation, Wells Fargo remains committed to enhancing security measures and preventing similar incidents in the future. The breach serves as a stark reminder of the evolving nature of cyber threats and the importance of remaining vigilant in protecting sensitive information. This incident also highlights a recurring issue within the banking industry, as Wells Fargo is not the only financial institution to experience a data breach in recent months. 

In February 2024, Bank of America, another one of the Big Four Banks in North America, announced a data breach affecting its customers. The Bank of America data breach was attributed to a cyberattack targeting one of its service providers, Infosys McCamish Systems. 

As investigations into the breach continue, Wells Fargo reassures its customers of its unwavering commitment to security and vows to implement additional measures to safeguard customer information. Despite the challenges posed by cyber threats, Wells Fargo remains dedicated to maintaining customer trust and protecting sensitive data in an increasingly interconnected world.
Read more »
Mortgage Industry
Alvaria Customer Information Cyber Security Data Breaches Mortgage Industry

Inside the Carrington Mortgage Services Ransomware Attack: Compromised Data and Cybersecurity Measures

cybersecurity incidents in the mortgage industry

The Carrington Mortgage Services Ransomware Attack

Cybersecurity incidents have become increasingly common in the mortgage industry, with multiple lenders and servicers experiencing data breaches that compromised sensitive customer information. Carrington Mortgage Services is the latest player to be impacted, as a ransomware attack at its vendor Alvaria compromised the information of its customers, including partial Social Security numbers. 

In this blog post, we'll take a closer look at the details of this breach, as well as other recent cybersecurity incidents in the mortgage industry.

Details of the Data Compromised in the Attack

Last week, Carrington Mortgage Services announced that a technology company it uses, Alvaria, experienced a ransomware attack in March. As a result, the personal information of some of Carrington's customers, including partial Social Security numbers, was compromised. 

 Although neither Carrington nor Alvaria disclosed the total number of affected clients, a letter to state attorneys general indicated that at least 4,167 residents of Massachusetts were impacted. This is the most recent hack of a mortgage player, following a series of incidents across the industry last year. 

Alvaria's Response to the Breach

Alvaria responded to the attack by restoring its operations through backups and securing its networks. According to the Lowa letter, “the unauthorized actor obtained some data associated with the company maintained in the technical system log and temp files.” “While Alvaria performed its forensic investigation, the company completed its analysis of the affected data on April 4, 2023 

According to Carrington Mortgage Services, compromised data due to the breach at Alvaria includes clients' names, mailing addresses, telephone numbers, loan numbers and balances, and the last four digits of their Social Security numbers. 

However, when asked about Alvaria's reported data breach, Carrington's attorney declined to comment, while Alvaria's general counsel deferred to a company spokesperson. Alvaria did notify the FBI and took additional security measures following the breach, although the details of these measures were not disclosed. 

Impact of Data Breaches on Mortgage Lenders and Servicers

In an effort to mitigate the effects of the breach, Carrington is offering customers 24 months of free credit monitoring and fraud consultation from Experian. In a letter to the Iowa Attorney General, Carrington defended its information security diligence and stated that it had received positive reviews from state and federal regulators, rating agencies, and banking counterparts. 

The letter signed by the attorney for Carrington said: “Nevertheless, in light of this event, the company has begun an additional assessment of Alvaria's technical security measures to ensure that Alvaria has been providing and will continue to provide the security measures promised to the company and to help ensure this type of incident does not happen again.” 

Carrington Mortgage Services has been actively involved in the mortgage servicing rights market and purchased $62.3 billion in 2020, making it one of the top 25 services in the country. In total, it holds $122.1 billion in MSRs from 682,000 borrowers. This incident is the second data breach at Alvaria within four months, with the previous attack being disclosed in February and impacting 4,695 customers. 

Other Cybersecurity Incidents in the Mortgage Industry

The Hive Ransomware group was responsible for this attack, and in November, the group released corporate records on the dark web, though no customer data was included. It's unclear whether the November breach affected mortgage customer data. In 2021 alone, various mortgage lenders have disclosed cybersecurity incidents that impacted 191,000 customers. 

These attacks have ranged in severity, from incidents affecting as few as 600 customers to a third-party breach that impacted 139,493 customers of Hatch Bank in California. Several class action complaints against impacted companies remain pending in federal courts, including those against servicers such as Key Bank, Lower, and Overby-Seawell Company.

Read more »
Subscribe to: Posts (Atom)