Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Breach. Show all posts
SEC filing
Data Breach Data Theft ENGlobal Ransomware attack SEC filing

ENGlobal Corporation Hit by Ransomware Attack: Sensitive Data Exposed

 

ENGlobal Corporation, a prominent contractor in the energy sector, has disclosed that a ransomware attack in November 2024 led to the exposure of sensitive personal data. The incident, which occurred on November 25, forced the company to take certain systems offline as a containment measure, limiting access to only critical business processes.

Details of the Attack and Response

In early December, ENGlobal reported the incident to the U.S. Securities and Exchange Commission (SEC), stating that some data on its systems had been encrypted during the attack. However, at the time, the company did not confirm whether any data had been stolen. In a subsequent regulatory filing, ENGlobal revealed that the attackers had indeed accessed sensitive personal information stored on its systems, though it did not provide specific details about the nature or scope of the breach. 

“The cybersecurity incident involved the threat actor’s access to a portion of the company’s IT system that contained sensitive personal information. The company intends to provide notifications to affected and potentially affected parties and applicable regulatory agencies as required by federal and state law,” ENGlobal stated.

ENGlobal assured stakeholders that the threat actor had been removed from its network and that all systems had been fully restored. The company also confirmed that its business operations and functions have resumed as usual. However, the attack significantly disrupted the company’s operations for approximately six weeks, limiting access to critical business applications, including financial and operating reporting systems.

Despite the disruption, ENGlobal stated that the incident is not expected to have a material impact on its financial position or operational results. The company emphasized its commitment to notifying affected individuals and regulatory agencies in compliance with federal and state laws.

The Growing Threat of Ransomware and Mitigation Strategies

The ENGlobal incident highlights the escalating threat of ransomware attacks, particularly against critical infrastructure and energy sector companies. Ransomware attacks not only disrupt operations but also expose sensitive data, putting individuals and organizations at risk of identity theft, financial fraud, and other cybercrimes.

To mitigate such risks, cybersecurity experts recommend the following measures:

  1. Regular Backups: Maintain frequent and secure backups of critical data to ensure quick recovery in case of an attack.
  2. Employee Training: Educate employees on recognizing phishing attempts and other common attack vectors.
  3. Multi-Factor Authentication (MFA): Implement MFA to add an extra layer of security to accounts and systems.
  4. Incident Response Plan: Develop and regularly update an incident response plan to ensure a swift and effective response to cyberattacks.
  5. Network Segmentation: Divide networks into smaller segments to limit the spread of ransomware in case of a breach.

As of now, no known ransomware group has claimed responsibility for the attack, and ENGlobal has not disclosed any information about the threat actor behind the incident. This lack of attribution is not uncommon in ransomware cases, as attackers often operate anonymously to avoid legal repercussions.

The ransomware attack on ENGlobal Corporation serves as a stark reminder of the vulnerabilities faced by organizations in the energy sector and beyond. While the company has managed to restore its systems and resume operations, the incident underscores the importance of robust cybersecurity measures and proactive threat mitigation strategies. As ransomware attacks continue to evolve, organizations must remain vigilant and prepared to defend against increasingly sophisticated threats.

Read more »
PayPal
2FA Data Breach financial services Passwords PayPal

PayPal Fined $2 Million for Data Breach: A Wake-Up Call for Cybersecurity

 


PayPal has been fined $2 million by the New York State Department of Financial Services (DFS) for failing to protect customer data, resulting in a significant security breach. The incident, which occurred in December 2022, exposed sensitive information, including social security numbers, names, and email addresses of thousands of users. This breach has raised serious concerns about PayPal’s cybersecurity practices and its ability to safeguard customer data.

How Did the Breach Happen?

The breach occurred during an update to PayPal’s system to grant access to IRS Form 1099-Ks, which is used to report income. The employees responsible for implementing these changes lacked proper cybersecurity training, leaving the system vulnerable to exploitation. Cybercriminals used a technique called credential stuffing, where stolen login credentials from previous breaches are tested on other platforms. Since many users reuse passwords across multiple sites, this method often succeeds.

Due to these security flaws, hackers gained access to sensitive customer data, putting affected users at risk of identity theft, financial fraud, and phishing scams. The breach highlights the critical importance of robust cybersecurity measures and well-trained personnel.

Following an investigation, DFS concluded that PayPal lacked qualified cybersecurity personnel and failed to provide adequate training to its workforce. These shortcomings directly contributed to the breach. Adrienne A. Harris, Superintendent of DFS, emphasized the need for companies handling financial data to prioritize cybersecurity.

"Qualified cybersecurity personnel are the first line of defense against potential data breaches. Companies must invest in proper training and effective security policies to protect sensitive data and mitigate risks," Harris stated.

Data breaches like this one can have severe consequences for users. When personal information such as social security numbers and email addresses is leaked, cybercriminals can exploit it for identity theft, financial fraud, or phishing attacks.

Expert Recommendations for Users

To protect themselves from similar breaches, cybersecurity experts recommend the following steps:

  1. Enable Two-Factor Authentication (2FA): Adding an extra layer of security can significantly reduce the risk of unauthorized access.
  2. Use Unique Passwords: Avoid reusing passwords across multiple accounts to prevent credential stuffing attacks.
  3. Monitor Financial Activity: Regularly check bank statements and credit reports for any suspicious transactions.

The Bigger Picture: Cybersecurity in Financial Institutions

This incident underscores a growing problem in the financial sector: inadequate cybersecurity measures. Despite being a global payment giant, PayPal’s failure to implement reasonable security measures left its users vulnerable to cyberattacks. Financial institutions must prioritize cybersecurity by investing in advanced technologies, hiring skilled professionals, and providing comprehensive employee training.

DFS has been taking strict action against companies that fail to meet cybersecurity standards. This case serves as a reminder that regulatory bodies are increasingly holding organizations accountable for lapses in data protection.

While PayPal has yet to issue an official response to the fine, the company is expected to strengthen its security policies and enhance its cyber defenses to avoid future penalties. This incident should serve as a wake-up call for all companies handling sensitive customer information. In an era of escalating cyber threats, cybersecurity cannot be an afterthought—it must be a top priority.

The PayPal data breach highlights the critical need for robust cybersecurity measures in the financial sector. Companies must invest in skilled personnel, advanced technologies, and employee training to protect customer data effectively. For users, adopting best practices like enabling 2FA and using unique passwords can help mitigate risks. As cyber threats continue to evolve, both organizations and individuals must remain vigilant to safeguard sensitive information.

Read more »
UnitedHealth cyberattack
Breach Change Healthcare data Data Breach Healthcare cybersecurity Medical Data breach Ransomware attack UnitedHealth cyberattack

UnitedHealth Confirms Change Healthcare Cyberattack Impacted 190 Million People

 

UnitedHealth Group has officially disclosed that the February ransomware attack on its subsidiary, Change Healthcare, affected approximately 190 million individuals in the U.S.—nearly twice the previously estimated figure.

