Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Breach. Show all posts
Telecom Firms
CISA cyber espionage Data Breach Telecom Firms

US Exposes Major Chinese Cyber-Espionage Targeting Telecom Networks

 


The United States has accused China of conducting a vast cyber espionage operation that targeted multiple telecommunications networks. The hackers allegedly stole sensitive data and intercepted communications relating to a few government and political leaders. The incident raises national security concerns, in which officials are sounding warning bells.

US officials said that Chinese state-sponsored hackers broke into the systems of several telecom companies, looking to syphon away customer call records and gain unauthorised access to communication data. In some cases, the attackers allegedly copied information sought by US law enforcement through court-approved procedures, said analysts. That's a disturbing breach of sensitive data.

This is receiving full-time investigation by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) to help targeted companies. Officials said they are only slowly learning the extent of what happened, but preliminary reports indicate a sophisticated attack that probably reaches virtually everywhere in the country.


 

Key Targets and Methods


Unnamed sources suggest that major telecom providers, including AT&T and Verizon, were among those breached. Hackers allegedly found a way into systems used for court-authorised wiretaps, bypassing security measures. Microsoft identified the group responsible as “Salt Typhoon,” a hacking collective linked to the Chinese state.


According to reports, this group had been undetected for months before exploiting vulnerabilities to gain access to sensitive communication networks. The list of allegedly targeted big fish includes former President Donald Trump, members of his family, and Vice President Kamala Harris' campaign staff. 


Impact Beyond Large Companies

The scope of the attack does not only extend to big corporations. Regional internet service providers were also targeted, which shows how the hackers covered many areas. Experts think that the attackers must have abused the wiretap systems by monitoring some specific numbers, which may give them audio data through such breaches.

 

Wider Issues and Follow-Up Investigations

US authorities have already informed dozens of affected organisations. Classified briefings have lately been conducted to enlighten lawmakers on the serious implications. Senator Ron Wyden, who attended one of the briefings described the breach as deeply concerning in regard to its implications across various sectors.

While the probe is still ongoing, more efforts have been committed toward discovering the scope of the operation. According to a State Department official, this attack highlighted vulnerabilities in telecom systems believed to have been secure, and a greater need for upgraded cyber defence mechanisms is therefore urgent.

This incident typifies the dynamic threat of state-sponsored cyberattacks with regard to challenges in safeguarding critical infrastructure. The US is to enhance its defence mechanisms and systems for better preparedness to such breaches in the future as investigations continue.

Read more »
Personal Data
Data Breach Data breaches attacks Data protection Data Theft Financial Data Hacker attack Hackers Personal Data

Set Forth Data Breach: 1.5 Million Impacted and Next Steps

 

The debt relief firm Set Forth recently experienced a data breach that compromised the sensitive personal and financial information of approximately 1.5 million Americans. Hackers gained unauthorized access to internal documents stored on the company’s systems, raising serious concerns about identity theft and online fraud for the affected individuals. Set Forth, which provides administrative services for Americans enrolled in debt relief programs and works with B2B partners like Centrex, has initiated notification protocols to inform impacted customers. The breach reportedly occurred in May this year, at which time Set Forth implemented incident response measures and enlisted independent forensic specialists to investigate the incident. 

However, the full extent of the attack is now coming to light. According to the company’s notification to the Maine Attorney General, the hackers accessed a range of personal data, including full names, Social Security numbers (SSNs), and dates of birth. Additionally, information about spouses, co-applicants, or dependents of the affected individuals may have been compromised. Although there is currently no evidence that the stolen data has been used maliciously, experts warn that it could end up on the dark web or be utilized in targeted phishing campaigns. This breach highlights the ongoing risks associated with storing sensitive information digitally, as even companies with incident response plans can become vulnerable to sophisticated cyberattacks. 

To mitigate the potential damage, Set Forth is offering free access to Cyberscout, an identity theft protection service, for one year to those affected. Cyberscout, which has over two decades of experience handling breach responses, provides monitoring and support to help protect against identity fraud. Impacted customers will receive notification letters containing instructions and a code to enroll in this service. For those affected by the breach, vigilance is critical. Monitoring financial accounts for unauthorized activity is essential, as stolen SSNs can enable hackers to open lines of credit, apply for loans, or even commit crimes in the victim’s name. 

Additionally, individuals should remain cautious when checking emails or messages, as hackers may use the breach as leverage to execute phishing scams. Suspicious emails—particularly those with urgent language, unknown senders, or blank subject lines—should be deleted without clicking links or downloading attachments. This incident serves as a reminder of the potential risks posed by data breaches and the importance of proactive protection measures. While Set Forth has taken steps to assist affected individuals, the breach underscores the need for businesses to strengthen their cybersecurity defenses. For now, impacted customers should take advantage of the identity theft protection services being offered and remain alert to potential signs of fraud.
Read more »
User Security
B2B Data Breach Data Leak Demand science User Security

Data Aggregator Breach Exposes Data of 122 Million Users

 

Pure Incubation, currently known as DemandScience, allegedly experienced a data breach earlier this year, resulting in the theft of critical data, including contact information. 

The impacted entity is a B2B demand-generation and data aggregator that collects, collates, and organises data from public sources to create a comprehensive dataset that digital marketers and advertisers can use to create rich "profiles" for lead generation or marketing material. 

Furthermore, this organisation gathered data from public and third-party sources, including full names, physical addresses, email addresses, phone numbers, employment titles and positions, and social media links. 

The alleged cause of the data breach is an unsecured system on Pure Incubation, which allowed a threat actor known as 'KryptonZambie' to sell around 132.8 million documents on BreachForums starting last February.

On the other side, the data aggregator persisted on one of the enquiries, stating that there was no evidence of a hack. However, a follow-up email asking if the leaked data samples belonged to them went unanswered.

Furthermore, the senior director of corporate communications stated that a post from a black hat hacker criminal website triggered them to activate their security and incident response systems. The company also stated that its systems are completely working and that its first investigation did not find any sign of a hack or data breach. Still, it assured every concerned party that it constantly monitored the issue. 

On August 15, 2024, KryptonZambie made the dataset available for eight credits, which is equivalent to a few dollars. This disclosure forced the company to verify the data's legitimacy. However, the confirmation stated that anyone who was exposed to the DemandScience leak did so through a system that had been discontinued two years ago. 

