Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Leak. Show all posts
User Privacy
Data Breach Data Leak Healthcare Hack Medical Data User Privacy

Community Health Centre Data Breach Impacts Over 1 Million Patients

 

Over a million people have been notified of a recent data breach by Community Health Centre, a nonprofit healthcare organisation based in Middletown, Connecticut. On January 2, 2025, unauthorised activity was detected in its computer systems, and external cybersecurity specialists were hired to help with the investigation and establish the nature and scale of the unauthorised activity. 

The investigation revealed that an online criminal gained access to its computer systems and stole data from the network. The Community Health Centre did not confirm whether a ransom demand was made; however, it did state that no data was deleted from its network and no files were encrypted, therefore the incident had no effect on its daily operations.

In the statement to the Attorney General of Maine, Community Health Centre explained that "there is no current threat to our systems, and we believe we stopped the criminal hacker's access within hours." The breach initially occurred on October 14, 2024, according to the breach notice from the Maine Attorney General.

The file review is now concluded, and the Community Health Centre has confirmed that the following data may have been compromised: names, addresses, phone numbers, email addresses, dates of birth, diagnoses, test results, treatment information, health insurance information, and Social Security numbers.

Up to 1,060,936 people have been impacted, including paediatric patients, their parents, and guardians. Some of the affected individuals passed away, and notifications are being given to their nearest of kin. While the majority of affected patients are likely from Connecticut, the California Attorney General has also been notified of the data leak. 

With over 1 million records, this is the most significant healthcare data breach revealed this year. Employees at Moses-Weitzman Health System were also impacted.

According to Community Health Centre, software has been put in place to keep an eye on its systems for suspicious activity, and security has been reinforced. Community Health Centre has provided the impacted individuals with free identity theft protection services for a period of 24 months, even though there are currently no signs that any of the stolen data has been compromised.
Read more »
User Privacy
Business Security Cyber Security Data Leak Insider Threat User Privacy

Three Ways To Prevent Insider Threat Driven Data Leaks

 

The United States is poised to undergo a period of highly disruptive transformation. The incoming administration has promised to make significant changes, including forming a new body, the Department of Governmental Efficiency (DOGE), with the aim of substantially reducing the size of the government. 

Many people in our hugely polarised society are unhappy with the upcoming changes. Some will even refuse to "go down without a fight" and attempt to sabotage the shift or the new administration's prospects for success. How? One popular disruption method is to leak bits and pieces of insider information in order to distract, provoke opposition, and ultimately stall the changes.

While insider leaks can occur at any organisation and at any moment, a controversial move can be a major driver for such threats. We don't need to look far back for examples of this. After Donald Trump was elected to his first term, someone explicitly got a job as an IRS contractor so that he could leak the tax returns of key leaders, including President Trump. There was also information disclosed concerning a Trump cabinet pick. 

It's possible that this behaviour will worsen significantly. Agencies and organisations can take proactive measures to prepare for this. 

Launch an insider threat program: Nearly 80% of organisations have noticed an increase in insider threat activity since 2019, and just 30% believe they have the ability to deal with the situation. While external threats are frequently addressed, according to IBM's Cost of a Data Breach report, breaches by people within an organisation were the most costly, averaging just shy of $5 million.

Having a formal security strategy in place can safeguard sensitive data, maintain operational integrity, and ensure that your organization's communication links remain open and secure. Start by assessing your risk, establishing guidelines for data sharing and management, and installing technologies to monitor user activity, detect irregularities, and notify security teams of potential risks. 

Individualize information: Organisations can also explore using steganographic technologies to personalise the information they send to their employees. Forensic watermarking technology allows sensitive information to be shared in such a way that each employee receives a completely unique copy that is undetectable to the human eye. With this technology in place, employees are more likely to think twice before giving a secret presentation on future strategy. If a leak still occurs, the organisation can easily identify the source.

Avoid sharing files: The world must shift away from using files to share personal information. At first glance, it may appear impossible, yet changing the way organisations share information might help them preserve their most valuable information. File sharing is more than a risk factor; it is also a threat vector, as files are the source of the majority of data exfiltration risks. As a result, deleting them would naturally eliminate the threat. What are the alternatives? Using SaaS applications in which no one can download anything. This strategy also helps to safeguard against external attacks.
Read more »
Private Data
Data Breach Data Leak Elasticsearch Georgia Private Data

Private Data of Millions of Georgians Exposed in Massive Data Leak

 

A ghost database comprising millions of records on Georgian people appeared in the cloud before inexplicably vanishing. The alarming leak could make sensitive personal information available to malicious actors.

Bob Dyachenko, a cybersecurity expert and the founder of SecurityDiscovery.com, and the Cybernews research team uncovered an unprotected Elasticsearch index. Elasticsearch is a data analytics and search platform that operates in near real time. The instance was hosted on a server controlled by a German cloud service company.

The data contains a wide range of sensitive personal information regarding citizens of the Republic of Georgia. One of the exposed indices held approximately five million personal data records, while another contained more than seven million phone records with related private data. Georgia, by comparison, has a population of about four million. The data may include duplicate entries as well as records of deceased people. 

The millions of files contained data such as ID numbers, full names, birth dates, and gender, they reported. The leaked data most likely also included insurance numbers and phone numbers ‘with descriptive information about the owner’. 

The data was apparently linked with 1.45 million car owner details and 7.2 million citizen phone numbers and identities, however some of the data seems to be linked to a 2020 leak. There is no clear indication of who is in charge of overseeing the Elasticsearch index.

The server was taken offline shortly after the discovery, and the public's access to the exposed data was discontinued. But there are still millions of individuals who could be in danger. 

Given the current geopolitical environment of high tensions, polarisation, and Russian influence, the exposure of millions of Georgian citizens could have severe consequences. 

“Threat actors can weaponize personal data for both political or criminal activities. State-sponsored hackers can exploit the leak for political manipulation, disinformation campaigns, or targeted harassment. Meanwhile, profit-seeking hackers can exploit the data for various malicious activities,” Dyachenko stated.

He warns Georgians to be wary of potential identity theft and fraud efforts, as cybercriminals may attempt to mimic individuals or use other social engineering techniques to hijack accounts and carry out financial crimes.
Read more »
Sensitive customer information
Customer Information Cyber Security Data Exposure Data Leak data security IT Data Sensitive customer information

Willow Data Exposure Puts Over 240,000 Customer Records at Risk

 


Data Breach at Willow Exposes Over 240,000 Customer Records

A significant data exposure incident involving the Chicago-based financial technology firm Willow has left the personal details of more than 240,000 customers vulnerable. Willow, which offers a service to pay customer bills upfront and allows repayment in installments, reportedly left a large volume of sensitive data accessible online without password protection. The discovery was made by cybersecurity researcher Jeremiah Fowler, who uncovered an unsecured database containing approximately 241,970 files.