The healthcare giant confirmed the revised number in a statement to TechCrunch on Friday, after market hours.

“Change Healthcare has determined the estimated total number of individuals impacted by the Change Healthcare cyberattack is approximately 190 million,” said Tyler Mason, a UnitedHealth spokesperson, in an email to TechCrunch. “The vast majority of those people have already been provided individual or substitute notice. The final number will be confirmed and filed with the Office for Civil Rights at a later date.”

UnitedHealth also stated that there is no evidence suggesting the stolen data has been misused. “The company is not aware of any misuse of individuals’ information as a result of this incident and has not seen electronic medical record databases appear in the data during the analysis,” the spokesperson added.

The cyberattack, which occurred in February 2024, stands as the most significant medical data breach in U.S. history. It led to prolonged disruptions across the healthcare sector. Change Healthcare, a leading health tech provider and claims processor, handles vast amounts of patient data, medical records, and insurance information.

Hackers behind the attack stole an extensive volume of sensitive health and insurance data, some of which was leaked online. Reports indicate that Change Healthcare paid at least two ransom payments to prevent further exposure of the compromised files.

Initially, UnitedHealth estimated the number of impacted individuals to be around 100 million when it filed a preliminary report with the Office for Civil Rights, a division of the U.S. Department of Health and Human Services that oversees data breaches.

According to Change Healthcare’s breach notification, the cybercriminals accessed and stole:

  • Names, addresses, phone numbers, and email addresses
  • Dates of birth and government-issued ID numbers (Social Security, driver’s license, passport)
  • Medical diagnoses, prescriptions, lab results, imaging, and treatment plans
  • Health insurance details
  • Financial and banking data related to patient claims
The breach has been attributed to the ALPHV ransomware group, a Russian-language cybercrime network. During congressional testimony, UnitedHealth CEO Andrew Witty revealed that attackers gained access through a stolen credential that lacked multi-factor authentication, highlighting a critical security lapse.

As the healthcare industry grapples with the aftermath, this breach underscores the urgent need for enhanced cybersecurity measures to safeguard sensitive medical data.


Read more »
Private Data
Data Breach Data Leak Elasticsearch Georgia Private Data

Private Data of Millions of Georgians Exposed in Massive Data Leak

 

A ghost database comprising millions of records on Georgian people appeared in the cloud before inexplicably vanishing. The alarming leak could make sensitive personal information available to malicious actors.

Bob Dyachenko, a cybersecurity expert and the founder of SecurityDiscovery.com, and the Cybernews research team uncovered an unprotected Elasticsearch index. Elasticsearch is a data analytics and search platform that operates in near real time. The instance was hosted on a server controlled by a German cloud service company.

The data contains a wide range of sensitive personal information regarding citizens of the Republic of Georgia. One of the exposed indices held approximately five million personal data records, while another contained more than seven million phone records with related private data. Georgia, by comparison, has a population of about four million. The data may include duplicate entries as well as records of deceased people. 

The millions of files contained data such as ID numbers, full names, birth dates, and gender, they reported. The leaked data most likely also included insurance numbers and phone numbers ‘with descriptive information about the owner’. 

The data was apparently linked with 1.45 million car owner details and 7.2 million citizen phone numbers and identities, however some of the data seems to be linked to a 2020 leak. There is no clear indication of who is in charge of overseeing the Elasticsearch index.

The server was taken offline shortly after the discovery, and the public's access to the exposed data was discontinued. But there are still millions of individuals who could be in danger. 

Given the current geopolitical environment of high tensions, polarisation, and Russian influence, the exposure of millions of Georgian citizens could have severe consequences. 

“Threat actors can weaponize personal data for both political or criminal activities. State-sponsored hackers can exploit the leak for political manipulation, disinformation campaigns, or targeted harassment. Meanwhile, profit-seeking hackers can exploit the data for various malicious activities,” Dyachenko stated.

He warns Georgians to be wary of potential identity theft and fraud efforts, as cybercriminals may attempt to mimic individuals or use other social engineering techniques to hijack accounts and carry out financial crimes.
Read more »
VPN breach
cyber espionage Data Breach IPany VPN malware infection PlushDaemon hackers SlowStepper malware Supply Chain Attack VPN breach

IPany VPN Compromised in Supply Chain Attack Deploying Custom Malware

 

South Korean VPN provider IPany fell victim to a supply chain attack orchestrated by the China-aligned hacking group "PlushDaemon." The attackers compromised IPany's VPN installer, embedding a custom malware named 'SlowStepper' into the installer file, affecting customers upon installation.

ESET researchers discovered that the attackers infiltrated IPany's development platform and modified the installer file ('IPanyVPNsetup.exe') to include the SlowStepper backdoor. Customers downloading the VPN's ZIP installer ('IPanyVPNsetup.zip') from the company's official website between November 2023 and May 2024 were impacted. Victims include a South Korean semiconductor firm and a software development company, with the first signs of infections reported in Japan.

When executed, the installer deploys the legitimate VPN alongside malicious files like 'svcghost.exe,' which ensures persistence by creating a Registry Run key. The SlowStepper payload is concealed within an image file ('winlogin.gif') and loaded through a malicious DLL ('lregdll.dll') into the 'PerfWatson.exe' process. The executable monitors this process to keep it operational.

ESET reports that the Lite version 0.2.10 of SlowStepper was used in this attack, designed for stealth with a smaller footprint while maintaining powerful spyware capabilities. The malware, developed in Python and Go, supports a range of espionage commands:

  • System Details Collection: Gathers system data like CPU information, HDD serials, public IP, webcam/microphone status, and more.
  • Payload Deployment: Fetches and executes files from a command-and-control server.
  • File Enumeration: Lists files and directories on compromised systems.
  • Spyware Execution: Runs Python-based tools for browser data theft, keylogging, and credential harvesting.
  • Interactive Control: Enables shell-mode for system commands.
  • Trace Removal: Deletes files or directories to erase evidence.
  • Spyware Modules: Loads specific Python modules to steal browser data, chat logs, and capture screens or webcam footage.
ESET explained, "Both the full and Lite versions make use of an array of tools programmed in Python and Go, which include capabilities for extensive collection of data, and spying through recording of audio and videos."

They promptly notified IPany, leading to the removal of the compromised installer from its website. However, previously infected users must clean their systems to eliminate the malware. 

