Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Leak. Show all posts
Employee Data
Australia Australian Businesses Cybersecurity Researchers Data Breach Data Leak data security Database Leaked Database Security Employee Data

Sydney Tools Data Leak Exposes Millions of Customer and Employee Records

 

A major data leak from Sydney Tools, an Australian retailer specializing in power tools, hand tools, and industrial equipment, has potentially exposed the personal information of millions of customers and employees. The breach, discovered by cybersecurity researchers at Cybernews, involved an unprotected Clickhouse database that remained publicly accessible online, allowing unauthorized individuals to view sensitive data.  

According to the report, the database contained more than 5,000 records related to Sydney Tools employees, including both current and former staff. These records included full names, branch locations, salary details, and sales targets. Given that Sydney Tools reportedly employs around 1,000 people, a large portion of the exposed records likely belong to individuals who no longer work for the company. While no banking details were included in the leak, the exposure of employee information still poses a significant security risk. 

Cybercriminals could use these details to craft convincing phishing scams or for identity theft. Beyond employee data, the breach also exposed an even larger volume of customer information. The database reportedly contained over 34 million online purchase records, revealing customer names, email addresses, phone numbers, home addresses, and details of purchased items. The exposure of this information is particularly concerning, as it not only compromises privacy but also increases the risk of targeted scams. 

Customers who purchased expensive tools and equipment may be especially vulnerable to fraud or burglary attempts. Cybernews researchers have expressed serious concerns over the extent of the breach, highlighting that the database includes a mix of personally identifiable information (PII) and financial details. This kind of information is highly valuable to cybercriminals, who can exploit it for various fraudulent activities. The researchers attempted to notify Sydney Tools about the security lapse, urging them to secure the exposed database. 

However, as of their last update, the data reportedly remained accessible, raising further concerns about the company’s response to the issue. This incident underscores the ongoing risks posed by unprotected databases, which continue to be one of the leading causes of data breaches. Companies handling large volumes of customer and employee information must prioritize data security by implementing robust protection measures, such as encryption, multi-factor authentication, and regular security audits. Failing to do so not only puts individuals at risk but also exposes businesses to legal and reputational damage. 

With cybersecurity threats on the rise, organizations must remain vigilant in safeguarding sensitive information. Until Sydney Tools secures the database and provides assurances about how it will handle data protection in the future, customers and employees should remain cautious and monitor their accounts for any suspicious activity.
Read more »
Privacy
Backups Data Leak Google Google Maps Privacy

Google Deletes User Data by Mistake – Who’s Affected and What to Do

 



Google has recently confirmed that a technical problem caused the loss of user data from Google Maps Timeline, leaving some users unable to recover their saved location history. The issue has frustrated many, especially those who relied on Timeline to track their past movements.


What Happened to Google Maps Timeline Data?

For the past few weeks, many Google Maps users noticed that their Timeline data had suddenly disappeared. Some users, who had been saving their location history for years, reported that every single recorded trip was gone. Even after trying to reload or recover the data, nothing appeared.

Initially, Google remained silent about the issue, providing no confirmation or explanation. However, the company has now sent an email to affected users, explaining that a technical error caused the deletion of Timeline data for some people. Unfortunately, those who did not have an encrypted backup enabled will not be able to restore their lost records.


Can the Lost Data Be Recovered?

Google has advised users who have encrypted backups enabled to try restoring their Timeline data. To do this, users need to open the latest version of Google Maps, go to the Timeline section, and look for a cloud icon. By selecting the option to import backup data, there is a chance of retrieving lost history.

However, users without backups have no way to recover their data. Google did not provide a direct apology but acknowledged that the situation was frustrating for those who relied on Timeline to recall their past visits.


Why Does This Matter?

Many Google Maps users have expressed their disappointment, with some stating that years of stored memories have been lost. Some people use Timeline as a digital journal, tracking places they have visited over the years. The data loss serves as a reminder of how important it is to regularly back up personal data, as even large tech companies can experience unexpected issues that lead to data deletion.