The exposed data included customer names, email addresses, phone numbers, transaction details, and partial banking information. Alarmingly, receipts uploaded to the database revealed additional sensitive details, such as partial credit card numbers and home addresses. Fowler also found a T-Mobile bill containing call and text message records, underscoring the severity of the breach. One particularly concerning file contained data on 56,864 individuals categorized as prospects, active customers, or former customers barred from using Willow’s services.

The scale of the exposure raises significant concerns about the risk of identity theft and financial fraud. While there is no evidence yet that the leaked data has been exploited, the breach highlights the potential for phishing scams and social engineering attacks. Fraudsters could use the exposed information to craft convincing schemes, such as fraudulent billing requests or identity verification scams, targeting affected individuals.

Fowler immediately attempted to notify Willow of the breach, but his outreach went unanswered. Shortly thereafter, the database was secured and removed from public access. However, it remains unclear whether the database was managed directly by Willow or a third-party contractor. The duration of the exposure also remains unknown, raising concerns about whether unauthorized parties may have accessed the data before it was secured.

Experts recommend that affected customers take proactive measures to protect themselves. These include closely monitoring financial accounts for unusual activity, changing passwords linked to Willow, and remaining vigilant against phishing attempts. Customers should be cautious of unsolicited communications requesting personal or financial information, as scammers may leverage the exposed data to appear legitimate.

Willow has yet to publicly address the breach or outline measures to prevent future incidents. This lack of transparency underscores the importance of stringent data protection protocols. Cybersecurity experts stress that companies handling sensitive financial information must regularly audit their systems to identify and mitigate vulnerabilities.

Until Willow provides clarity, customers must rely on their own vigilance to safeguard against potential misuse of their information. This incident serves as a stark reminder of the growing need for robust data security practices in today’s digital landscape.

Read more »
Ransomwares
AI Attack Cyber Attacks cybercrime group Data Leak Hacktivism RaaS Ransom Demand Ransomware attack Ransomwares

FunkSec Ransomware Group: AI-Powered Cyber Threat Targeting Global Organizations

 

A new ransomware group, FunkSec, has emerged as a growing concern within the cybersecurity community after launching a series of attacks in late 2024. Reports indicate that the group has carried out over 80 cyberattacks, signaling a strategic blend of hacktivism and cybercrime. According to recent findings, FunkSec’s activities suggest that its members are relatively new to the cyber threat landscape but have been using artificial intelligence (AI) to amplify their capabilities and expand their reach. 

FunkSec’s ransomware, developed using the Rust programming language, has caught the attention of security analysts due to its complexity and efficiency. Investigations suggest that AI tools may have been used to assist in coding and refining the malware, enabling the attackers to bypass security defenses more effectively. A suspected Algerian-based developer is believed to have inadvertently leaked portions of the ransomware’s code online, providing cybersecurity researchers with valuable insights into its functionality. 

Operating under a ransomware-as-a-service (RaaS) framework, FunkSec offers its malware to affiliates, who then carry out attacks in exchange for a percentage of the ransom collected. Their approach involves double extortion tactics—encrypting critical files while simultaneously threatening to publish stolen information unless the victim meets their financial demands. To facilitate their operations, FunkSec has launched an underground data leak website, where they advertise stolen data and offer additional cybercrime tools, such as distributed denial-of-service (DDoS) attack capabilities, credential theft utilities, and remote access software that allows for covert control of compromised systems. 

The origins of FunkSec date back to October 2024, when an online persona known as “Scorpion” introduced the group in underground forums. Additional figures, including “El_Farado” and “Bjorka,” have been linked to its expansion. Investigators have noted discrepancies in FunkSec’s communications, with some materials appearing professionally written in contrast to their typical informal style. This has led experts to believe that AI-generated content is being used to improve their messaging and phishing tactics, making them appear more credible to potential victims. 

FunkSec’s ransomware is designed to disable security features such as antivirus programs, logging mechanisms, and backup systems before encrypting files with a “.funksec” extension. The group’s ransom demands are relatively modest, often starting at around $10,000, making their attacks more accessible to a wide range of potential victims. Additionally, they have been known to sell stolen data at discounted rates to other threat actors, further extending their influence within the cybercriminal ecosystem. Beyond financial motives, FunkSec has attempted to align itself with hacktivist causes, targeting entities in countries like the United States and India in support of movements such as Free Palestine. 

However, cybersecurity analysts have expressed skepticism over the authenticity of their claims, noting that some of the data they leak appears to have been recycled from previous breaches. While FunkSec may be a relatively new player in the cyber threat landscape, their innovative use of AI and evolving tactics make them a significant threat. Security experts emphasize the importance of proactive measures such as regular system updates, employee training on cybersecurity best practices, and the implementation of robust access controls to mitigate the risks posed by emerging ransomware threats like FunkSec.
Read more »
Personal Data
data attacks Data Breach Data Leak data security Financial Data healthcare data breach HIPAA Medical Data Medical Data breach Personal Data

Medusind Data Breach Exposes Health and Personal Information of 360,000+ Individuals

 

Medusind, a major provider of billing and revenue management services for healthcare organizations, recently disclosed a data breach that compromised sensitive information of over 360,000 individuals. The breach, which occurred in December 2023, was detected more than a year ago but is only now being reported publicly. 

The Miami-based company supports over 6,000 healthcare providers across 12 locations in the U.S. and India, helping them streamline billing processes and enhance revenue generation. According to a notification submitted to the Maine Attorney General’s Office, the breach was identified when Medusind noticed suspicious activity within its systems. 

This led the company to immediately shut down affected systems and enlist the help of a cybersecurity firm to investigate the incident. The investigation revealed that cybercriminals may have gained access to and copied files containing personal and medical details of affected individuals. Information compromised during the breach includes health insurance details, billing records, and medical data such as prescription histories and medical record numbers. Financial data, including bank account and credit card information, as well as government-issued identification, were also exposed. 

Additionally, contact details like addresses, phone numbers, and email addresses were part of the stolen data. In response, Medusind is providing affected individuals with two years of free identity protection services through Kroll. These services include credit monitoring, identity theft recovery, and fraud consultation. The company has advised individuals to stay vigilant by reviewing financial statements and monitoring credit reports for unusual activity that could indicate identity theft. 