Notably, the download page lacked geo-fencing, leaving users across the globe potentially vulnerable.The complete list of the indicators of compromise (IoCs) associated with this campaign can be found here
Read more »
Security Vendors
Credentials Cyber Hackers Cyberattacks CyberCrime Cybersecurity CyberThreat Darkweb Data Breach Security Vendors

Credentials of Major Cybersecurity Vendors Found on Dark Web for $10

 


As a result of recent findings on dark web marketplaces, it has been found that many account credentials from major security vendors are being sold. According to Cyble, the rise of information stealers has been largely responsible for this alarming situation, since the credentials of vendors and their clients are compromised. This poses a substantial risk to both vendors and their clients, which makes the need for enhanced cybersecurity measures more urgent than ever before. 

As a result of these credentials, which can be purchased on cybercrime markets for a mere $10, access to internal accounts, customer systems, and cloud-based environments can be acquired. This is alarming because it encompasses internal enterprise accounts of security companies as well as internal development accounts, thereby posing a severe security threat. 

The best solution would have been to protect these accounts by implementing multifactor authentication (MFA). This would have made it much harder for unauthorized individuals to gain access to these accounts in the first place. It is evident from this incident that there are critical vulnerabilities in access management practices when these protections are not in place or fail, further emphasizing the necessity of robust dark web monitoring as a proactive security measure. 

It is important to detect credential leaks early on so that organizations can minimize the risk of such exposures escalating into large-scale cyberattacks. This will prevent operational integrity from being compromised as well as stakeholder trust from being compromised. It is important to remember that even the most well-defended organizations face persistent threats and that continuous vigilance is essential to preventing those threats from happening. This is a very timely report, as Cyble's data focuses on leaks from the current year, highlighting a more urgent threat than old breaches. 

As these accounts are often associated with sensitive management and development interfaces, attackers may be able to use them to conduct reconnaissance, locate sensitive data, and exploit system vulnerabilities, thereby being able to exploit sensitive data. Even multi-factor authentication (MFA) systems are at risk of misuse because of the stolen credentials, which include company email addresses. 

It has been reported that cybersecurity vendors' credentials are becoming increasingly accessible on dark web marketplaces for as little as $10. According to the findings from Cyble, these credentials were likely harvested from information stealer logs and sold in bulk, which indicates that cybercrime targeting sensitive access data has increased significantly in recent years. In a study aimed at examining leaks occurring in 2025, all 14 vendors that were examined had exposed their customers' and internal credentials.

Among these vendors are those that mainly offer enterprise security solutions and cloud security services, as well as consumer security solutions, but Cyble did not reveal the names of the affected vendors because it wanted to protect their identities and emphasize that such a situation poses a serious risk to the integrity of the company as well as client trust. Based on the findings in this study, it is obvious that drastic security measures, as well as comprehensive monitoring, are required to prevent credential theft from occurring in the cybersecurity sector, as the threat of credential theft continues to grow. 

The researchers at Cyble did not attempt to determine whether any credentials were valid. Many of these vulnerabilities were associated with easily accessible web console interfaces, single-sign-on (SSO) logins, and other web-based account access points. The researchers concluded that vulnerabilities likely caused these leaks in potentially critical internal systems, such as password managers, authentication systems, device management platforms, or common internet services, such as Okta, GitHub, Amazon Web Services, Microsoft Online, Salesforce, SolarWinds, Box, WordPress, Oracle, and Zoom. 

There was an incident in which sensitive internal company accounts, including email addresses, developer interfaces, and product accounts of a large vendor, were exposed, posing significant risks depending on the extent of access granted to these accounts. Even if all the exposed accounts were protected by other means, as ideally they should have been, this leak is concerning for another reason. By providing threat actors with insight into how a target's systems operate, including the locations of sensitive data and potential vulnerabilities they can exploit, they can assist in conducting reconnaissance.

Hackers can also expose sensitive information by revealing URLs of management interfaces that are not publicly known, offering attackers further reconnaissance information. Monitoring leaked credentials for essential systems like security tools is necessary to prevent breaches and to hinder hackers from obtaining valuable information about an organization's systems and how to access them. The company stated that, in addition to the direct threats associated with unauthorized access, the exposed credentials could serve as a valuable asset for threat actors as a means of reconnaissance. 

Such access can provide attackers with valuable insights into the systems a potential target relies on, including the location of sensitive data and exploitable vulnerabilities, among other things. Infostealers can also uncover critical information that is not publicly disclosed, thus enhancing an attacker's ability to exploit the target's systems. 

As Cyble highlighted in its analysis, these findings have a broader impact on any organization, since even the largest cybersecurity vendors are susceptible to hacking, making any company vulnerable. Several security measures have been identified in the report, including multi-factor authentication (MFA), zero-trust architecture, effective vulnerability management, and network segmentation, as essential to ensuring the security of an organization. 

Several practices can be implemented to reduce the risk of data breaches, ransomware incidents, or other cyberattacks. This report serves as a stark reminder of the pervasive and ever-evolving nature of cyber threats, making it increasingly imperative to take proactive measures to safeguard both organizational integrity and sensitive data in the future. Finally, dark web monitoring has the potential to play a critical role in the fight against cyber threats. 

It enables the detection of credential leaks that often result in significant incidents, such as breaches of sensitive data and ransomware attacks before they fully materialize Monitoring compromised credentials associated with critical security tools and systems is crucial in preventing unauthorized access and thwarting threat actors from acquiring critical insights into an organization's infrastructure. Such reconnaissance capabilities have been shown to greatly enhance attackers' effectiveness in exploiting vulnerabilities. This study emphasizes that even the largest cybersecurity vendors are vulnerable to infostealer attacks, demonstrating that no organization can be completely protected from cyberattacks. 

To combat these risks, foundational cybersecurity measures are imperative—including multi-factor authentication (MFA), zero-trust architecture, vulnerability management, and network segmentation—to prevent cyber threats from occurring. Such strategies play a pivotal role in minimizing the risk of cyberattacks while effectively mitigating their potential consequences. This highlights the critical need for organizations to adopt a proactive, multi-layered cybersecurity approach. By doing so, they can bolster their resilience and safeguard their assets against the ever-evolving challenges of today’s complex threat environment.
Read more »
My Digital Office
Cyberattacks Cybersecurity CyberThreat Data Data Breach Have I Been Pwned Hilton Hotel Chain Hyatt Marriott My Digital Office

Otelier Security Breach Leaks Sensitive Customer and Reservation Details

 


The International Journal of Security has revealed that some of the world's biggest hotel chains have had their personal information compromised following a threat actor's attack on a program provider that serves the industry. As part of a data breach on Otelier's Amazon S3 cloud storage system, threat actors were able to steal millions of guests' personal information and reservations for well-known hotel brands like Marriott, Hilton, and Hyatt after breaching the cloud storage. 