The 122 million unique email addresses from the stolen dataset have been added to Have I Been Pwned, and impacted subscribers will be notified of the incident. Therefore, the individuals who may have been affected by the data leak should be vigilant of any unsolicited contacts, since threat actors can already carry out targeted phishing operations.
Read more »
User Privacy
Data Breach Data Leak Employee Data MOVEit Attack User Privacy

Amazon Employee Data Leaked in MOVEit Attack Fallout

 

Amazon has confirmed that some employee data was accessed last year, presumably as part of the huge MOVEit hacking campaign. A hacker recently revealed on the BreachForums cybercrime forum that they had stolen Amazon employee information, such as names, phone numbers, email addresses, job titles, and other job-related information. 

The hacker claimed the data came from the 2023 MOVEit attack, which entailed exploiting a zero-day vulnerability in Progress Software's MOVEit file transfer software to gather sensitive information from thousands of organisations that had used the program. 

The MOVEit campaign, which is widely thought to have been carried out by the Cl0p ransomware group, impacted about 2,800 organisations and compromised the data of approximately 100 million people. 

Amazon confirmed the data theft in a statement released earlier this week, but added several important details. According to the firm, the data was obtained via a third-party property management vendor; neither Amazon or AWS systems were compromised. 

The incident impacted several of the third-party vendor's clients, including Amazon. Amazon stated that only employee work contact information, such as work email addresses, desk phone numbers, and building locations, were revealed, while other, more sensitive information, such as Social Security numbers and financial information, were not compromised. 

The hacker claims that the Amazon employee database has nearly 2.8 million records, however it is unknown how many employees are affected. The same hacker has also leaked employee data from BT, McDonald's, Lenovo, Delta Airlines, and HP. The data appears to be the result of the same MOVEit breach that targeted the same real estate services company that housed Amazon employee information.
Read more »
phishing
Data Breach Microsoft visio Perception Point phishing

Phishing Scams use Microsoft Visio Files to Steal Information

 


The latest phishing attacks involve users being victimised in private information scams through the use of Microsoft Visio files. According to a security firm called Perception Point, the trick mainly involves using the .vsdx file extension, used for business diagrams and flowcharts. It has been found that cyber attackers can embed malicious links in Visio files to circumvent most of the traditional checks a secured system carries out on users.


Why Visio files are a hacker's best friend

In particular, Microsoft Visio files are less often encountered by users due to being not as well known as other attachment types, for instance, PDFs or Word documents. This means that the files of the type Visio would be less likely to be considered suspicious by a security system, making them a good target for hackers who send phishing links secretly. All of this aside, Visio files themselves are transmitted via email attachments, which most users trust because they are all Microsoft tools.


How the Visio Phishing Attack Work


This is how the particular phishing scheme unfolds, according to Perception Point:

1. Accessed Accounts: Scammers first gain access to a legitimate account so they can use it to send their phishing email. This gives them a head over basic security checks since it is coming from a trusted source.

2. Email Content : It has an attachment which is a Visio file (.vsdx) or an Outlook email (.eml), and from what it looks like, it's authentic: probably a proposal or order for some kind of purchase.

3. Opening the File: As soon as the recipient clicks on the attachment to open it, they are taken to a SharePoint page, serving the Visio file. Thieves brand some of the hacked organisation's logos to give the document the look of authenticity.

4. Link in Visio document: Attackers will go and add a link within the Visio document titled "View Document." Users are encouraged to click with the Ctrl key in order to click on the link. It is thought that this behaviour should bypass many forms of automated security scanning. Once they have clicked on it, the victims are taken to a mock Microsoft log-in page that forces them to input their passwords, which are then stolen.


Phishing by Trusted Platforms

As Perception Point reports, phishing attacks using trusted Microsoft tools-SharePoint and Visio-have been rising alarmingly. Using credible tools creates layers of trust, which diminishes the chances of detection for phishers. Thus, Microsoft has warned users to look out for the potential abuse of its tool in phishing scams.

According to Perception Point, this phishing method utilises trusted tools from Microsoft, such as Visio and SharePoint-meaning cybercrooks adapt to evade detection. As per the same sources, these methods are designed to gain user trust and evade traditional systems in email security.

 Recommended Security Best Practices

The best practices to mitigate such advanced phishing are as follows for both organizations and individual users:
There is verification of the sender's identity before opening attachments from unknown or unfamiliar contacts.

Enable multi-factor authentication: In addition to the extra security multi-factor authentication has in place, it will be much harder for hackers to access your accounts without any kind of authentication

Stay updated on phishing techniques: Educate the employees to become aware of recognizing and avoiding attempts from hackers.

Advanced Email Security Tools: Implement tools that are now specifically designed to monitor unusual file types, including Visio files, with the aim of detecting emerging phishing strategies.

In this day and age of phishing scams, staying abreast and refreshing security protocol can definitely go a long way.



Read more »
User Security
American Firm Data Breach Data Leak Hot Topic User Privacy User Security

Hot Topic Data Breach Exposes Private Data of 57 Million Users

 

Have I Been Pwned warns that an alleged data breach compromised the private data of 56,904,909 Hot Topic, Box Lunch, and Torrid users. Hot Topic is an American retail franchise that specialises in counterculture-themed clothes, accessories, and licensed music merchandise. 

The firm has approximately 640 stores in the United States and Canada, mostly in shopping malls, with a large customer base.

According to HIBP, the exposed information includes full names, email addresses, birth dates, phone numbers, physical addresses, transaction history, and partial credit card data for Hot Topic, Box Lunch, and Torrid users. 

On October 21, 2024, a threat actor known as "Satanic" claimed responsibility for the security incident on BreachForum. The threat actor claims to have siphoned 350 million user records from Hot Topic and its subsidiaries, Box Lunch and Torrid. 

"Satanic" attempted to sell the database for $20,000 while also demanding a $100,000 ransom from Hot Topic to remove the ad from the forums. According to a HudsonRock report published on October 23, the intrusion could be the result of an information stealer malware infection that acquired credentials for Hot Topic's data unification service. 

While Hot Topic has stayed silent, and no notifications have been issued to potentially impacted users, data analytics firm Atlas Privacy revealed last week that the 730GB database impacts 54 million users. Atlas further highlighted that the collection contains 25 million credit card numbers encrypted with a poor cypher that can be easily broken by current computers. 

Although Atlas is not positive that the database belongs to Hot Topic, it did note that approximately half of all email addresses had not been seen in previous breaches, adding to the authenticity of the threat actor's claims. According to Altas, the hack appears to have occurred on October 19, with data ranging from 2011 until that date. 