This breach highlights the increasing cybersecurity challenges facing the healthcare industry, where sensitive personal information is often targeted. To address these risks, the U.S. Department of Health and Human Services has proposed updates to the Health Insurance Portability and Accountability Act (HIPAA). These proposed changes include stricter requirements for encryption, multifactor authentication, and network segmentation to protect patient data from cyberattacks. The Medusind incident follows a series of high-profile breaches in the healthcare sector.

In May 2024, Ascension reported that a ransomware attack had exposed data for 5.6 million individuals. Later in October, UnitedHealth disclosed a breach stemming from a ransomware incident affecting over 100 million people. As healthcare providers continue to face cyber threats, the urgency to implement robust data security measures grows. Medusind’s experience serves as a reminder of the significant risks posed by such breaches and the importance of safeguarding sensitive information.
Read more »
User Privacy
Data Leak Location data Mobile App Breach Mobile Security User Privacy

Millions of People's 'Intimate' Location Data Compromised in Apparent Hack

 

Major apps worldwide are potentially being exploited by rogue members within the advertising sector to collect sensitive location data extensively, which subsequently is transferred to a location data firm whose subsidiary has previously sold global location data to US law enforcement agencies. 

The thousands of apps discovered in hacked files from location data firm Gravy Analytics range from games like Candy Crush to dating apps like Tinder, pregnancy tracking, and religious prayer apps for both Android and iOS. Because much of the data collection occurs through the advertising ecosystem rather than code developed by app creators themselves, it is likely that users or even app developers are unaware of it. 

After examining some of the data, Zach Edwards, senior threat analyst at cybersecurity firm Silent Push and an avid follower of the location data space, tells 404 Media, "For the first time publicly, we seem to have proof that one of the largest data brokers selling to both commercial and government clients appears to be acquiring their data from the online advertising bid stream," instead of code embedded in the apps themselves. 

The data offers a rare peek into the realm of real-time bidding. Historically, location data providers compensated app developers to incorporate bundles of code that collected their users' location data. Numerous companies have instead moved to the advertising ecosystem, where firms bid to place ads within apps, to obtain location information. However, data brokers can listen in on that procedure and gather the location of people's mobile phones.

"This is a nightmare scenario for privacy, because not only does this data breach contain data scraped from the RTB systems, but there's some company out there acting like a global honey badger, doing whatever it pleases with every piece of data that comes its way," Edwards added. 

The hacked Gravy data includes tens of millions of mobile phone coordinates from devices in the United States, Russia, and Europe. Some of those files additionally list an app next to each piece of location data. 404 Media extracted the app names and created a list of mentioned apps. 

The list includes dating sites Tinder and Grindr; massive games like Candy Crush, Temple Run, Subway Surfers, and Harry Potter: Puzzles & Spells; transit app Moovit; My Period Calendar & Tracker, a period-tracking app with over 10 million downloads; popular fitness app MyFitnessPal; social network Tumblr; Yahoo's email client; Microsoft's 365 office app; and flight tracker Flightradar24. The list also includes a number of religious-focused apps, such as Muslim prayer and Christian Bible apps, as well as numerous pregnancy trackers and VPN apps, which some users may download, ironically, in order to safeguard their privacy.
Read more »
User Security
Data Breach Data Leak Russian State Silent Crow User Security

Silent Crow Claims Hack of Russia’s Rosreestr, Leaks Citizens’ Personal Data

 



The hacking group Silent Crow has claimed responsibility for breaching Russia's Federal Service for State Registration, Cadastre, and Cartography (Rosreestr), releasing what it describes as a fragment of the agency’s database. The leak reportedly includes sensitive personal information of Russian citizens, raising significant cybersecurity and privacy concerns.

According to the Telegram channel Information Leaks, which first reported the incident, the exposed data set contains nearly 82,000 records. These records reportedly include:
  • Full Names
  • Birth Dates
  • Residential Addresses
  • Phone Numbers and Email Addresses
  • SNILS Numbers: Russian equivalents of Social Security numbers
  • Rosreestr IDs
Silent Crow shared details of the breach via its anonymous Telegram channel on January 6, 2025, claiming the leaked data includes approximately 90,000 entries from Russia's Unified State Register of Real Estate.

Journalist Andrey Zakharov examined 15 randomly selected entries from the leaked data and confirmed their authenticity. In several cases, the leaked property addresses matched individuals' known residences. However, the dataset notably omits cadastral numbers, which could directly link properties to their owners. Zakharov suggested this omission may have been intentional to conceal the full extent of the breach.

Rosreestr has not officially acknowledged the breach, stating only that "additional checks" are underway regarding the circulating reports on Telegram. No formal confirmation or denial has been issued as of now.

Rosreestr’s Role in Investigations

Rosreestr’s real estate data has historically been instrumental for journalists and independent investigators uncovering corruption. Investigations led by the late Alexey Navalny’s Anti-Corruption Foundation (FBK) frequently utilized Rosreestr records to expose properties owned by government officials, often purchased far beyond their declared incomes.

In response to these investigations, the Russian government restricted access to property ownership data. In March 2023, Rosreestr implemented stricter privacy controls under a personal data law passed in July 2022, allowing property owner information to be disclosed only with the owner's consent.

The Rosreestr breach highlights severe vulnerabilities in the cybersecurity infrastructure of large state agencies. Silent Crow’s statement emphasized this, stating, “Rosreestr has become a vivid example of how large state structures can fall in just a few days.” The leak raises serious concerns about the protection of sensitive government data and the potential misuse of this information.

As cybersecurity threats escalate globally, this incident underscores the urgent need for robust security measures within government databases to safeguard citizen data against malicious actors.
Read more »
Personal Data
Automotive Industry AWS Cloud Data Cloud Misconfiguration Data Breach Data Leak data security Exposed Data Personal Data

Volkswagen Cybersecurity Breach Exposes Sensitive Vehicle Data

 


A recent cybersecurity lapse within Volkswagen’s Cariad unit, which manages the company’s cloud systems, exposed sensitive data from hundreds of thousands of vehicles. The breach, attributed to a misconfiguration in a cloud environment hosted on Amazon Web Services (AWS), was uncovered by a whistleblower and investigated by the Chaos Computer Club, a cybersecurity association. The incident has sparked significant concerns about data privacy and the security of connected vehicles.