According to the threat actors, almost eight terabytes of data were stolen from Otelier's Amazon AWS buckets during the period July 2024 through October 2024, with continued access continuing to this date until October.   Hotelier, one of the world's leading cloud-based hotel management platforms, has reportedly confirmed a data breach affecting its Amazon S3 storage that exposed sensitive information from prominent hotel brands such as Marriott, Hilton, and Hyatt through the exposure of sensitive data from its Amazon S3 storage, according to reports. 

There were reports of unauthorized access to 7.8 terabytes of data from threat actors during this period. These threats were reported as starting in July 2024 and continuing until October 2024. There has been no report of any incident at Otelier as of now, but they have reportedly suspended their operations and have entrusted an expert team to investigate the incident. 

A freelance security expert, Stacey Magpie, speculates that the stolen data may contain sensitive data like email addresses, contact information, the purpose of the guest's visit, and the length of the stay, all of which could be utilized for phishing schemes and identity theft attacks. Telier, also formerly known as "MyDigitalOffice," has not yet made an official statement regarding the breach, but it is thought that a threat group is responsible for the attack. 

By using malware, the group may have been able to gain access to an employee's Amazon Web Services credentials and then transfer the stolen data to the company's servers. A spokesperson from the company has confirmed that no payment, employee, or operational data was compromised during this incident. An Otelier employee was recently reported to have had his Atlassian login credentials stolen by malicious actors using an information stealer. 

A user with this access is then able to scrape tickets and other data, which allows the attackers to get the credentials for S3 buckets, which is where the attackers obtained the credentials. As a result of this exfiltration, the hackers managed to get 7.8TB of data from these buckets, including millions of documents belonging to Marriott. The information contained in these buckets included hotel reports, shift audits, and accounting data, among other things. 

Among the data samples offered by Marriott were reservations, transactions, employee emails, and other internal data about hotel guests. There were instances where the attackers gained the names, addresses, phone numbers, and email addresses of hotel guests. The company confirmed that through Otelier’s platform, the breach indirectly affected its systems. A forensic analysis of the incident has been conducted by Otelier as a result of the suspension of the company's automated services with Otelier, which said it had hired cybersecurity experts to do so. 

Additionally, according to Otelier, affected accounts were disabled, unauthorized access had been terminated, and enhanced security protocols had been implemented to prevent future breaches from occurring. According to Otelier, affected customers have been notified of the breach. It is said that the hackers accessed Otelier's systems by compromising the login credentials of an employee who used malware to steal information. By using these credentials, they were able to access the Atlassian server on which the company's Atlassian applications were hosted. 

These credentials allowed them to gather additional information from the company, including credentials for Amazon S3 buckets. Based on their claims, they were able to extract data, including information regarding major hotel chains, using this access. In their initial attempt to get Marriott's data, the attackers mistakenly believed that the data belonged to Marriott itself. To avoid leaking data, they left ransom notes that demanded cryptocurrency payments. Otelier rotated their credentials in September, which eliminated the attacker's access. 

There are many types of data in the small samples, including hotel reservations and transactions, employee emails, and other internal files. In addition to information about hotel guests, the stolen data also includes information and email addresses related to Hyatt, Hilton, and Wyndham, as well as information regarding the properties owned by these companies. As Troy Hunt revealed during an interview for BleepingComputer, he has been given access to a huge dataset of data, which contains 39 million rows of reservations and 212 million rows of users in total. As a result of the substantial amount of data, Hunt tells us that he found 1.3 million unique email addresses, many of which appeared several times in the data. 

As a result of the recently discovered vulnerability, the exposed data is now being added to Have I Been Pwned, making it possible for anyone to examine if their email address appears to be a part of the exposed data. The breach affected a total of 437,000 unique email addresses which originated during reservations made with Booking.com and Expedia.com, thus resulting in a total of 1,036,000 unique email addresses being affected. 

A robust data protection strategy should be implemented by businesses in the hospitality sector to minimize risks, including the implementation of effective data continuity plans, the application of regular software updates, the education of staff regarding cybersecurity risks, the automation of network traffic monitoring for suspicious activity, the installation of firewalls to prevent threats, and the encryption of sensitive information.
Read more »
PowerSchool
AWS Data Breach LummaC2 malware MFA PowerSchool

PowerSchool Data Breach Exposes Millions

 


An American education technology company, PowerSchool, is the latest giant to fall a victim of hacking and data breaches, which probably compromised millions of records of students and teachers in North America. As one of the leading providers of school records management software, PowerSchool serves 18,000 schools who manage data over 60 million students.


How the breach happened

The compromise was discovered on December 28 and was traced to a subcontractor's account. The new report said, however, that another incident of hacking-a compromise of the access of a PowerSchool software engineer-may have had something to do with the breach. Malware infected the engineer's computer and exfiltrated login credentials for internal systems, such as Slack, AWS, and other tools.

According to the logs retrieved by researchers, the infostealing malware known as LummaC2 was used to steal the engineer's passwords. The malware extracted saved passwords and browsing histories from the web browsers of the engineer and uploaded them to a server run by cybercriminals. The stolen credentials were shared in cybercrime groups, which further exposed PowerSchool's systems. 


What Data Was Stolen?

The hackers accessed a range of sensitive personal information, including:  

  • Social Security numbers  
  •  Student grades and demographics  
  •  Medical information  
  •  Parental access details, such as restraining orders  
  •  Records of students’ medication schedules  

School districts impacted by the breach reported that the attackers stole all historical data stored in PowerSchool’s systems.  

The lack of multi-factor authentication (MFA) on a compromised maintenance account was one key vulnerability. PowerSchool has implemented MFA and reset passwords across its customer support portal. Many of the employee credentials discovered were weak and have been exposed in other breaches.

The breach, which has underlined the threats of infostealing malware in hybrid work setups where employees operate company systems using personal devices, has left much to be expected from PowerSchool.


Response and Investigation

PowerSchool, the company concerned, is reportedly working with a cybersecurity firm named CrowdStrike for the investigation into the incident. According to them, no signs of malware have been found neither has any sign of system-layer access. But they are analyzing the stolen data.


Effects on Schools

Many school districts are operating independently to gauge the scope of the breach, relying on collective knowledge from other administrators. As the investigation continues, there are questions about PowerSchool's security measures and how it managed this extensive breach. 

Schools, parents, and educators are urged to be vigilant and ensure additional layers of security are put in place to prevent future incidents.


Read more »
teacher data breach
Data Breach edtech security historical student records PowerSchool breach school cyberattack student data breach teacher data breach

PowerSchool Faces Massive Data Breach Impacting U.S. School Districts

 

Several U.S. school districts have revealed that a recent cyberattack on education technology provider PowerSchool exposed “all” historical student and teacher data stored in their systems, according to reports shared with TechCrunch.