The company has set up a website where Hot Topic consumers can see if their email address or phone number was compromised in the data breach. Meanwhile, the threat actor continues to offer the database, albeit for a lower cost of $4,000. Potentially impacted Hot Topic consumers should be wary of phishing attacks, keep track of their financial accounts for strange activity, and change their passwords on all platforms where they use the same credentials.
Read more »
Third Party App
Data Breach Data Leak Data Privacy Telecom Firm Third Party App

Hacker Claims to Publish Nokia Source Code

 

The Finnish telecoms equipment firm Nokia is looking into the suspected release of source code material on a criminal hacking site. See also: Gartner Market Guide for DFIR Retainer Services.

An attacker going by the handle "IntelBroker," who is also the proprietor of the current iteration of BreachForums, revealed on Thursday what he said was a cache of "Nokia-related source code" stolen from a third-party breach. The data consists of two folders: "nokia_admin1" and "nokia_etl_summary-data."

IntelBroker initially stated in a Last week's BreachForums post that he was selling the code, characterising it as a collection of "SSH keys, source code, RSA keys, Bitbucket logins, SMTP accounts, Webhooks, and hardcoded credentials."

A Nokia spokesperson stated that the company is "aware of reports that an unauthorised actor has alleged to have gained access to certain third-party contractor data, and possibly Nokia data." We will continue to constantly watch the situation." Last week on Tuesday, the hacker told Hackread that the data would cost $20,000.

IntelBroker told Bleeping Computer that the data came from Nokia's third-party service provider SonarQube. The hacker claimed to have gained access using a default password. SonarQube did not immediately reply to a request for comment.

In 2023, IntelBroker published online data stolen from a health insurance marketplace used by members of Congress, their families, and staffers. Earlier this year, he sparked a probe at the Department of State by uploading online papers purportedly stolen from government contractor Acuity. 

Third-party breaches at major firms are becoming more regular as companies improve their own cyber defences. Earlier this year, a slew of well-known brands, including AT&T, Ticketmaster, Santander Bank, automotive parts supplier Advance Auto Parts, and luxury retailer Neiman Marcus, were hit with breaches caused by a series of attacks on their accounts at cloud-based data warehousing platform Snowflake.
Read more »
Wayne County Michigan
Cyberattack Data Breach double-extortion encryptor FreeBSD servers Interlock ransomware ransomware attacks Trend Micro Wayne County Michigan

Interlock Ransomware: New Threat Targeting FreeBSD Servers and Critical Infrastructure Worldwide

 

The Interlock ransomware operation, launched in late September 2024, is increasingly targeting organizations around the globe. Distinctly, this new threat employs an encryptor specifically designed to attack FreeBSD servers, a relatively uncommon tactic among ransomware groups.

Interlock has already affected six organizations and publicly leaked stolen data after ransoms went unpaid. One prominent victim, Wayne County in Michigan, experienced a cyberattack early in October, adding to the list of affected entities.

Details about Interlock remain limited, with early reports emerging from cybersecurity responder Simo in October. Simo's analysis noted a new backdoor associated with the ransomware, discovered during an investigation on VirusTotal.

Shortly after, MalwareHunterTeam identified a Linux ELF encryptor related to Interlock. Upon further examination, BleepingComputer confirmed that this executable was built specifically for FreeBSD 10.4, though attempts to execute it in a FreeBSD environment failed.

Although ransomware targeting Linux-based VMware ESXi servers is common, an encryptor for FreeBSD is rare. The now-defunct Hive ransomware, disrupted by the FBI in 2023, was the only other known operation with a FreeBSD encryptor.

Trend Micro researchers shared additional samples of the Interlock FreeBSD ELF encryptor and a Windows variant, noting that FreeBSD is often used in critical infrastructure. This likely makes it a strategic target for Interlock, as attacks on these systems can lead to significant service disruptions.

Trend Micro emphasizes that Interlock’s focus on FreeBSD infrastructure allows attackers to disrupt essential services and demand high ransoms, as these systems are integral to many organizations’ operations.

It is important to note that Interlock ransomware is unrelated to any cryptocurrency token of the same name.

While BleepingComputer encountered issues with running the FreeBSD encryptor, they successfully tested the Windows version, which performed actions like clearing event logs and deleting the main binary using rundll32.exe if self-deletion is enabled.

When encrypting files, Interlock appends the .interlock extension and generates a ransom note titled "!README!.txt" in each affected folder. The note explains the encryption, threats, and includes links to a Tor-based negotiation site where victims can communicate with the attackers. Each victim receives a unique ID and email for registration on this negotiation platform.

During attacks, Interlock breaches networks, steals sensitive data, and then deploys the encryptor to lock down files. The data theft supports a double-extortion scheme, with threats to leak data if ransoms—ranging from hundreds of thousands to millions of dollars—are not paid.
Read more »
Tech Industry
Data Breach data security Hacker attack NordVPN Retail Industry SMBs Tech Industry

Why Small Businesses Are Major Targets for Cyberattacks and How to Defend Against Them

 

Recent research by NordPass and NordStellar, backed by NordVPN, has shed light on small private businesses being prime targets for cybercriminals. After analyzing around 2,000 global data breaches over two years, they found that retail and technology sectors, particularly small companies in the U.S., were highly attractive to hackers.  

Small- and medium-sized businesses (SMBs) are especially vulnerable due to limited cybersecurity resources and sometimes underestimating their value to hackers. Cybercriminals exploit common weaknesses like poor password practices, phishing attacks, and malware infections. Even technology firms—often thought to be well-protected—are at risk when human error allows hackers to bypass their defenses. 

One reason hackers favor small businesses is the prevalence of reused and weak passwords. Many attacks are untargeted; instead, hackers run credential-surfing or dictionary attacks across broad sets of data. When employee credentials are found in leaked databases, they provide easy entry points for cyberattacks, often resulting in financial and reputational damage that can be catastrophic for smaller firms. 

To protect against such threats, businesses are advised to adopt several practices. One essential tool is using a Virtual Private Network (VPN), which encrypts internet traffic, safeguarding remote employees who may connect via public Wi-Fi. This encryption layer prevents hackers from intercepting sensitive data, ensuring businesses and employees remain protected in various working environments. 

In addition to VPNs, companies can enhance security by employing password managers, which generate strong, unique passwords. Passwords are often the first line of defense, and using complex ones significantly reduces the risk of unauthorized access. Cybersecurity audits, ideally conducted by third-party experts, also play a vital role. These audits help uncover vulnerabilities and reinforce trust with customers by demonstrating the company’s dedication to data security. 