The exposed dataset reportedly included detailed information on approximately 800,000 electric vehicles. Notably, location data was exceptionally precise for 460,000 cars. For Volkswagen and its subsidiary Seat, the data pinpointed vehicles to within 10 centimeters, while data from Audi and Skoda vehicles were accurate to within six miles. In some instances, the leaked information was linked to personal details of car owners, such as names, contact information, and vehicle operational statuses. Alarmingly, the breach also disclosed the locations of prominent individuals, including German politicians, raising concerns about potential misuse.

Volkswagen’s Cariad unit is responsible for integrating advanced technologies into the automaker’s vehicles. This incident highlights vulnerabilities in cloud environments used by automakers to store and manage vast amounts of vehicle and customer data. According to Volkswagen, accessing the exposed information required bypassing multiple security layers, which would have demanded advanced expertise and considerable effort. Despite this, the data remained publicly accessible for several months, drawing criticism and prompting calls for stronger cybersecurity measures.

Existing Security Measures and Gaps

Automakers generally follow industry standards such as ISO/SAE 21434, which outline best practices for securing systems against breaches and mitigating vulnerabilities. Many vehicles are also equipped with cybersecurity hardware, including network switches and firewalls, to protect data within a car’s subsystems. However, the Volkswagen incident underscores critical gaps in these measures that require urgent attention.

Company Response and Moving Forward

The leaked dataset, spanning several terabytes, reportedly did not include payment details or login credentials, according to Volkswagen. The company has since patched the vulnerability and emphasized its commitment to data security. While Volkswagen stated that there was no evidence hackers had downloaded the information, the breach serves as a stark reminder of the risks inherent in managing sensitive data within interconnected systems.

This incident underscores the need for stricter regulations and enhanced cybersecurity frameworks for cloud-based infrastructures, especially as connected vehicles become increasingly prevalent. Moving forward, automakers must prioritize robust security protocols to safeguard consumer data and prevent similar breaches in the future.

Read more »
supply chain security
Bank Data Data Breach Data Leak data security fake ads Fidelity Personal Data Phishing Attack Phishing Camapign supply chain security

General Dynamics Confirms Data Breach Via Phishing Campaign

 


In October 2024, General Dynamics (GD), a prominent name in aerospace and defense, confirmed a data breach impacting employee benefits accounts. The breach, detected on October 10, affected 37 individuals, including two residents of Maine. Attackers accessed sensitive personal data and bank details, with some accounts experiencing unauthorized changes.

The incident originated from a phishing campaign targeting a third-party login portal for Fidelity’s NetBenefits Employee Self Service system. Through a fraudulent ad campaign, attackers redirected employees to a spoofed login page resembling the legitimate portal. Employees who entered their credentials inadvertently provided access to their accounts. The compromised data included:

  • Personal Information: Names, birthdates, and Social Security numbers.
  • Government IDs: Details of government-issued identification.
  • Banking Details: Account numbers and direct deposit information.
  • Health Information: Disability status of some employees.

In some cases, attackers altered direct deposit information in affected accounts. The breach began on October 1, 2024, but was only discovered by General Dynamics on October 10. Once identified, access to the compromised portal was suspended, and affected employees were promptly notified. Written instructions were sent to reset credentials and secure accounts. Forensic experts were engaged to assess the breach, determine its scope, and address vulnerabilities.

Company’s Response and Support

General Dynamics emphasized that the breach was isolated to the third-party login portal and did not compromise its internal systems. In a report to the Maine Attorney General’s Office, the company stated, “Available evidence indicates that the unauthorized access occurred through the third party and not directly through any GD business units.”

To assist affected individuals, General Dynamics is offering two years of free credit monitoring services. Impacted employees were advised to:

  • Reset login credentials and avoid reusing old passwords.
  • Monitor bank and benefits accounts for suspicious activity.
  • Follow provided guidelines to safeguard personal information.

For additional support, the company provided resources and contacts to address employee concerns.

Previous Cybersecurity Incidents

This is not the first cybersecurity challenge faced by General Dynamics. In June 2024, its Spanish subsidiary, Santa Barbara Systems, was targeted by a pro-Russian hacker group in a distributed denial-of-service (DDoS) attack. While the incident caused temporary website disruption, no sensitive data was compromised.

Earlier, in March 2020, a ransomware attack on Visser Precision, a General Dynamics subcontractor, exposed sensitive data through the DoppelPaymer ransomware group. Although General Dynamics’ internal systems were not directly impacted, the incident highlighted vulnerabilities in supply chain cybersecurity.

These recurring incidents highlight the persistent threats faced by defense companies and underscore the critical need for robust cybersecurity measures to protect sensitive data. General Dynamics’ swift response and ongoing vigilance demonstrate its commitment to addressing cybersecurity challenges and safeguarding its employees and systems.

Read more »
online shopping fraud
AWS AWS S3 Credit Card Fraud Cyber Attacks Data Leak data security Identity Theft Prevention online shopping fraud

Massive Credit Card Breach Puts Millions at Risk


A significant credit card breach has been uncovered, threatening to disrupt holiday shopping for millions of Americans. The breach stems from an Amazon Web Services (AWS) S3 bucket left unsecured online, which contained sensitive customer data, including credit card details, names, addresses, and emails. This exposed data belongs to approximately five million individuals who fell victim to phishing scams, with one notable scheme promoting fake offers for a free iPhone.

The breach poses immediate risks such as fraud, unauthorized transactions, and identity theft. Cybersecurity experts are advising affected individuals to contact their financial institutions promptly to mitigate potential damage. Although the perpetrators remain unidentified, Amazon’s AWS Abuse team has initiated an investigation into the incident. According to researchers at Leakd.com, the breach originated from a phishing campaign orchestrated by a fraudulent company named “Braniacshop.” This group deceived victims with false promises of winning an iPhone 14, leveraging social engineering tactics like fake emails and websites to obtain personal information.

Researchers warn that the stolen data, now potentially available on the dark web, is estimated to be worth $85 million. Each stolen credit card detail could fetch up to $17. The timing of this breach during the busy holiday season intensifies its impact, as millions of Americans could face financial challenges while preparing for Christmas. To mitigate these risks, experts recommend carefully monitoring financial statements for any unusual activity and immediately notifying banks or credit card issuers of suspicious transactions to freeze compromised accounts.

Setting up fraud alerts with financial institutions can add an additional layer of security by flagging unauthorized actions. Taking a proactive stance, such as initiating a credit freeze, can prevent scammers from opening new accounts in an individual’s name. Strengthening online account security by using multi-factor authentication, encrypted password managers, and longer passphrases is another critical step to safeguard personal information.