PowerSchool, a leading school records software platform supporting over 60 million students nationwide, fell victim to an attack in December. Hackers reportedly accessed the company’s customer support portal using stolen credentials, exposing sensitive data from K-12 schools. The breach has yet to be linked to a specific hacker or group.

While PowerSchool has not disclosed how many districts were impacted, sources at affected schools confirmed the attackers gained access to vast amounts of data.

“In our case, they got all historical student and teacher data,” one school district representative told TechCrunch. The representative noted discrepancies in PowerSchool’s timeline, suggesting the attackers had access earlier than reported.

Another source from a district serving nearly 9,000 students said, “The attackers accessed demographic data for all teachers and students, both active and historical, as long as we’ve had PowerSchool.” This source criticized PowerSchool for lacking basic security measures like multi-factor authentication (MFA).

PowerSchool spokesperson Beth Keebler neither disputed these claims nor elaborated on the company’s security practices. She confirmed that MFA is used but provided no further details.

Widespread Impact Across School Districts
School districts such as Menlo Park City School District in California confirmed the breach affected data on all students and staff, including historical records dating back to 2009. Other districts have reported similar breaches involving personal information, Social Security numbers, and teacher credentials.

Educational technology consultant Mark Racine noted that the breach may extend beyond PowerSchool’s 18,000 current customers, potentially impacting former clients. In some cases, the number of affected individuals reportedly exceeds active enrollment figures by four to ten times.

PowerSchool stated it has “identified the schools and districts whose data was involved” and is working to determine which individuals were affected. While the company claims to have taken steps to prevent further dissemination of the stolen data, it declined to specify these measures.

“While our data review remains ongoing, we expect the majority of involved customers did not have Social Security numbers or medical information exfiltrated,” Keebler told TechCrunch.

The breach has raised serious concerns about data security in education, with calls for improved safeguards to protect sensitive information from future attacks.
Read more »
Ransomware
BEC Data Breach Healthcare Manufacturing Ransomware

Cyber Breaches: Why Organizations Need to Work On the Clock

 




Cyberattacks are fast becoming a reality check for businesses worldwide, inflicting massive financial and operational losses. Besides the immediate loss of funds, cyber attacks also have an impact on an organization's reputation, hence losing out in competition. The most common threats range from theft of sensitive data to holding a system hostage using ransomware. To address such challenges, firms need to focus on preventing the most common and expensive attacks, particularly in industries that are sensitive to downtime and data loss. 


 Why Some Attacks Are More Costly

Not every attack hits businesses in the same way. Some methods, like ransomware and pretexting, stand out because of their high costs.

Ransomware Attacks: It locks organizations out of their systems until they pay the ransom. Today, reported cases of ransomware infection claim the average business lost $45,000. In some cases, the damage is higher than one million dollars. For organizations with operations dependent on continuous performance, like manufacturing or logistics, just an hour or two of lost time can mean millions in losses.

Pretexting and Business Email Compromise (BEC): Pretexting refers to the practice of deceiving employees into providing sensitive information under false pretenses. It is the primary source of BEC attacks, where cybercriminals target executives who have access to confidential information. The average case of these attacks costs organizations approximately $50,000.  


Which Industries Are at Risk?

Some industries are at higher risk because of the critical nature of their operations. 

Manufacturing: A ransomware attack on a manufacturing plant can bring the production to a standstill, delay supply chains, and disrupt relationships with suppliers. The financial and reputational costs can mount rapidly, causing companies to pay ransoms to resume operations.

Healthcare: Hospitals face a dual challenge—protecting patient data and ensuring medical equipment remains functional. Cyberattacks can leak sensitive health records or disrupt life-saving devices, putting patient lives at risk and forcing hospitals to make difficult choices.  

Interestingly, most breaches (68%) are not due to their nature of hacking but simple human mistakes. Employees often click on phishing links or send sensitive data to the wrong person by accident. These errors highlight the need for better training and stronger internal processes to reduce vulnerabilities.  


Steps to Reduce Risks  

Organizations can take several steps to minimize the financial and operational impact of cyberattacks:

1. Focus on Critical Threats: Prevent ransomware or BEC scams that are the most destructive attacks.

2. Improved Training: Train employees to recognize phishing emails and how to handle sensitive information carefully. 

3. Invest in Security: Invest in tools like threat detection systems and access controls to reduce potential damage.

4. Have a Recovery Plan: Develop clear protocols for responding to breaches, including backup and recovery systems to minimize downtime.  

 

Cybersecurity requires proactive efforts and investments. While these may seem costly initially, they spare organizations from far greater expense recoveries from breaches. By focusing on prevention, businesses can protect their resources and maintain trust in an increasingly digital world.



Read more »
Telefónica
Data Breach Infostealer Private Data Telecom Firm Telefónica

Hackers Breach Telefónica's internal Ticketing System, Stealing 2.3GB of Sensitive Data

 

The hackers employed information stealer malware to steal the credentials of several Telefonica employees and gain access to the company's internal ticketing system.

The data breach was revealed last week when members of the Hellcat ransomware group (which had previously claimed responsibility for the Schneider Electric attack) boasted on the BreachForums cybercrime website about stealing customer data, ticket data, and hundreds of files from the Spain-based telecom provider.

According to cybersecurity firm Hudson Rock, the attack was "facilitated by a combination of infostealer malware and sophisticated social engineering techniques". 

The attackers told Hudson Rock that they utilised custom infostealer malware to breach the credentials of over 15 Telefonica employees and get access to the firm's Jira platform. After getting access to the platform, the attackers apparently targeted two employees with administrator credentials, "tricking them into revealing the correct server for brute-forcing SSH access".

The perpetrators stole a list of 24,000 Telefonica staff emails and identities, 500,000 summaries of internal Jira issues, and 5,000 internal documents, which included internal email chats and other contents. The stolen data could expose Telefonica personnel to phishing and other forms of social engineering attacks, as well as operational details, security flaws in the company's infrastructure, strategic goals, and other sensitive internal information. 

Hudson Rock claims that last year, 531 employee PCs connected to Telefonica's network were infected with infostealers, possibly exposing company credentials on each machine. Additionally, it seems that the company did not implement corporate infrastructure password policies that were robust. 

“For the URL linked to the initial access, the passwords were even weaker, indicating that it wouldn’t have taken an infostealer infection for hackers to brute force their way in,” the cybersecurity firm noted.

In other cases of infostealer infections, Telefonica employees' credentials to third-party services such as Fortinet, Office 365, and Salesforce were stolen.

“These infections provide hackers with the necessary credentials to infiltrate systems and, as demonstrated in this case, can be leveraged to expand access further through sophisticated social engineering tactics. Infostealers serve as a stepping stone for more advanced attacks, making them a significant concern for organizations worldwide,” Hudson Rock added.