Employee training is another effective line of defense, as human error is a common cause of data breaches. Many incidents occur when employees fall for phishing scams or fail to follow security best practices. Regular cybersecurity training ensures staff are better equipped to recognize and avoid threats, thereby reducing potential risks. 

By implementing these protective measures, small businesses can better shield themselves from cyber threats. In today’s digital landscape, investing in cybersecurity isn’t just a precaution; it’s essential for the long-term viability of any business, big or small.
Read more »
ransomware attacks
Columbus Data Breach CyberCrime Cyberhackers Cybersecurity CyberThreat Data Breach ransomware attacks

Columbus Data Breach Affects 500,000 in Recent Cyberattack

 


In July, a ransomware attack on Columbus, Ohio, compromised the personal information of an estimated 500,000 residents, marking one of the largest cyber incidents to affect a city in the United States in recent years. There has been great interest in the attack linked to the Rhysida ransomware group due to the extent of the data stolen as well as the controversy surrounding the city's response. 

The City of Columbus, the state capital of Ohio, has confirmed that hackers stole data from 500,000 residents during a ransomware attack in July, locking them out.  The City of Columbus confirmed in a filing with the state attorney general that a "foreign cyber threat actor" had infiltrated the city's network to access information about residents, including their names, dates of birth, addresses, ID documents, Social Security numbers, and bank accounts.  

With a population of 900,000 people, the city in Ohio has the largest population of any municipality in the state, with around half a million people affected by the flooding, but the exact number of victims has yet to be determined.  In a regulatory filing, the city revealed that it had "thwarted" a ransomware attack on July 18 of this year, which was the effect of disconnecting its network from the internet to thwart the attack. This attack has been claimed by the Rhysida ransomware group, which specializes in crypto-ransomware attacks.

Cybercriminals believed to be connected to Russian threat actors sought a ransom from Columbus in the initial stages of the attack, claiming that 6.5 TB of data was stolen by this group. It is alleged that Rhysida introduced 3.1 TB of data from this database to the dark web leak site after negotiations with the city failed. A significant data breach in the public sector has occurred within the last two years as a result of this exposure. 

 According to Rhysida, the ransomware gang, the attack occurred the same day. They claim they have stolen databases containing 6.5 TB of data, including information about staff credentials, video feeds from the city camera system, and server dumps, along with other sensitive data. There has been no increase in the amount of stolen data that is now being published on the dark web leak portal of the gang because they failed to extort the City. Some 45% of the stolen data includes 260,000 documents (3.1 TB) on this portal. 

There was no need to be concerned about the leak of the data because the data was "encrypted or corrupted" as the mayor of Columbus Andrew Ginther said in his statement to the Columbus media. As a result, David Leroy Ross (aka Connor Goodwolf) of the Security Research Group, a British security research company, refuted the Mayor's claim by sharing some samples of the leaked data with press outlets, which showed that it contained unencrypted personal information belonging to city employees, residents, and visitors. 

As of early August, Columbus had filed a lawsuit against security researcher David Leroy Ross, escalating the situation to a point where it became an extreme situation. In an announcement to the local media, Ross, who goes by the username "Connor Goodwolf", reported that residents' personal information had been uploaded on the dark web. According to the disclosure, Columbus officials had earlier claimed that only unusable, corrupted data had been stolen, which was contrary to the new disclosure.

The first cyber analysts to investigate the stolen data discovered a significant volume of sensitive files among them databases, password logs, cloud management files, employee payroll records, and even footage culled from city traffic cameras in the aftermath of Ross's revelations. In response to this attack, the city said it has committed to improving its cybersecurity protocols in the future to prevent similar attacks from happening again. 

In Columbus, a town of approximately 915,000 people, the Maine Attorney General's Office received a report from the city informing them that the breach may affect approximately 55% of its citizens. Those affected by this tragedy will receive two years of free credit monitoring and identity protection services as a gesture of goodwill from the city. The city of Columbus has been put under increasing public pressure to ensure that data is protected and transparent communications about the extent of the breach are made in light of rising public pressure. As a result of the City's lawsuit, Goodwolf is alleged to have spread stolen data illegally and negligently. 

There was a request for monetary damages with a request for a temporary restraining order and a permanent injunction, and the researcher was ordered to stop further dissemination of the leaked data to prevent future disclosures. It was decided in December 2011 that a temporary restraining order would be issued in Franklin County prohibiting Goodwolf from downloading and disseminating the data they stole from the City.

The City had previously claimed that the leaked data was useless, but as shown in breach notification letter samples filed with the Maine Attorney General's Office, despite its claims, it informed 500,000 people in early October that some of their financial and personal information had been stolen and published on the dark web by those who stole it. There has been a breach of the City information system, according to the breach notification letters, which include your personal information, including your first and last name, date of birth, address, bank account information, driver's license number, Social Security number, and other identifying information that may have been included as a result of the incident. 

Although the City has yet to find evidence of the misuse of its data, it warns those affected by this breach to keep a close eye on their credit reports and financial accounts to ensure no suspicious activity is taking place. It is now also offering 24 months of free 24 months of monitoring of credit and identity, provided by Experian IdentityWorks, as well as identity restoration services provided by Experian.
Read more »
Zero-click vulnerability
cloud storage security Data Breach malware infection network storage flaw Pwn2Own hack Ransomware attack Synology NAS Synology Photos app Synology QuickConnect Zero-click vulnerability

Zero-Click Vulnerability in Popular NAS Devices Exposes Millions to Cyber Attacks

 

A widely used device and application for storing documents, trusted by millions of users and businesses globally, has been found to have a vulnerability. A team of Dutch researchers revealed that this zero-click flaw could potentially compromise many systems worldwide.

This flaw, termed "zero-click" because it requires no user interaction to trigger, affects Synology's photo application, a default program on network-attached storage (NAS) devices from the Taiwanese company. Through this vulnerability, attackers could gain unauthorized access to these devices, allowing them to steal files, plant malicious code, or install ransomware, which could lock users out of their data.

The Synology Photos app comes pre-installed on Synology’s BeeStation storage devices and is also popular among users of their DiskStation models. These NAS devices enable users to expand storage via add-on components. Since 2019, Synology and other NAS brands have frequently been targeted by ransomware groups. Recently, DiskStation users have reported specific ransomware attacks. The vulnerability was uncovered by Rick de Jager, a security researcher with Midnight Blue in the Netherlands, during the Pwn2Own hacking event in Ireland. De Jager and his team identified hundreds of thousands of vulnerable Synology NAS devices online, although they warn that the real number of at-risk devices is likely in the millions.