Some users have raised concerns about Google’s reliability, wondering if this could happen to other services like Gmail or Google Photos in the future. Many also struggled to receive direct support from Google, making it difficult to get clear answers or solutions.


How to Protect Your Data in the Future

To avoid losing important data in cases like this, users should take the following steps:

Enable backups: If you use Google Maps Timeline, make sure encrypted backups are turned on to prevent complete data loss in the future.

Save data externally: Consider keeping important records in a separate cloud service or local storage.

Be aware of notifications: When Google sends alerts about changes to its services, take immediate action to protect your data.


While Google has assured users that they are working to prevent similar problems in the future, this incident highlights the importance of taking control of one’s own digital history. Users should not fully rely on tech companies to safeguard their personal data without additional protective measures.



Read more »
Oracle Cloud
Data Breach Data Leak Data Theft Login Servers Oracle Cloud

Oracle Denies Claim of Server Breach

 

Following a threat actor's claim to be selling 6 million data records allegedly stolen from Oracle Cloud's federated SSO login servers, Oracle denies that it was compromised. 

“There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data," the company noted. 

This accusation follows the release of many text files yesterday by a threat actor going by the moniker rose87168, which included a sample database, LDAP details, and a list of the businesses they said were pilfered from Oracle Clouds' SSO platform.

The threat actor provided BleepingComputer with this URL as additional evidence that they were able to access Oracle Cloud servers. It displays an Internet Archive URL indicating that they submitted a.txt file to the login.us2.oraclecloud.com server that contained their ProtonMail email address.

The attackers uploaded a text file with their email address without having access to Oracle Cloud servers, as BleepingComputer explained when they got in touch with Oracle once more. 

Alleged Oracle data leak 

Rose87168 is currently offering the allegedly stolen data from Oracle Cloud's SSO service for an undisclosed fee or in exchange for zero-day exploits on the BreachForums hacking community. The information, which included enterprise manager JPS keys, Java Keystore (JKS) files, and encrypted SSO passwords, was allegedly stolen during an intrusion into Oracle servers based in 'login.(region-name).oraclecloud.com'.

"The SSO passwords are encrypted, they can be decrypted with the available files. also LDAP hashed password can be cracked," rose87168 says. "I'll list the domains of all the companies in this leak. Companies can pay a specific amount to remove their employees' information from the list before it's sold.” 

They've also promised to share part of the data with anyone who can help decrypt the SSO or LDAP credentials. The threat actor told BleepingComputer that they acquired access to Oracle Cloud servers about 40 days ago and claimed to have emailed the firm after exfiltrating data from the US2 and EM2 regions.

In the email conversation, rose87168 said that they asked Oracle to pay 100,000 XMR for information on how they infiltrated the systems, but the company allegedly refused to pay after requesting for "all information needed for fix and patch.” 

When questioned how they breached the servers, the attackers stated that all Oracle Cloud servers are running a vulnerable version with a public CVE (flaw) that does not yet have a public PoC or exploit. However, BleepingComputer was unable to independently verify whether this was the case.
Read more »
User Security
Bank Scam Cyber Fraud Data Leak Financial Scam Fraudulent Message User Security

Five Ways to Identify a Bank Fraud And Stay Safe

 

It is not unusual for your bank to try to contact you. However, some of those emails and phone calls are simply scammers taking advantage of your trust in your bank to scam you. In general, you should be extremely sceptical of any unexpected messages. 

Modus operandi

You receive a phone call claiming to be from your bank informing you of a problem with your account. This is typically used for security purposes, such as informing you when someone is unlawfully accessing your account or has stolen your identity. 

Their response is to ask you to transfer all funds to a safe account' while the problem is resolved. The problem is that no one is attempting to access your account, and you are sending money directly to the crooks. The funds are then moved swiftly to other accounts around the world. 

Additionally, bank transfer scams might be the most common telephone, or vishing, scam, but they are far from the only one. Others may attempt to gain remote control of your computer by claiming there is a problem with your internet connection or that you have a virus.