In response to a local media outlet's request, Telefonica confirmed the incident but declined to provide any other details on the potentially compromised data.

“We have become aware of an unauthorized access to an internal ticketing system which we use at Telefónica. We continue to investigate the extent of the incident but can confirm that Telefónica´s residential customers have not been affected. From the very beginning, we have taken the necessary steps to block any unauthorized access to the system,” Telefonica stated. 

Telefonica, a multinational telecommunications firm headquartered in Madrid, Spain, operates in a dozen countries worldwide under various brands such as Movistar, O2, Telefonica, Telxius, and Vivo.
Read more »
Emails Phishing
Cyber Breach Cyber Scams CyberCrime Cybersecurity CyberThreat Data Breach Email Fraud email encryption Emails Phishing

Encryption Key Breach Sparks Concerns Over Cybersecurity

 



Cybersecurity experts have raised alarms over a surge in cyberattacks targeting freemail users, driven by artificial intelligence (AI). Hackers are leveraging AI to craft sophisticated phishing scams and fraudulent notifications that are harder to detect. These deceptive messages often appear to originate from legitimate Google addresses, making them more convincing.

Some attacks involve AI-generated or human-impersonated phone calls using authentic-looking Google phone numbers and links to genuine-looking Google pages. Kirill Boychenko, an analyst at Socket's Threat Intelligence team, reported discovering malicious package managers designed to extract Solana private keys through Gmail by intercepting wallet interactions and routing the data via email.

Boychenko emphasized that Gmail's widespread popularity and the trust it commands make it a prime target for exploitation. Because networks typically treat traffic from smtp.gmail.com as safe, sophisticated attacks exploiting Gmail are less likely to be detected by security systems. This vulnerability allows attackers to access sensitive inbox data undetected.

Additionally, ongoing threats include attacks exploiting Google Calendar notifications through Gmail. Google has reported a rise in extortion and invoice-based phishing scams targeting Gmail users. Meanwhile, Apple has issued alerts about spyware threats for iPhone users, and a notorious ransomware group has threatened another attack on February 3.

McAfee, a leading cybersecurity firm, has also warned about the increasing risk of AI-powered phishing attacks on Gmail users. These developments highlight the urgent need for stronger cybersecurity awareness and proactive protection against evolving digital threats.

How to Identify and Avoid Email and Phone Scams

With cybercriminals employing advanced technology to target users, staying alert and informed is more crucial than ever. Recognizing and responding to suspicious emails, texts, and calls is key to safeguarding personal information and financial security.

  • Verify Senders: Be cautious with emails from unknown sources. Always check the sender’s email address for authenticity by hovering over it to reveal its actual domain.
  • Avoid Urgent Requests: Scammers often pressure victims with urgent messages asking for sensitive details like banking or credit card information. Legitimate organizations rarely make such demands via email.
  • Inspect Links Carefully: Hover over any links before clicking to confirm their destination. Scammers use slight variations in domain names (e.g., "@thisisgoodlink.com" vs. "@thisisagoodlink.support") to trick users.
  • Watch for Grammar Mistakes: Phishing emails often contain spelling errors and inconsistent formatting despite appearing polished. These inconsistencies can signal a scam.
  • Ignore Unauthorized Password Resets: Delete any password reset emails you didn’t request. Interacting with such emails could compromise your account.
  • Be Wary of Calls and Texts: Treat unsolicited calls or texts requesting personal data with suspicion. Trusted companies like Google will not call users for account issues.

Although platforms like Gmail have built-in security measures, users must remain vigilant. Awareness and proactive steps are vital in defending against increasingly sophisticated cyber threats in today's interconnected world.
Read more »
User Privacy
App security Data Breach Gravy Analytics Location data User Privacy

Global Apps Exploited to Harvest Sensitive Location Data

 


Rogue actors within the advertising industry are reportedly exploiting major global apps to collect sensitive user location data on a massive scale. This data is then funneled to a location data firm whose subsidiary has previously sold global tracking information to U.S. law enforcement agencies. 
 
Hacked files from the location data company Gravy Analytics reveal that numerous popular apps are involved in this data collection. These apps span across categories, including games like Candy Crush, dating platforms such as Tinder, pregnancy tracking tools, and religious prayer apps available on both Android and iOS. Since this data gathering occurs through the advertising ecosystem rather than direct app development, users — and even app developers — are likely unaware of these invasive practices. 

How the Data Collection Works 
 
Zach Edwards, a senior threat analyst at cybersecurity firm Silent Push, analyzed the data and shared with 404 Media, “For the first time publicly, we seem to have proof that one of the largest data brokers selling to both commercial and government clients appears to be acquiring their data from the online advertising bid stream,” rather than through embedded app code. This discovery offers rare insight into the shadowy world of real-time bidding (RTB). Historically, location data providers paid app developers to integrate tracking code that harvested user data. However, many companies now exploit the advertising ecosystem, where firms bid to place ads in apps. Data brokers can tap into this system, silently collecting users' mobile phone locations without consent. “This is a nightmare scenario for privacy,” Edwards added. “Not only does this data breach involve data scraped from RTB systems, but there’s a company out there acting recklessly, collecting and using every piece of data it encounters.” 

The compromised data from Gravy Analytics includes tens of millions of cellphone location points from users in the United States, Russia, and Europe. Some files also list specific apps associated with each data point. Upon reviewing the leaked files, 404 Media identified a wide range of popular apps implicated in this breach, including:
  • Dating Apps: Tinder, Grindr
  • Mobile Games: Candy Crush, Temple Run, Subway Surfers, Harry Potter: Puzzles & Spells
  • Transit App: Moovit
  • Health & Fitness: My Period Calendar & Tracker, MyFitnessPal
  • Social Media: Tumblr
  • Email Services: Yahoo Mail
  • Productivity Tools: Microsoft 365
  • Travel Apps: Flightradar24
  • Religious Apps: Muslim prayer apps, Christian Bible apps
  • Privacy Tools: Various VPN apps
Ironically, some users turned to VPN apps to protect their privacy, only to have their location data compromised. 

This breach highlights a dangerous loophole in the advertising ecosystem, where sensitive user data can be harvested without clear consent or awareness. The involvement of a company with a history of selling data to government agencies raises serious concerns about surveillance and misuse. As the digital world grows increasingly interconnected, this incident serves as a stark reminder of the urgent need for stronger data privacy regulations and more transparent data practices. 

Can Users Trust Their Apps Anymore? 
 