The researchers, alongside the Pwn2Own organizers, alerted Synology about the flaw last week.

Network-attached storage systems are attractive targets for cybercriminals due to the large volumes of data they store. Many users connect their NAS directly to the internet or utilize Synology’s cloud storage for backup. Although security credentials can be required to access the devices, this specific zero-click flaw in the photo app doesn’t require authentication. Attackers can exploit it remotely over the internet, granting them root access to execute malicious code on the device.

The photo app allows users to organize images and provides attackers easy access whether the NAS is connected directly to the internet or via Synology’s QuickConnect, which offers remote access. Once an attacker compromises one cloud-connected Synology NAS, it becomes easier to identify others, thanks to how the system registers and assigns IDs.

The researchers found several cloud-connected Synology NAS devices linked to U.S. and French police departments, as well as numerous law firms in North America and France. Other compromised devices were used by logistics and oil companies in Australia and South Korea, along with maintenance firms in South Korea, Italy, and Canada, serving industries like energy, pharmaceuticals, and chemicals.

“These organizations store a range of critical data, including management documents and sensitive case files,” Wetzels said.

Beyond ransomware, the researchers warn of other threats, such as botnets, which infected devices could join to assist in hiding broader hacking operations. The Chinese Volt Typhoon group, for example, previously used compromised home and office routers to mask espionage activities.

Synology has not responded publicly to requests for comment, but on October 25, the company issued two security advisories marking the vulnerability as “critical.” Synology confirmed the discovery was made during the Pwn2Own contest and released patches for the flaw. However, without automatic updates on NAS devices, it is unclear how many users are aware of or have implemented the patch. Releasing the patch also increases the risk that attackers could reverse-engineer it to exploit the vulnerability.

While finding the vulnerability independently is challenging, “it’s not hard to connect the dots from the patch,” Meijer explained.
Read more »
Trending Cyberattack news
blockchain breach Breach Incidents Data Breach News Trending Cyberattack news

Researchers Develop Blockchain-Based Federated Learning Model to Boost IoT Security

 

In a groundbreaking development for Internet of Things (IoT) security, a team of researchers led by Wei Wang has introduced a novel distributed federated intrusion detection system. The study, published in Frontiers of Computer Science and co-published by Higher Education Press and Springer Nature, addresses key challenges in protecting IoT networks from sophisticated cyber-attacks. IoT devices have long been vulnerable to cyber intrusions, and traditional, centralized models of training detection algorithms often come with risks, including high communication costs and potential privacy leaks. 

They also struggle to identify new, unknown types of attacks. The research team’s new approach aims to overcome these issues by using federated learning, a decentralized method where data is processed locally rather than on a central server. 
This approach enhances privacy and minimizes communication expenses. To strengthen the security of their detection model, the team integrated a blockchain-based architecture into the federated learning system. 

In this setup, all participating entities conduct model training on their devices and upload only the model parameters to the blockchain. This design creates a secure, distributed environment for collaborative model verification. A proof-of-stake consensus mechanism is implemented, ensuring that only trustworthy entities contribute to the training process, effectively blocking out malicious participants. 

A unique aspect of this method is its ability to detect unknown attack types. Each device in the system uses an end-to-end clustering algorithm that relies on spatial-temporal data differences to identify new types of intrusions. Tests conducted on the AWID dataset showed that this model outperforms previous detection techniques, offering enhanced security and accuracy in identifying novel threats. The research team views this development as a significant step toward more secure IoT networks. 

“The integration of blockchain with federated learning brings a new level of security and adaptability to intrusion detection,” the team noted. 

Looking ahead, the researchers plan to focus on refining the model’s efficiency to support real-time detection needs in IoT systems. This study highlights the potential of blockchain-based federated learning as a robust defense against cyber threats in the expanding IoT ecosystem.
Read more »
Social Security Number
Data Breach Digital Security Passwords Sensitive data Social Security Number

Why Ignoring Data Breaches Can Be Costly




Data breaches are now more rampant than ever, exposing passwords and payment details to hackers. You could be getting breach alerts that pop up every so often, warning you that your data has been exposed. It's a wake-up call on how rampant the breaches are.

A Persistent Problem 

Data breaches have become part of our online lives. From credit card numbers to social security information, hackers never cease their attempts to access sensitive data. In fact, many breaches are financially driven, and about 95% of cyberattacks aim for money or valuable information. Still, despite all the news every day, companies often do not realise they have been breached until almost six months pass. The average time to discovery is 194 days according to Varonis. Therefore, the attackers have sufficient time to use the information before the companies can even initiate their response.

Rise of Breach Blindness

Over time, exposure to breach after breach has created "breach blindness," as if these alerts do not matter anymore. Since most of the time, nothing immediate happens, it is easy to scroll past breach notifications without thinking twice. This apathy is dangerous. Such a lack of care could mean stolen identities, financial fraud, and no one holding the companies accountable for their inability to protect the data.

When companies lose money as a result of these breaches, the consumer pays for it in the form of higher fees or costs. IBM reports that the worldwide average cost of a data breach is nearly $5 million, a 10% increase from last year. Such a high cost is a burden shared between the consumer and the economy at large.

How to Protect Your Data

Although companies are liable for securing data, there are various measures that can be undertaken personally. The first and most obvious measure is that your account should have a very strong and unique password. Hackers rely on frequently used, weakly protected passwords to bypass most accounts. Changing them with complexity makes it even more challenging for attackers to bypass and get to compromising your data.

It is much important to stay vigilant nowadays with data breaches being as common as a part and parcel of the internet. This breach, little by little, erodes privacy online and security. Stop pretending not to know those prompts; take them as warnings to check on your web security and work on strengthening it if needed. The one thing to do with all this is to keep apprised so as to not be taken in on the hook.




Read more »
Data Safety and Protection
AI Privacy CyberCrime Cybersecurity Cyberthreats Data Breach Data Removal Data Safety and Protection

When and Why to Consider a Data Removal Service

 


With the risk of data misuse and breaches increasing daily, individuals will be driven to seek reliable methods for securing their online privacy in 2024 to manage these risks. A growing number of privacy solutions are available online now, including services for removing users' data online, generating a great deal of interest. 

As a result of these services, individuals can identify and remove personal information from the internet that can lead to identity theft and other unpleasant circumstances, in some cases targeting data brokers, people searching websites, and other repositories where potentially sensitive information is readily accessible. 