For comprehensive protection, investing in identity theft monitoring services is highly recommended. These services provide ongoing alerts about potential misuse of personal data, helping users act swiftly in the event of a security breach. The incident serves as a crucial reminder to remain vigilant, particularly during the holiday season when phishing scams and fraudulent offers become more frequent. Proactive measures taken now can safeguard financial security and ensure peace of mind during this critical period. 

Read more »
User Security
Cyber Attacks Data Leak Private Data Rhode Island User Security

Rhode Island Residents Warned of Cyberattack Targeting State Government

 

Rhode Island officials have issued an urgent advisory for residents to take immediate precautions following a significant cyberattack on the state government. Authorities are warning that private data, including Social Security and bank account details, may soon be exposed due to the breach.

Governor Dan McKee and other state officials held a press conference earlier this week to address the situation and provide guidance. “We know this situation is alarming, and it’s stressful,” McKee stated. He encouraged residents to bookmark the official website where updates on the incident will be posted.

Details of the Cyberattack

The breach occurred on December 5, when officials discovered that an international cybercriminal gang might have hacked into RIBridges, the state system previously known as UHIP. This platform supports various health and benefits programs. Concerns escalated after hackers shared a screenshot of file folders from RIBridges, suggesting that malware had been installed on the system.

Preliminary investigations indicate that the hackers may have accessed sensitive information from hundreds of thousands of residents who have used state programs over the past eight years. Impacted individuals will receive a notification letter from the state.

Affected State Programs

The affected programs include:

  • Medicaid
  • Supplemental Nutrition Assistance Program (SNAP)
  • Temporary Assistance for Needy Families (TANF)
  • Child Care Assistance Program (CCAP)
  • HealthSource RI health insurance
  • Rhode Island Works
  • Long-Term Services and Supports (LTSS)
  • General Public Assistance (GPA)
  • AT HOME cost-sharing

As a precaution, these programs will transition to paper applications starting next week, as the HealthyRhode online portal remains offline during the investigation.

Matt Weldon, director of the Rhode Island Department of Labor and Training, assured residents that the state’s separate system for unemployment insurance and other out-of-work benefits has not been affected by the cyberattack.

Steps for Residents to Protect Themselves

Michael Tetreault, a cybersecurity advisor with the U.S. Department of Homeland Security, provided the following recommendations for Rhode Islanders who believe they may be impacted:

  • Strengthen your passwords and avoid using the same password across multiple accounts.
  • Enable multi-factor authentication (MFA) on all online accounts.
  • Contact the three major credit-monitoring bureaus to freeze your credit as a precaution.

While the investigation continues, officials are urging residents to remain vigilant and take necessary measures to safeguard their personal information. Regular updates will be provided on the state’s official website, ensuring transparency and assistance for affected individuals.

Read more »
User Privacy
Amazon Web Services Christmas Scam Cyber Fraud Data Leak US Citizens User Privacy

Massive Data Breach Puts Millions at Risk During Christmas Season

 

As the Christmas season approaches, millions of U.S. citizens could face a potential holiday nightmare after a major data breach exposed 5 million unique credit and debit card details online. The leak threatens to compromise countless transactions during the festive shopping spree.

Security experts from Leakd.com revealed that 5 gigabytes of private screenshots were found in an unsecured Amazon S3 bucket, a cloud storage service provided by Amazon Web Services. These screenshots depict unsuspecting consumers entering sensitive data into fraudulent promotional forms, lured by offers that seem "too good to be true," such as free iPhones or heavily discounted holiday products.

The scam operates by enticing consumers with exclusive holiday gifts or significant discounts, requiring them to make a small payment or subscription to claim the offer. These offers often include a countdown timer to create a sense of urgency, pressuring individuals to act quickly without scrutinizing the details.

However, the promised items never arrive. Instead, the fraudsters steal sensitive data and store it on an unsecured server, where it can be accessed by anyone. This poses a heightened risk during the holiday season when shoppers are more vulnerable due to increased spending, making it easier for malicious actors to carry out unauthorized transactions unnoticed.

What to Do If You’re Affected

If you recently filled out a form promising an unbelievable offer, there’s a strong chance your privacy may have been compromised. Here’s what you should do:

  • Contact Your Bank: Inform your bank immediately and request a card replacement to prevent unauthorized transactions.
  • Monitor Bank Statements: Keep a close eye on your statements for any suspicious transactions. Report anything you don’t recognize.
  • Dispute Fraudulent Charges: If you notice unauthorized charges, contact your bank to dispute them and explore options for reimbursement.

The Growing Threat of Christmas Scams

Unfortunately, credit card theft isn’t the only scam cybercriminals are leveraging this holiday season. Security researchers have reported an increase in text-based scams impersonating delivery services. These scams target online shoppers, exploiting the busy season to steal sensitive information or money.

Examples of such scams include fake delivery notifications requesting payment for a package and inks leading to phishing websites that steal personal or payment information.

How to Protect Yourself

To safeguard yourself during the holiday season:

  • Verify Offers: Avoid offers that seem too good to be true, especially those requiring personal or payment details.
  • Check Sender Legitimacy: Double-check emails or texts claiming to be from delivery companies. Visit the official website directly rather than clicking on links.
  • Enable Fraud Alerts: Activate alerts with your bank to be notified of any unusual transactions.
  • Educate Family Members: Warn loved ones about these scams, especially those who may be less tech-savvy.

The holiday season should be a time of joy, not stress caused by data breaches and scams. By staying vigilant and taking proactive measures, you can protect yourself and your finances from cybercriminals looking to exploit this festive time of year.

Read more »
Vulnerabilities and Exploits
Cleo Server Data Leak File Transfer Tool Security Patch Vulnerabilities and Exploits

Active Exploitation of Cleo Communications' File Transfer Software Exposes Critical Vulnerabilities

 

Cleo Communications' file transfer software is under active attack, with security researchers from Huntress revealing that a recently issued patch fails to address the critical flaws being exploited. This ongoing vulnerability poses a significant threat to sectors relying on Cleo's software for logistics and supply chain operations.

The Vulnerabilities: Autorun Directory and CVE-2024-50623

Hackers are leveraging two key vulnerabilities in Cleo's software:

  • A feature that automatically executes files in the autorun directory.
  • An arbitrary file-write flaw identified as CVE-2024-50623.