With popular and widely trusted apps implicated in this data collection scheme, users are left questioning whether their privacy is truly protected. Stronger privacy safeguards and greater accountability in digital advertising are now more critical than ever. 
Read more »
kiberphant0m
BSNL data breach CERT-In Critical Data cyberattack on BSNL cybercriminals Dark web marketplace Data Breach Data protection data security kiberphant0m

U.S. soldier linked to BSNL data breach: Arrest reveals cybercrime

 

The arrest of Cameron John Wagenius, a U.S. Army communications specialist, has unveiled potential connections to a significant data breach targeting India’s state-owned telecom provider, BSNL. The breach highlights the global reach of cybercrime networks and raises concerns about the security of sensitive data across continents. 

Wagenius, stationed in South Korea, was apprehended on December 20, 2023, for allegedly selling hacked data from U.S. telecom companies. According to cybersecurity experts, he may also be the individual behind the alias “kiberphant0m” on a dark web marketplace. In May 2023, “kiberphant0m” reportedly attempted to sell 278 GB of BSNL’s critical data, including subscriber details, SIM numbers, and server snapshots, for $5,000. Indian authorities confirmed that one of BSNL’s servers was breached in May 2023. 

While the Indian Computer Emergency Response Team (CERT-In) reported the intrusion, the identity of the perpetrator remained elusive until Wagenius’s arrest. Efforts to verify the hacker’s access to BSNL servers through Telegram communication and sample data proved inconclusive. The breach exposes vulnerabilities in telecom providers’ security measures, as sensitive data such as health records, payment details, and government-issued identification was targeted. 

Additionally, Wagenius is accused of selling call records of prominent U.S. political figures and data from telecom providers across Asia. The arrest also sheds light on Wagenius’s links to a broader criminal network led by Connor Riley Moucka. Moucka and his associates reportedly breached multiple organizations, extorting millions of dollars and selling stolen data. Wagenius’s involvement with this network underscores the organized nature of cybercrime operations targeting telecom infrastructure. 

Cybersecurity researchers, including Allison Nixon of Unit 221B, identified Wagenius as the individual behind illicit sales of BSNL data. However, she clarified that these activities differ from state-sponsored cyberattacks by groups such as Salt Typhoon, a Chinese-linked advanced persistent threat actor known for targeting major U.S. telecom providers. The case has also exposed challenges in prosecuting international cybercriminals. Indian authorities have yet to file a First Information Report (FIR) or engage with U.S. counterparts on Wagenius’s case, limiting legal recourse. 

Experts suggest leveraging international treaties and cross-border collaboration to address such incidents. As the investigation unfolds, the breach serves as a stark reminder of the growing threat posed by insider actions and sophisticated cybercriminal networks. It underscores the urgent need for robust data protection measures and international cooperation to counter cybercrime.
Read more »
Personal Data
data attacks Data Breach Data Leak data security Financial Data healthcare data breach HIPAA Medical Data Medical Data breach Personal Data

Medusind Data Breach Exposes Health and Personal Information of 360,000+ Individuals

 

Medusind, a major provider of billing and revenue management services for healthcare organizations, recently disclosed a data breach that compromised sensitive information of over 360,000 individuals. The breach, which occurred in December 2023, was detected more than a year ago but is only now being reported publicly. 

The Miami-based company supports over 6,000 healthcare providers across 12 locations in the U.S. and India, helping them streamline billing processes and enhance revenue generation. According to a notification submitted to the Maine Attorney General’s Office, the breach was identified when Medusind noticed suspicious activity within its systems. 

This led the company to immediately shut down affected systems and enlist the help of a cybersecurity firm to investigate the incident. The investigation revealed that cybercriminals may have gained access to and copied files containing personal and medical details of affected individuals. Information compromised during the breach includes health insurance details, billing records, and medical data such as prescription histories and medical record numbers. Financial data, including bank account and credit card information, as well as government-issued identification, were also exposed. 

Additionally, contact details like addresses, phone numbers, and email addresses were part of the stolen data. In response, Medusind is providing affected individuals with two years of free identity protection services through Kroll. These services include credit monitoring, identity theft recovery, and fraud consultation. The company has advised individuals to stay vigilant by reviewing financial statements and monitoring credit reports for unusual activity that could indicate identity theft. 

This breach highlights the increasing cybersecurity challenges facing the healthcare industry, where sensitive personal information is often targeted. To address these risks, the U.S. Department of Health and Human Services has proposed updates to the Health Insurance Portability and Accountability Act (HIPAA). These proposed changes include stricter requirements for encryption, multifactor authentication, and network segmentation to protect patient data from cyberattacks. The Medusind incident follows a series of high-profile breaches in the healthcare sector.

In May 2024, Ascension reported that a ransomware attack had exposed data for 5.6 million individuals. Later in October, UnitedHealth disclosed a breach stemming from a ransomware incident affecting over 100 million people. As healthcare providers continue to face cyber threats, the urgency to implement robust data security measures grows. Medusind’s experience serves as a reminder of the significant risks posed by such breaches and the importance of safeguarding sensitive information.
Read more »
UnitedHealth breach
business disruption cybersecurity trends Data Breach data breach costs Healthcare Cyberattacks IBM research UnitedHealth breach

Cyberattacks and Technology Disruptions: Leading Threats to Business Growth

 

The global average cost of a data breach soared to nearly $4.9 million in 2024, marking a 10% increase compared to the previous year, according to a report by IBM.

In late October, UnitedHealth disclosed that a significant cyberattack on its Change Healthcare subsidiary earlier in 2024 might have exposed the data of 100 million individuals. This incident is regarded as the largest healthcare data breach ever reported to federal regulators, as first reported by Healthcare Dive.

Earlier that month, the company revealed the breach had led to a financial impact of $2.5 billion over the nine months ending September 30, including $1.7 billion in direct response costs. Additionally, the business disruption caused by the attack was estimated at $705 million.

“We continue to work with customers to bring transaction volumes back to pre-event levels and to win new business with our now more modern, secure, and capable offerings,” UnitedHealth CFO John Rex stated during an earnings call. “We expect to continue to build back the business to pre-attack levels over the course of ’25 and estimate next year’s full year impact will be roughly half of the ’24 level.”

Other major companies like AT&T, Live Nation Entertainment (the owner of Ticketmaster), and Dell also reported significant data breaches in 2024.

Chubb's research highlighted that 40% of executives identified cyber breaches and data leaks as the most disruptive and financially challenging man-made threats.

The study also found that 86% of businesses either have or plan to implement business interruption coverage for risks such as cyberattacks, natural disasters, or supply chain disruptions. Of these, 53% already have coverage, while another third intend to add it within the next year.

Monitoring cyber incidents has become the most widely used tool for mitigating risks.

“Corporate leaders must take a holistic approach to simultaneously mitigate both new and old business risks effectively,” the report emphasized. “They must also develop the ability to monitor and mitigate all these risks around the clock to ensure they are effectively protected.”