In reality, they use this time to install malware on your computer and steal your personal information. Another strategy is to claim you're eligible for a refund or compensation but have received too much. You will then be asked to return the difference. 

How to detect a scam  

Urgency:  Fraudulent mails can generate a sense of urgency or mislead you into acting quickly. They may warn you about account termination, blocking your ATM card, or missing out on a limited-time promotion. Be wary of messages that urge you to take immediate action. 

Sender information: Legitimate banks usually send messages from certain phone numbers or email addresses. Be wary of messages from unknown phones or addresses that use generic greetings such as "Dear Customer" instead of your name. 

Personal data: Real banks would never request critical information such as your password, CVV code, OTP (One Time Password), or entire account number over SMS or email. If a message prompts you to update or verify such information, do not answer and instead contact your bank immediately. 

Grammatical errors: Legitimate bank messages are usually well-written and formatted. Typos, grammatical errors, and unprofessional language can all be indicators of a fake message. 

Verify: If you are unsure regarding a message, always contact your bank immediately using their official contact information (phone number or website) to enquire about its legality.

Better safe than sorry

The Federal Trade Commission reports that last year, fraud cost consumers over $12.5 billion. You can take measures to make it difficult for a bad actor to leave with anything, even though it could be simple for them to contact you by email, text, or social media. It's wise to use caution when dealing with something as important as your finances.
Read more »
Personal Data
Bank CyberSecurity Bank Data Leak Cleo Server CLOP Customer Data Data Breach Data Leak Data Theft Identity Theft Personal Data

Western Alliance Bank Data Breach Exposes Nearly 22,000 Customers’ Personal Information

 

Western Alliance Bank has alerted nearly 22,000 customers that their personal information was compromised following a cyberattack in October. The breach stemmed from a vulnerability in a third-party vendor’s secure file transfer software, which allowed attackers to gain unauthorized access to the bank’s systems and extract sensitive customer data. 

Western Alliance, a subsidiary of Western Alliance Bancorporation with over $80 billion in assets, first disclosed the incident in a February SEC filing. The bank revealed that hackers exploited a zero-day vulnerability in the software, which was officially disclosed on October 27, 2024. However, unauthorized access to the bank’s systems had already occurred between October 12 and October 24. The breach was only confirmed after the attackers leaked stolen files online. 

According to breach notification letters sent to 21,899 affected customers and filed with the Office of Maine’s Attorney General, the stolen data includes names, Social Security numbers, birth dates, financial account details, driver’s license numbers, tax identification numbers, and passport information if previously provided to the bank. Despite the exposure, Western Alliance stated there is no evidence of fraud or identity theft resulting from the breach. 

To support affected customers, the bank is offering one year of free identity protection services through Experian IdentityWorks Credit 3B. Although Western Alliance did not disclose the name of the compromised software in its SEC filing or customer notifications, the Clop ransomware gang has claimed responsibility for the attack. In January, Clop listed the bank among 58 companies targeted in a campaign that exploited a critical zero-day vulnerability (CVE-2024-50623) in Cleo LexiCom, VLTransfer, and Harmony software. 

The ransomware group had previously leveraged similar security flaws in MOVEit Transfer, GoAnywhere MFT, and Accellion FTA to conduct large-scale data theft operations. Further investigations revealed that Clop exploited an additional zero-day vulnerability (CVE-2024-55956) in Cleo software in December. This allowed them to deploy a Java-based backdoor, dubbed “Malichus,” enabling deeper infiltration into victims’ networks. Cleo, which serves over 4,000 organizations worldwide, confirmed the vulnerability had been used to install malicious backdoor code in affected instances of its Harmony, VLTrader, and LexiCom software. 