On December 3, Huntress reported that Cleo's LexiCom, VLTransfer, and Harmony software solutions are affected by these issues. Despite the company issuing a patch on the same day, Huntress stated that it "does not mitigate the software flaw." This leaves users vulnerable until a new, effective patch is developed.

Cleo’s Response and Planned Mitigations

During a Zoom session with cybersecurity researchers, Cleo's team acknowledged the flaws and committed to designing a second patch. Earlier in the week, Cleo identified an unauthenticated malicious host vulnerability that could lead to remote code execution, although its CVE identifier is still pending.

In a statement, a Cleo spokesperson said the company had launched an investigation with the assistance of external cybersecurity experts. Cleo also informed customers about the issue and provided interim mitigation steps while working on a patch. The spokesperson emphasized that "the investigation is ongoing."

Recommendations for Cleo Users

Until an effective patch is released, Huntress has advised Cleo users to take immediate actions:

  • Erase items from the autorun directory to disrupt attack pathways.
  • Understand that this measure does not address the arbitrary file-write vulnerability, which remains exploitable.

Impacts on Businesses

The exploitation of Cleo's software has significant repercussions, particularly for industries dependent on large-scale logistics and supply chain operations. Researchers reported that:

  • At least 10 businesses have experienced breaches involving Cleo servers.
  • There was a "notable uptick in exploitation" on December 8 around 07:00 UTC.
  • Most incidents have targeted sectors such as consumer products, the food industry, and shipping.

A search on Shodan revealed 436 vulnerable servers, with the majority located in the United States. This underscores the scale of potential exposure and the urgent need for mitigation.

The Attack Chain: From Autorun to Persistent Access

Attackers exploit the autorun directory feature by inserting malicious files that execute automatically. These files allow them to:

  • Run PowerShell commands.
  • Establish persistent access using webshells retrieved from remote servers.

Examples of malicious autorun files include:

  • healthchecktemplate.txt
  • healthcheck.txt

Conclusion: Urgent Need for Robust Security Measures

The active exploitation of Cleo Communications' software highlights the evolving nature of cybersecurity threats and the critical importance of timely, effective patching. Businesses using Cleo's solutions must remain vigilant and implement recommended mitigations to minimize risk until a comprehensive fix is released.

This incident serves as a reminder for all organizations to prioritize cybersecurity, particularly in industries that handle sensitive data and depend on seamless file transfer operations.

Read more »
Personal Data Breach
Cybernews Data Breach Data Leak Financial Data healthcare data breach Healthcare Industry Personal Data Breach

Data Breach at Datavant Exposes Thousands of Minors to Cyber Threats

 

While cybercriminals often target adults for their valuable financial and personal information, children are not exempt from these risks. This was made evident by a recent data breach involving health IT company Datavant, which exposed sensitive information of thousands of minors. This incident highlights the vulnerabilities of even the youngest members of society in today's digital age.

The Datavant Breach: A Timeline of Events

The breach occurred in May following a phishing attack targeting Datavant employees. Hackers sent deceptive emails to trick employees into revealing their login credentials—a tactic relying on human error rather than exploiting technical vulnerabilities. While most employees recognized the phishing attempt, a few fell victim, granting attackers unauthorized access to one of the company’s email accounts.

An investigation revealed that between May 8 and 9, the attackers accessed sensitive data stored in the compromised inbox. Over 11,000 minors were affected, with stolen information including:

  • Names and contact details
  • Social Security numbers
  • Financial account details
  • Driver’s licenses and passports
  • Health information

Implications of the Breach

The stolen data poses severe risks, particularly identity theft and targeted scams. Among these, medical identity theft is particularly alarming. Hackers can use health data to file fraudulent insurance claims or manipulate medical records, which may disrupt access to healthcare services and create significant financial and administrative challenges for victims.

Unlike standard identity theft, medical identity theft carries unique dangers, such as incorrect medical information being added to a person’s records. This could lead to inappropriate treatments or delayed care, further complicating the recovery process for affected families.

Datavant’s Response

In response to the breach, Datavant has implemented additional security measures, including:

  • Strengthened cybersecurity protocols
  • Enhanced employee training on phishing awareness

While these steps aim to prevent future incidents, the emotional and financial toll on affected families remains substantial. For many, the breach represents a loss of security that is not easily restored.

Protecting Affected Families

Families impacted by the breach are advised to take proactive measures to safeguard their children’s identities, including:

  • Monitoring credit reports regularly
  • Freezing their child’s credit if necessary
  • Remaining vigilant against phishing attempts and unusual account activity

Lessons from the Breach

The Datavant breach is a stark reminder of the evolving tactics used by cybercriminals and the devastating consequences of compromised data. Organizations handling sensitive information, particularly data about children, must prioritize cybersecurity practices and invest in training to mitigate risks. For individuals, heightened awareness and vigilance are crucial defenses against potential threats.

Conclusion

As cyberattacks become increasingly sophisticated, incidents like the Datavant breach underscore the importance of robust security measures and proactive steps to protect sensitive information. The digital age brings immense benefits, but it also demands constant vigilance to ensure the safety of personal data—especially when it comes to protecting our youngest and most vulnerable populations.

Read more »
User Privacy
AWS Credentials Data Breach Data Leak Data Sale User Privacy

Misconfigured AWS Cloud Instances Lead to Sensitive Data Breaches

 

Misconfigured cloud instances have once again enabled cybercriminals to steal sensitive data, including credentials, API keys, and proprietary source code. This time, numerous Amazon Web Services (AWS) users fell victim, highlighting a lack of understanding regarding the shared responsibility model in cloud infrastructure.

Discovery of Vulnerabilities

Independent security researchers Noam Rotem and Ran Loncar uncovered open flaws in public websites in August 2024. These flaws could be exploited to access sensitive customer data, infrastructure credentials, and proprietary source code.

Data Exploitation and Sale on Telegram

Further investigation revealed that French-speaking threat actors, potentially linked to hacker groups Nemesis and ShinyHunters, scanned "millions of websites" for vulnerabilities. By exploiting these flaws, they harvested an array of sensitive information, including:

  • AWS customer keys and secrets
  • Database credentials and data
  • Git repository data and source code
  • SMTP credentials for email sending
  • API keys for services like Twilio, Binance, and SendGrid
  • SSH credentials
  • Cryptocurrency-related keys and mnemonics
  • Other sensitive access data

The stolen data was sold via a private Telegram channel, reportedly earning "hundreds of euros per breach." Investigators noted that the perpetrators might need the funds for legal defense once apprehended.