There is, however, the need to evaluate the effectiveness, reliability, and value of these services, regardless of how appealing they may seem. This is a crucial step that needs to be understood by those who are considering whether to invest in these services, as well as finding out the scope of their capabilities, and what limitations they may have. 

Individuals need to judge the reality behind the promises made by data removal services before deciding whether or not such services are a worthwhile endeavour to achieve greater privacy control or if alternative methods might be more effective for making the required changes. With the widespread importance of digital privacy, as well as the increased risk it is subject to, understanding the nuances of online data removal services is vital for individuals to make informed choices regarding how to protect their personal information effectively. 

A vast amount of information about an individual is readily available on the internet today, and this has increased dramatically over the past few years as advertisers attempt to target us with ads and content based on the information they can gather about them. As well as this advances in technological advances such as artificial intelligence have compounded the situation by making it easier for cybercriminals to gather data and commit online scams across the world. 

While online privacy concerns continue to grow, data removal services offer a glimmer of hope that privacy can be preserved. It is a third-party tool that helps individuals locate online platforms and databases where their private data can be found, make sure they are removed from those platforms and curtail their digital footprints by removing these private data from those platforms. 

For data removal services to be available to the general public, they require specialized professional services that can locate and remove personal information from an array of online platforms and databases promptly. Initially, these services were developed with a strong focus on privacy protection. They worked hard to make sure that sensitive data, such as credit card numbers, driver's licenses, or other forms of personal information, was not easily accessible by anyone other than authorized parties, such as strangers, corporations, or criminals. 

Data removal services essentially function as a crew of "digital cleaners" for resolving problems in terms of data security and privacy concerns. The experts at these services have a deep understanding of data-sharing pathways and online repositories, which allow them to track down where personal information is stored across the internet, and to assist clients in either eradicating or restricting access to it as needed. 

A variety of sources, including social media platforms, online directories, websites, and a variety of data brokers, are commonly used to remove personal information from electronic domains. This usually involves removing data from their sources, including websites, social media, and data brokers. 

Here is a brief overview of the purpose and benefits of data removal services-

 A data removal service should always be able to guarantee enhanced privacy protection, in that it aims to make sure that no unauthorized parties have access to or misuse personal information. 

They are an integral part of the defence mechanism against identity theft, fraud, and data breaches that occur due to their use. There is a growing number of companies that offer services to help companies and individuals protect their sensitive information by targeting data from public records, databases, and marketing platforms. By doing so, they provide security layers that help limit who has access to sensitive information and assist them in securing it. 

As people move into an increasingly hyper-connected world, digital footprints are accumulating rapidly, and the information they leave behind can often be obsolete or irrelevant due to their rapid accumulation. To reduce this digital footprint, data removal services remove unnecessary or outdated information from these files as part of their operations. Through the minimization of online presence, these services can increase the difficulty of third parties being able to control the online activities of their users, which leads to greater control over a person's privacy online. 

A lower risk of falling victim to fraudulent schemes and receiving excessive marketing solicitations Due to the scattered nature of personal information on the internet, there is a high probability that one will fall victim to fraud or receive unwanted marketing solicitations. To mitigate this risk, data removal services manage the visibility of data, thereby reducing the chances of being contacted by marketers or malicious actors using personal details for phishing attacks, scams, and frauds. 

Many people find peace of mind in knowing that their personal information is being managed by privacy experts who are committed to protecting their privacy. As a result, clients can navigate the internet with a greater sense of security, free from the continuous worry about data misuse or privacy infringement when they are dealing with personal information online.

It is quite common for companies and data brokers to collect a wide range of personal information about us through a variety of different methods, including the users' shopping history on e-commerce sites, public records, social media profiles (including posts, likes, comments, and connections), medical records, online search history, credit card transactions, and other forms of information. There is a great deal of valuable information that advertisers can use to target their advertisements, including users' names, ages, genders, and Social Security Numbers, along with their IP address, browser cookies, and how they use the internet. 

To achieve this purpose, it is important to understand that it can be used for targeted advertising, suggesting content/products that users may find beneficial and ultimately decide to buy. Is there a benefit for the companies and data brokers who harvest their data to sell to other companies and businesses? The company sells users' data to advertisers for a profit, which is how they make money. It is a well-oiled system in which everyone benefits from the information that they provide. 

The results of having users' data exposed, however, can lead to identity theft, financial fraud, harassment (including stalking and surveillance), and social engineering attacks such as doxxing, potential discrimination, and, of course, targeted advertising, which is something most people do not like. Several benefits can be gained from using data removal services, but they also have certain limitations as well. As far as the effectiveness of the services is concerned, there is a primary concern. 

These services cannot completely guarantee that personal information will be removed from the platforms or brokers of online data, but they do have some assurances. The effort to erase data from specific sites could, however, fail for various reasons, including data breaches, data mining activities, or newly updated public records which might reappear when the site is updated. The use of a data removal service, on the other hand, does not provide a comprehensive, one-time solution to the problem of data loss. 

A data removal service usually targets companies that sell search engine optimization and data analytics software, which means they have limited ability to remove "public" data - that is, any information that is publicly available through government records, social networking sites, and news publications. Publicly available data, such as information found in government records, social media posts, or news publications, remains accessible despite data removal efforts. This underscores a critical limitation in the scope of data removal services, as they are unable to remove information classified as public.

The persistence of this data online reflects the inherent challenges these services face in fully securing individual privacy across all platforms. Cost considerations also play a significant role in evaluating the viability of data removal services. Typically, these services charge subscription fees that can range from moderate to significant monthly costs, often amounting to several tens of dollars. 

While they strive to protect personal information, they cannot guarantee complete data removal from all sources. This limitation is not due to a lack of effort but rather the complexities involved in tracking and controlling data spread through diverse online channels, some of which are continually refreshed or redistributed by third parties. Consequently, for individuals or businesses considering data removal services, it is important to weigh these costs against the limitations and partial protections offered, ensuring that the service aligns with their privacy needs and risk tolerance.
Read more »
User Privacy
BlackCat Change Healthcare Data Breach Medical Data User Privacy

UnitedHealth Claims Data of 100 Million Siphoned in Change Healthcare Breach

 

UnitedHealth has acknowledged for the first time that over 100 million people's personal details and healthcare data were stolen during the Change Healthcare ransomware assault, making it the largest healthcare data breach in recent years. 

During a congressional hearing in May, UnitedHealth CEO Andrew Witty warned that the attack had exposed "maybe a third" of all Americans' medical data.

A month later, Change Healthcare issued a data breach notification, stating that the February ransomware assault had exposed a "substantial quantity of data" for a "substantial proportion of people in America.” 