The full extent of the breach remains unclear, but it highlights the growing risks posed by vulnerabilities in third-party software. Organizations relying on such solutions must remain vigilant, promptly apply security patches, and implement robust defenses to prevent similar incidents.
Read more »
iOS
API Keys App security cloud storage Cybersecurity Data Breach Data Leak Encryption Hardcoded Secrets iOS

Thousands of iOS Apps Expose Sensitive Data Through Hardcoded Secrets, Researchers Warn

 

Cybersecurity researchers have uncovered alarming vulnerabilities in thousands of iOS applications, revealing that hardcoded secrets in their code have put users' sensitive information at risk.

A recent analysis by Cybernews examined over 156,000 iOS apps and detected more than 815,000 hardcoded secrets—some of which are highly sensitive and could potentially lead to security breaches or data leaks.

The term "secret" broadly refers to sensitive credentials like API keys, passwords, and encryption keys. These are often embedded directly into an app’s source code for convenience during development, but developers sometimes fail to remove them before release. According to Cybernews, the average iOS app exposes 5.2 secrets, and 71% of apps contain at least one leaked credential.

While some of these hardcoded secrets pose minimal risk, the report highlights serious threats. Researchers identified over 83,000 cloud storage endpoints, with 836 exposed without authentication, potentially leaking more than 400TB of data. Additionally, 51,000 Firebase endpoints were discovered, thousands of which were accessible to outsiders. Other exposed credentials include API keys for platforms like Fabric API, Live Branch, and MobApp Creator.

Among the most critical findings were 19 hardcoded Stripe secret keys, which directly control financial transactions. Cybernews researchers emphasized the severity of this issue, stating: “Stripe is widely used by e-commerce and even fintech companies to handle online payments.”

This vulnerability could allow cybercriminals to manipulate transactions or gain unauthorized access to payment infrastructure.

The findings challenge the common belief that iOS apps offer stronger security compared to other platforms.

“Many people believe that iOS apps are more secure and less likely to contain malware. However, our research shows that many apps in the ecosystem contain easily accessible hardcoded credentials. We followed the trail and found open databases with personal data and accessible infrastructure,” said Aras Nazarovas, a security researcher at Cybernews.

This study underscores the importance of secure coding practices and urges developers to adopt better security protocols to prevent data breaches and unauthorized access.


Read more »
User Security
Data Breach Data Leak Ransomware attack Retirement Service Firm United States User Security

Ransomware Attack on Retirement Services Firm Exposes Thousands of US School Data

 

A ransomware assault targeting retirement service firm Carruth Compliance Consulting has resulted in a data breach affecting dozens of school districts and thousands of individuals in the US. Carruth Compliance Consulting (CCC) administers retirement savings accounts for public schools and non-profit organisations.

Carruth announced on its website on January 13, 2025, that it had detected suspicious activity on its computer systems on December 21, 2024. An investigation revealed that hackers gained access to company networks between December 19 and December 26, and stole some files. 

The company claims that private information such as name, Social Security number, financial account information, and, in specific circumstances, driver's license numbers, medical billing information, W-2 information, and tax filings were among the hacked files. Free identity restoration and credit monitoring services are being provided to affected consumers. 

A relatively new ransomware organisation called Skira claimed responsibility for the Carruth attack this week, claiming to have taken about 469 gigabytes of data, including databases, source code, and the data the company had included in their customer notification. Only four additional victims are listed on Skira's Tor-based leak website as of this writing; the first victim was revealed in December 2024. 

While Carruth has not disclosed the number of impacted organisations and individuals, dozens of school districts and institutions across multiple states have confirmed in recent weeks that they have been affected by the cybersecurity issue. School districts notified state attorneys general that Carruth was unable to identify affected individuals, and each educational institution is seeking to identify current and former employees whose personal information was provided with the retirement services provider. 