Investigation and Response

Rotem and Loncar traced the incident to specific individuals and reported their findings to Israel's Cyber Directorate and AWS Security. The researchers stated: "Our investigation has identified the names and contact information of several individuals behind this incident. This could help in further actions against the perpetrators."

AWS promptly took action to mitigate risks and emphasized that the vulnerability stemmed from user-side misconfigurations rather than AWS systems: "The AWS Security team emphasized that this operation does not pose a security issue for AWS, but rather is on the customer side of the shared responsibility model – a statement we fully agree with," vpnMentor reported.

The Shared Responsibility Model

The shared responsibility model in cloud computing divides security responsibilities between the cloud service provider and the customer. AWS ensures the security of its infrastructure, while customers are responsible for securely configuring and managing their data and applications.

Irony in Misconfiguration

Ironically, the stolen data was discovered in an unprotected AWS S3 bucket—another misconfiguration. According to the researchers: "The data collected from the victims was stored in an S3 bucket, which was left open due to a misconfiguration by the owner. The S3 bucket was used as a 'shared disk' between the members of the attack group, based on the source code of the tools they used."

Lessons for Cloud Security

Cybersecurity experts emphasize that cloud misconfigurations remain a leading cause of data breaches. Organizations must take proactive steps to secure their cloud environments:

  • Implement strict access controls and regular audits of cloud configurations.
  • Use tools to detect misconfigurations and vulnerabilities in real-time.
  • Educate employees about the shared responsibility model and best practices for cloud security.

This incident underscores the critical need for customers to take their share of responsibility in safeguarding sensitive data and highlights the risks of negligence in cloud security practices.

Read more »
United States
Artivion Cyber Attacks Data Leak Medical Data Ransomware United States

Artivion Discloses Ransomware Attack, Disrupting Operations

 

Leading cardiac surgery medical device company Artivion has reported a ransomware attack that occurred on November 21, resulting in the encryption of certain systems and unauthorized data access. The incident forced the Atlanta-based company to take part of its operations offline while addressing the attack.

Artivion's Response

In its 8-K filing with the U.S. Securities and Exchange Commission (SEC), Artivion disclosed that it promptly initiated an investigation and engaged external advisors, including legal, cybersecurity, and forensics professionals. "The incident involved the acquisition and encryption of files. The Company is working to securely restore its systems as quickly as possible and to evaluate any notification obligations," the filing stated.

The company also noted that disruptions to its corporate operations, order processing, and shipping were largely resolved. Despite having insurance coverage for incident response costs, Artivion anticipates additional expenses that will not be covered.

Impact on Operations

Artivion operates manufacturing facilities in Germany, Texas, and Georgia and employs over 1,250 people globally, with sales representatives in more than 100 countries. Although the immediate disruptions caused by the ransomware attack have been mitigated, the company is likely to face longer-term implications, including potential reputational damage and increased cybersecurity investments.

Healthcare Sector Under Siege

The ransomware attack on Artivion is part of a broader wave of cyberattacks targeting healthcare organizations. Recently, the BianLian cybercrime group attacked Boston Children's Health Physicians (BCHP), threatening to expose stolen files unless a ransom was paid. Similarly, UMC Health System and Anna Jaques Hospital faced significant disruptions due to ransomware assaults earlier this year.

These incidents highlight the growing vulnerabilities in the healthcare sector, where sensitive patient data and critical operations make organizations attractive targets for cybercriminals.

Lessons for the Healthcare Industry

The Artivion ransomware attack underscores the urgent need for the healthcare sector to adopt robust cybersecurity measures. Key takeaways include:

  • Proactive Defense: Implementing advanced threat detection and response mechanisms is critical to identifying and mitigating attacks before they cause significant damage.
  • Incident Response Planning: Having a comprehensive incident response plan can minimize disruptions and accelerate recovery efforts during cyberattacks.
  • Employee Awareness: Educating staff about phishing scams and other common attack vectors can help reduce vulnerabilities.

As cyber threats continue to evolve, healthcare organizations must prioritize cybersecurity to safeguard sensitive data and maintain trust in their services.

Read more »
User Privacy
23andMe Data Breach Data Leak DNA Analysis Firm User Privacy

What’s Happening with 23andMe? Data Privacy and Uncertain Future

 

23andMe, a DNA analysis company, has been in turmoil lately. This September, the entire board of directors left due to differences with the CEO, and data was compromised in a 2023 hack.

Anne Wojcicki, the CEO, had previously stated that she was open to third-party acquisition ideas; however, she altered her stance this week. The company is not currently for sale, but nothing looks promising—and it's unclear what will happen to consumer data if the company fails.

Is 23andMe Data Being Sold?

So far, there has been no official indication on whether the company will be sold with or without its data. However, it is realistic to expect the company to be sold and the data to be inherited by the new owner. Something similar occurred when MyHeritage acquired Promethease, another DNA analysis company, in 2020.

Your data may already be shared with other parties. If you signed up for research projects through 23andMe, "de-identified" data about you (including genetic data) was most likely shared with research institutes and pharmaceutical firms. For example, 23andMe has a data licensing deal with GSK (formerly GlaxoSmithKline) to utilize the 23andMe database to "conduct drug target discovery and other research.”

This is not a hypothetical future scenario, but rather the existing state of the firm. These types of licensing agreements account for a significant portion of 23andMe's revenue—or plans to make money. Alternatively, they may have made money previously. They're not making much money these days.

How to Download Your Data and Delete Your Account

If you want to retain any of your data, start by logging into your account and going to your user settings page. There, you can also choose not to participate in studies. On the 23andMe Data card, click View.

To validate your identity, you’ll need to enter your date of birth. In theory, this is where you can download your data, but issues may arise. For instance, I have a 23andMe account, but I must have given the firm a false date of birth years ago. The page simply directs me to call Customer Care. This seems like a significant impediment, but here we are.

According to a Reddit user, Customer Care may request a copy of your ID for verification. This process could be problematic if you used a fake date of birth. Nonetheless, the company’s documentation indicates that if you can get past this step, you can download your data and cancel your subscription. Good luck!

Read more »
Russian Hacker
Cyber Attacks Data Leak NHS Hospital Ransomware attack Russian Hacker

Ransomware Attackers Launch New Cyberattacks Against NHS Hospitals

 

Ransomware hackers have disrupted emergency services, compromised several hospitals, and exposed private patient data in an ongoing cyberattack targeting National Health Service (NHS) trusts across the United Kingdom. The attacks, which have raised serious concerns about cybersecurity in critical infrastructure, highlight vulnerabilities in the healthcare sector.