The findings are based on a survey of 517 executives from various industries across the U.S. and Canada.
Read more »
Personal Information
aviation BreachForums Data Breach Data Hackers data security Data Theft Hacker attack Personal Information

ICAO Investigates Potential Data Breach Amid Cybersecurity Concerns

 

The International Civil Aviation Organization (ICAO), a United Nations agency tasked with creating global aviation standards, has disclosed an investigation into a potential cybersecurity incident. Established in 1944, ICAO works with 193 member states to develop and implement aviation-related technical guidelines. The agency announced its inquiry on Monday, following reports of unauthorized access linked to a well-known cybercriminal group targeting international organizations.  

In its statement, ICAO confirmed it is examining allegations of a security breach and has already implemented precautionary measures to address the issue. While the organization did not provide specific details, it assured the public that a comprehensive investigation is underway. Additional updates will be shared once the preliminary analysis is complete. The investigation coincides with claims by a hacker using the alias “natohub,” who posted on BreachForums, a well-known hacking forum, alleging they had accessed and leaked ICAO’s data. 

According to the claims, the leak comprises 42,000 documents containing sensitive personal information, including names, dates of birth, addresses, phone numbers, email addresses, and employment records. Another source suggested the leaked archive is approximately 2GB and contains data linked to 57,240 unique email accounts. ICAO has not verified the authenticity of these claims but has emphasized the seriousness with which it is handling the situation. 

This development follows a pattern of cyberattacks on United Nations agencies in recent years. In April 2024, the United Nations Development Programme (UNDP) launched an investigation into a ransomware attack reportedly orchestrated by the 8Base group. Similarly, in January 2021, the United Nations Environment Programme (UNEP) experienced a breach that exposed over 100,000 records containing personally identifiable information. Earlier, in July 2019, UN networks in Vienna and Geneva suffered a significant breach through a SharePoint exploit. 

That attack compromised sensitive data, including staff records, health insurance details, and commercial contracts. A senior UN official later described the incident as a “major meltdown.” These recurring incidents highlight the increasing vulnerability of global organizations to cyber threats. Despite their critical roles in international operations, such institutions remain frequent targets for cybercriminals. 

This underscores the urgent need for robust cybersecurity measures to protect sensitive data from exploitation. As ICAO continues its investigation, it serves as a reminder of the evolving threats facing international organizations in a rapidly digitizing world. Enhanced vigilance and collaboration are essential to safeguarding global systems against future cyberattacks.
Read more »
United States
Data Breach Data Privacy K-12 Schools PowerSchool United States

PowerSchool Breach Compromises Student and Teacher Data From K–12 Districts

 

PowerSchool, a widely used software serving thousands of K–12 schools in the United States, has suffered a major cybersecurity breach.

The Breach has left several schools worried about the potential exposure of critical student and faculty data. With over 45 million users relying on the platform, the breach raises serious concerns about data security in the United States' educational system. 

PowerSchool is a cloud-based software platform used by several schools to manage student information, grades, attendance, and contact with parents. The breach reportedly occurred through one of its customer support portals, when fraudsters gained unauthorised access using compromised credentials. 

Magnitude of the data breach

According to PowerSchool, the leaked data consists mainly of contact details such as names and addresses. However, certain school districts' databases might have included more sensitive data, such as Social Security numbers, medical information, and other personally identifiable information.

The company has informed users that the breach did not impact any other PowerSchool products, although the exact scope of the exposure is still being assessed. 

"We have taken all appropriate steps to prevent the data involved from further unauthorised access or misuse," PowerSchool said in response to the incident, as reported by Valley News Live. “We are equipped to conduct a thorough notification process to all impacted individuals.”

Additionally, the firm has promised to keep helping law enforcement in their efforts to determine how the breach occurred and who might be accountable.

Ongoing investigation and response 

Cybersecurity experts have already begun to investigate the hack, and both PowerSchool and local authorities are attempting to determine the exact scope of the incident. 

As the investigation continues, many people are pushing for stronger security measures to protect sensitive data in the educational sector, especially as more institutions rely on cloud-based systems for day-to-day activities. 

According to Valley News Live, PowerSchool has expressed their commitment to resolving the situation, saying, "We are deeply concerned by this incident and are doing everything we can to support the affected districts and families.”
Read more »
User Security
Data Breach Data Leak Russian State Silent Crow User Security

Silent Crow Claims Hack of Russia’s Rosreestr, Leaks Citizens’ Personal Data

 



The hacking group Silent Crow has claimed responsibility for breaching Russia's Federal Service for State Registration, Cadastre, and Cartography (Rosreestr), releasing what it describes as a fragment of the agency’s database. The leak reportedly includes sensitive personal information of Russian citizens, raising significant cybersecurity and privacy concerns.

According to the Telegram channel Information Leaks, which first reported the incident, the exposed data set contains nearly 82,000 records. These records reportedly include:
  • Full Names
  • Birth Dates
  • Residential Addresses
  • Phone Numbers and Email Addresses
  • SNILS Numbers: Russian equivalents of Social Security numbers
  • Rosreestr IDs
Silent Crow shared details of the breach via its anonymous Telegram channel on January 6, 2025, claiming the leaked data includes approximately 90,000 entries from Russia's Unified State Register of Real Estate.

Journalist Andrey Zakharov examined 15 randomly selected entries from the leaked data and confirmed their authenticity. In several cases, the leaked property addresses matched individuals' known residences. However, the dataset notably omits cadastral numbers, which could directly link properties to their owners. Zakharov suggested this omission may have been intentional to conceal the full extent of the breach.

Rosreestr has not officially acknowledged the breach, stating only that "additional checks" are underway regarding the circulating reports on Telegram. No formal confirmation or denial has been issued as of now.

Rosreestr’s Role in Investigations

Rosreestr’s real estate data has historically been instrumental for journalists and independent investigators uncovering corruption. Investigations led by the late Alexey Navalny’s Anti-Corruption Foundation (FBK) frequently utilized Rosreestr records to expose properties owned by government officials, often purchased far beyond their declared incomes.

In response to these investigations, the Russian government restricted access to property ownership data. In March 2023, Rosreestr implemented stricter privacy controls under a personal data law passed in July 2022, allowing property owner information to be disclosed only with the owner's consent.

The Rosreestr breach highlights severe vulnerabilities in the cybersecurity infrastructure of large state agencies. Silent Crow’s statement emphasized this, stating, “Rosreestr has become a vivid example of how large state structures can fall in just a few days.” The leak raises serious concerns about the protection of sensitive government data and the potential misuse of this information.

As cybersecurity threats escalate globally, this incident underscores the urgent need for robust security measures within government databases to safeguard citizen data against malicious actors.
Read more »
Subscribe to: Posts (Atom)