Last week, the U.S. Department of Health and Human Services Office for Civil Rights data breach portal increased the overall number of affected people to 100 million, marking the first time UnitedHealth, Change Healthcare's parent company, published an official number for the breach. 

Change Healthcare has sent out data breach alerts since June stating that a huge amount of sensitive information was stolen during the February ransomware assault, including: 

  • Health insurance information (including primary, secondary, or other health plans/policies, insurance firms, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers); 
  • Health information (such as medical record numbers, providers, diagnoses, medications, test results, images, care, and therapy); 
  • Personal information may include billing, claims, and payment information, as well as Social Security numbers, driver's licenses, state ID numbers, and passport numbers.

The information may differ for each person, and not everyone's medical history was disclosed. 

Change healthcare breach 

This data breach was prompted by a February ransomware attack on UnitedHealth subsidiary Change Healthcare, which resulted in severe outages across the US healthcare system. 

The disruption to the company's IT systems prevented doctors and pharmacists from filing claims, as well as pharmacies from accepting discount prescription cards, forcing patients to pay full price for their drugs.

The attack was carried out by the BlackCat ransomware group, also known as ALPHV. They used stolen credentials to get access to the company's Citrix remote access service, which did not have multi-factor authentication activated. 

During the attack, threat actors took 6 TB of data and ultimately encrypted network devices, forcing the organisation to shut down IT infrastructure in order to prevent the attack from propagating further.

UnitedHealth Group acknowledged paying a ransom to get a decryptor and have the threat actors delete the stolen data. The alleged ransom payment was $22 million, according to the BlackCat ransomware subsidiary that carried out the attack.

This ransom payment was meant to be shared between the affiliate and the ransomware operation, but the BlackCat abruptly stopped down, taking the entire payment and committing an exit scam. 

However, this was not the end of Change Healthcare's issues, since the affiliate claimed to still have the company's data and did not delete it as agreed. The affiliate collaborated with a new ransomware operation known as RansomHub and began releasing some of the stolen data, demanding an additional payment for the data not to be leaked.

The Change Healthcare entry on RansomHub's data breach site inexplicably removed a few days later, suggesting that UnitedHealth paid a second ransom demand. 

UnitedHealth said in April that the Change Healthcare ransomware assault resulted in $872 million in losses, which were included in Q3 2024 earnings and are estimated to total $2.45 billion for the nine months ending September 30, 2024.
Read more »
Mexican Users
Cybernews Data Breach Data Leak Data Safety User Data Data Visualisation healthcare data breach Mexican Users

Massive Data Breach in Mexican Health Care Sector Exposes 5.3 Million Users’ Data

 

In a significant data breach, Cybernews researchers discovered a 500GB unprotected database from a Mexican health care company on August 26, 2024, exposing sensitive details of approximately 5.3 million people. Information in the leak included names, CURP identification numbers, phone numbers, email addresses, and details of payment requests. This security lapse occurred due to a misconfigured Kibana visualization tool, which left the database publicly accessible. While health records were reportedly not taken, the exposed CURPs (Mexican ID numbers akin to Social Security numbers) create risks for identity theft and phishing attacks. 

The breach has been attributed to Ecaresoft, a Texas-based firm specializing in cloud-based Hospital Information Systems, which provides services like Anytime and Cirrus. Over 30,000 doctors and 65 hospitals rely on Ecaresoft’s solutions for scheduling, inventory management, and patient data handling. However, a lapse in securing this information has now exposed users to heightened cybersecurity risks. Besides personal details, the exposed database included patients’ ethnicities, nationalities, religions, blood types, dates of birth, and gender, along with specifics about medical visits and fees. Although hackers were not directly responsible for this breach, the open database left users’ data vulnerable to any threat actors actively scanning for unsecured files online. 

Ecaresoft has yet to release a statement addressing the issue. As the database has since been removed from public access, it remains unclear how long it was available or if the affected users are aware of the potential risk. The breach highlights a common yet preventable security oversight, where sensitive data left unprotected can be indexed by search engines or accessed by unauthorized parties. This incident underscores the broader importance of robust password management and server configuration practices. Past cases, such as Equifax’s breach in 2017 caused by the use of “admin” as a password, illustrate how easily weak configurations can lead to large-scale data theft. Such security lapses continue to raise awareness of the need for secure, authenticated access in cloud-based and digital health care systems. 

Data security in health care remains a global challenge as hospitals and medical systems rapidly digitize, exposing user data to increasingly sophisticated cyber risks. As this incident reveals, health organizations must adopt robust security measures, such as regularly auditing databases for vulnerabilities and ensuring all access points are secure.
Read more »
Tech Companies
APT29 cloud storage Data Breach Securities and Exchange Commission Tech Companies

Top Tech Firms Fined for Hiding SolarWinds Hack Impact

 



The US Securities and Exchange Commission fined four major technology companies-Unisys Corp, Avaya Holdings, Check Point Software, and Mimecast—for allegedly downplaying the severity of the cybersecurity risks they faced as a result of the notorious SolarWinds hack. The companies have been accused of giving misleading information to investors regarding the severity of breaches connected with the attack on SolarWinds Orion software in 2020.

Companies Made Deceptive Filings

 The companies that had engaged in either direct or indirect deception of the extent and effect of the attacks to the investors. Settlement has been reached by these companies and they will have to pay civil penalties that include $4 million to be paid by Unisys, $1 million by Avaya, Check Point Software with a $995,000 penalty and $990,000 is payable by Mimecast.

The SEC said the companies knew their systems were compromised due to unauthorised access after the SolarWinds hack but reportedly downplayed the impact in public statements. For example, Unisys reportedly described cybersecurity risks as "theoretical," even when it confirmed two data breaches tied to the SolarWinds hack which exfiltrated gigabytes of data. Equally, Avaya apparently downplayed the severity of the breach when it revealed limited access to its email messages while investigators found that at least 145 files in its cloud storage were compromised.

Particular Findings on Each Company

1. Unisys Corp: The SEC noted that Unisys failed to disclose fully the nature of its cybersecurity risks even after it had suffered massive data exfiltration. Apparently, the company's public disclosures tagged such risks as "theoretical".

2. Avaya Holdings: Avaya allegedly made false statements as it reported that the minimal amount of e-mail messages has been accessed when actually, there is abundant evidence that access is further extensive to some files held in the cloud.

3. Check Point Software: The SEC charges that Check Point was conscious of the hack and used ambiguous language in order to downplay the severity of the attack, conceivably, therefore leaving investors under informed of the actual degree of the hack.