Alder Hey Children's Hospital Targeted

After claiming responsibility for an earlier attack on NHS Scotland, the ransomware gang Inc Ransom, known for its alleged ties to Russia, now claims to have infiltrated the Alder Hey Children's Hospital Trust, one of Europe’s largest children’s hospitals. In a post on its dark web leak site, the gang claimed to have stolen donor reports, procurement data, and patient records spanning from 2018 to 2024.

The stolen records reportedly include sensitive health information and personally identifiable data such as patient addresses and dates of birth. Samples of the data have allegedly been shared to substantiate the breach, increasing concerns over the privacy of vulnerable patients.

Hospital Statement and Scope of the Breach

Alder Hey acknowledged the cybersecurity incident on November 28, confirming that hackers had infiltrated a "digital gateway service" used by multiple hospitals. This breach affected Alder Hey Children’s Hospital, Liverpool Heart and Chest Hospital, and Royal Liverpool University Hospital. The hospital issued a statement, noting:

"The attacker has claimed to have extracted data from impacted systems. We are continuing to take this issue very seriously while investigations continue into whether the attacker has obtained confidential data."

While Alder Hey assured that hospital services remain operational, it cautioned that the perpetrators might publish the stolen data before the investigation concludes. This underscores the need for immediate cybersecurity measures to prevent further fallout.

Wirral University Teaching Hospital Also Attacked

Just miles from Alder Hey, the Wirral University Teaching Hospital faced a separate ransomware attack, prompting it to declare a "major incident" after shutting down its systems. The network, which oversees Arrowe Park Hospital, Clatterbridge Hospital, and Wirral Women and Children’s Hospital, is working to restore clinical systems while acknowledging that some services remain disrupted.

In a statement issued on Wednesday, the Wirral Hospital Trust said:

"Emergency treatment is being prioritized but there are still likely to be longer than usual waiting times in our Emergency Department and assessment areas. We urge all members of the public to attend the Emergency Department only for genuine emergencies."

Broader Implications of Healthcare Cyberattacks

The incidents affecting Alder Hey and Wirral University Teaching Hospital highlight the broader risks of ransomware attacks in healthcare. The potential exposure of private patient data and operational disruptions can have life-threatening consequences, particularly in emergency care settings.

While Alder Hey continues to investigate, it remains unclear whether data extracted from affected systems has been leaked or sold. The situation underscores the urgency for robust cybersecurity frameworks to safeguard critical healthcare infrastructure. Hospitals must adopt advanced threat detection and mitigation strategies to protect sensitive patient data and maintain operational integrity.

Next Steps for Affected Hospitals

In response to the attacks, hospitals are advised to:

  1. Strengthen Cybersecurity Protocols
    Implement robust access controls, monitor for unusual network activity, and update vulnerable systems promptly.
  2. Engage Incident Response Teams
    Collaborate with cybersecurity experts to mitigate damage and secure compromised systems.
  3. Maintain Transparent Communication
    Regularly update patients and stakeholders on the status of investigations and the steps taken to secure their data.
  4. Prioritize Emergency Services
    Ensure minimal disruption to critical services while restoring operational systems.

The Growing Threat of Ransomware in Healthcare

As ransomware attacks on healthcare organizations increase in frequency and sophistication, it is imperative for hospitals to invest in robust cybersecurity measures. Governments and regulatory bodies must also introduce stricter policies and provide support to enhance the resilience of healthcare systems.

The attacks on Alder Hey and Wirral Teaching Hospital serve as a stark reminder of the devastating impact cyber threats can have on healthcare services. Proactive measures and collaborative efforts are essential to prevent similar incidents and protect patient trust in the digital age.

Read more »
Russia
Attack Campaign Cyber Attacks Data Leak Election Romania Russia

Romania's Election System Hit by Over 85,000 Cyberattacks, Russian Links Suspected


Romania’s intelligence service in its declassified report disclosed the country’s election systems were hit by over 85,000 cyberattacks. Attackers have also stolen login credentials for election-related sites and posted the information on a Russian hacker forum just before the first presidential election round. 

Data leaked on Russian site

The data was likely stolen from attacking authentic users and exploiting legitimate training servers. Russia has denied any involvement in Romania’s election campaign.

The Romanian Intelligence Service (SRI) said, “The attacks continued intensively including on election day and the night after elections. The operating mode and the amplitude of the campaign lead us to conclude the attacker has considerable resources specific to an attacking state."

About the attack

SRI says the IT infrastructure of Romania’s Permanent Electoral Authority (AEP) was targeted on 19th November. Threat actors disrupted a server containing mapping data (gis.registrulelectoral.ro) that was connected with the public web as well as AEP’s internal network.

After the attack, log in details of Romanian election websites- bec.ro (Central Election Bureau), roaep.ro, and registrulelectoral.ro (voter registration), were posted on a Russian cybercrime platform.

Motives for the attack

SRI believes the attacks 85,000 attacks lasted till November 25th, the motive was to gain access to election infrastructure and disrupt the systems to compromise election information for the public and restrict access to the systems. The declassified report mentions the attacker attempted to compromise the systems by exploiting SQL injection and cross-site scripting (XSS) flaws from devices in 33 countries. 

Romanian agency has warned that bugs are still affecting the election infrastructure and could be abused to move within the network and build a presence.

SRI notes in the declassified report that the threat actor tried to breach the systems by exploiting SQL injection and cross-site scripting (XSS) vulnerabilities from devices in more than 33 countries.

Influence campaign on elections

SRI believes Russia orchestrated the attacks as a part of a larger plan to disrupt democratic elections in Eastern Europe. The agency says Moscow perceives Romania as an ‘enemy nation’ because the latter supports NATO and Ukraine. The influence campaign tactics include disinformation, propaganda, and supporting European agendas shaping public opinion. 

Romania’s Foreign Intelligence Service (SIE) believes Russia targeted the country as part of broader efforts to influence democratic elections in Eastern Europe. Moscow views Romania as an “enemy state” due to its support for NATO and Ukraine. These influence operations include propaganda, disinformation, and support for eurosceptic agendas, aiming to shape public opinion favoring Russia. 

While there is no concrete proof showing Russia’s direct involvement in Romanian elections, the declassified document suggests Russia’s history of election meddling in other places.

Read more »
Subscribe to: Posts (Atom)