4. Mimecast: The SEC found that Mimecast had made major omissions in its disclosure, including failure to disclose the specific code and number of encrypted credentials accessed by hackers.

Background on the SolarWinds Breach

Another notably recent cyberattack is attributed to the Russian-linked group APT29, also known as the SVR, behind the SolarWinds hack. In 2019, malicious actors gained unauthorised access to the SolarWinds Orion software platform, releasing malicious updates between March and June 2020, that installed malware, such as the Sunburst backdoor in "fewer than 18,000" customer instances, though fewer were targeted for deeper exploitation.

Subsequently, many U.S. government agencies and also huge companies confirmed that they were hacked into during this breach. These include Microsoft, cybersecurity company FireEye, the Department of State, the Department of Homeland Security, the Department of Energy, the National Institutes of Health, and the National Nuclear Security Administration.

SEC's Stance on Transparency

The charges and fines by the SEC also serve as a warning to public companies to become transparent concerning security incidents that have affected the trust of their investors. The four companies thus settle on not having done anything wrong, but they experience considerable penalties that indicate how hard the SEC will be in holding organisations responsible to provide fair information about cybersecurity risk issues and incident concerns.

It, therefore, calls for tech firms to provide better information on cybersecurity issues as both investors and consumers continue to face increasingly complex and pervasive cyber threats.


Read more »
User Privacy
Data Breach Data Leak UN Documents United Nations User Privacy

Over Thousand UN Documents Linked to Gender Equality Exposed Online

 

A database believed to belong to the United Nations Trust Fund to End Violence Against Women was uncovered unsecured online, containing financial records, bank accounts, staff details, victim testimonies, and other information. 

Jeremiah Fowler, a cybersecurity researcher, uncovered the database, which contained 228 GB of information, and reported it to vpnMentor. It lacked password protection, leaving the 115,141 files displayed unencrypted and accessible to anyone with an internet connection. 

While not confirmed, the database contained data that linked it to UN Women and the UN Trust Fund to End Violence Against Women, such as letters and documents addressed to the UN and stamped with UN insignia, with a specific reference to UN Women. 

Fowler discovered scanned passport documents and ID cards in the database, as well as specific details on staff roles such as names, job titles, salary information, and tax data. 

“There were also documents labelled as “victim success stories” or testimonies,” Fowler wrote in his report. “Some of these contained the names and email addresses of those helped by the programs, as well as details of their personal experiences. For instance, one of the letters purported to be from a Chibok schoolgirl who was one of the 276 individuals kidnapped by Boko Haram in 2014.” 

It is unclear how long the database has been exposed, whether it is managed by the UN Women organisation or a third party, and whether anyone outside of the organisation has accessed it. 

Fowler outlines a number of hypothetical possibilities in which the data might be exploited, including convincing spear phishing attempts that employ customised documents to target vulnerable email accounts. The records might theoretically also be used by a threat actor to obtain a high-level grasp of the organisational and the financial framework of the company. 

The UN Women organisation has an undated scam notice on its website, although the page dates back at least to July 2022, with an update in July 2024 that includes an instruction to use the Quantum procurement verification portal. 

Fowler notified the UN Information Security team about the unprotected database, and received a response that stated, "The identified vulnerability does not belong to us (the United Nations Secretariat) and is for UN Women. Please report the vulnerability to UN Women.”
Read more »
Transak
cryptocurrency Data Breach KYC Ransomware Transak

Data Breach Exposes 93,000 Transak Users Due to Employee’s Device Misuse

 





Transak is an operation that enables users to buy cryptocurrencies using the Metamask, Binance, and Trust Wallet platforms. The company has just announced a data breach that exposed the names and identity documents of approximately 93,000 users. According to the company, the data breach happened through the misutilization of work equipment by the employee.


Facts of the Breach

The hack went through a company due to an abuse of work times by one of its employees through the use of his laptop for non-work purposes. In reality, it happened to be a malicious script run unknowingly by the employee. It gave cybercriminals access to one of the firm's third-party Know Your Customer (KYC) authentication services. It means that only 1.14% of users were affected, but even the leaked data contained sensitive personal documents like passports, ID cards, and selfies.

According to the Transak CEO, Sami Start, the leaked information was not about sensitive matters like social security numbers, bank statements, or emails. However, it's quite a serious concern in terms of privacy. The firm is terming this incident "mild to moderate" as no financial information was leaked.

 

Ransomware Group Claims Responsibility

The group behind the ransomware attack has now claimed responsibility for it and is trying to get a ransom out of Transak so that it does not publish any more of its data. It has already published parts of this stolen data online and says it has an even greater dataset, all up of over 300 GB in total, comprising sensitive personal documents, proof of address, financial statements, and so on. They have threatened to leak or sell the remaining data unless their threats are met.

However, despite the threat, Transak has not entered into negotiations with the attackers. Start averred that the company had reached out to affected customers and had also notified law enforcement agencies and relevant data regulators of the attack. He also believes that the ransomware group is inflating its report of data that they have obtained since only a subset of their KYC data was involved.


Cause and Impact

The vulnerability on the system of the KYC vendor is what hackers exploited after obtaining illegal access through the compromised employee's device, making the breach of data possible. This is an incident that brings out more sharply the risks involved when work equipment is misused or even failed to follow cybersecurity protocols. The affected employee was dismissed from the company afterward.

The CEO continued to say that the rest of the other systems were not affected within the system; the hackers had access only to this one KYC service. No other systems had been, nor would have been, compromised. Therefore, no information has leaked. Only a few rumours were spread that some other significant systems have been compromised.


Transak's Response

Transak is working with data regulators to manage the breach and is working on steps that will prevent this from happening again. The company assured its users also that there was no sensitive information stolen including one's password, credit card details, or a social security number. However, the exposure of their personal identification documents still poses risks for those affected users.

The aftermath of this incident has seen the company looking at various ways it can enhance its security measures to avoid such a breach from happening in the future. Even though the damage done is still under calculation, the response of Transak to the ransomware gang explicitly proves that latter has a stance on maintaining integrity despite the challenges posed to it by cyber-hoodlums.


The Transak data breach thus presents as a wake-up call to business by upholding proper cybersecurity in the management of work-related devices. With increased cyber-attacks on the crypto industry, businesses have to raise their mechanisms of protection for user data. Here, the hack demonstrated the possible risks that may be uncovered when security measures get badged by malicious actors.


Read more »
Subscribe to: Posts (Atom)