To date, nine school districts in Maine have reported identifying more than 20,000 individuals affected by a data breach, as mandated by the attorney general. The Carruth data breach comes just weeks after it was revealed that hackers may have stolen the personal information of millions of students and instructors in the United States and Canada after a cyberattack on education software and services company PowerSchool.
Read more »
Sensitive Data Leak
Cyber Attacks Data Leak data security Data Theft IT Systems Ransomware attack Ransomware group Ransomwares Sensitive Data Leak

Tata Technologies Cyberattack: Hunters International Ransomware Gang Claims Responsibility for 1.4TB Data Theft

 

Hunters International, a ransomware group known for high-profile cyberattacks, has claimed responsibility for a January 2025 cyberattack on Tata Technologies. The group alleges it stole 1.4TB of sensitive data from the company and has issued a threat to release the stolen files if its ransom demands are not met. Tata Technologies, a Pune-based global provider of engineering and digital solutions, reported the cyberattack in January. 

The company, which operates in 27 countries with over 12,500 employees, offers services across the automotive, aerospace, and industrial sectors. At the time of the breach, Tata Technologies confirmed that the attack had caused disruptions to certain IT systems but stated that client delivery services remained unaffected. The company also assured stakeholders that it was actively restoring impacted systems and conducting an internal investigation with cybersecurity experts. 

However, more than a month later, Hunters International listed Tata Technologies on its dark web extortion page, taking responsibility for the attack. The group claims to have exfiltrated 730,000 files, totaling 1.4TB of data. While the ransomware gang has threatened to publish the stolen files within a week if a ransom is not paid, it has not provided any samples or disclosed the nature of the compromised documents. Tata Technologies has yet to release an update regarding the breach or respond to the hackers’ claims. 

BleepingComputer, a cybersecurity news platform, attempted to contact the company for a statement but did not receive an immediate response. Hunters International emerged in late 2023, suspected to be a rebranded version of the Hive ransomware group. Since then, it has carried out multiple high-profile attacks, including breaches of Austal USA, a U.S. Navy contractor, and Japanese optics company Hoya. 

The group has gained notoriety for targeting various organizations without ethical restraint, even engaging in extortion schemes against individuals, such as cancer patients from Fred Hutchinson Cancer Center. Although many of the gang’s claims have been verified, some remain disputed. For example, in August 2024, the U.S. Marshals Service denied that its systems had been compromised, despite Hunters International’s assertions.  

With cybercriminals continuing to exploit vulnerabilities, the Tata Technologies breach serves as another reminder of the persistent and evolving threats posed by ransomware groups.
Read more »
remote access
Data Leak Infostealer malware Microsoft Teams remote access

Cybercriminals Abuse Microsoft Teams & Quick Assist for Remote Access

 

Trend Micro security experts discovered a sophisticated cyberattack that included social engineering tactics and commonly employed remote access tools. The attack, which uses stealthy infostealer malware, gives thieves permanent access over vulnerable PCs and allows them to steal sensitive data.

According to Trend Micro Threat Intelligence, the majority of incidents since October 2024 have been concentrated in North America, with 21 breaches reported. The US was the most affected, with 17 cases, followed by Canada and the United Kingdom, each with five. Europe documented a total of 18 incidents. 

Modus operandi 

Threat actors utilise social engineering techniques to acquire initial access by deceiving victims into submitting credentials. Microsoft Teams is used for impersonation, and Quick Assist and other remote access applications allow attackers to escalate privileges. OneDriveStandaloneUpdater.exe, a genuine OneDrive update application, is used to sideload malicious DLLs and grant attackers network access.

Subsequently, the attackers install BackConnect malware, which allows them to keep control of affected systems. Malicious files are hosted and propagated via commercial cloud storage services, leveraging misconfigured or publicly available storage buckets. 

The BackConnect malware has been linked by researchers to QakBot, a loader malware that was the focus of the 2023 takedown effort called "Operation Duckhunt." Access to target computers by Black Basta ransomware attackers was made possible in large part via QakBot. After it was taken down, these threat actors switched to alternative methods to continue operating. 

Black Basta and Cactus ransomware link 

Trend Micro analysts recently investigated cases in which the Black Basta and Cactus ransomware perpetrators used the identical BackConnect malware. This malware allows cybercriminals to execute commands remotely, steal credentials, and steal financial information.

In 2023, Black Basta alone extorted $107 million from victims, with manufacturing the largest hit, followed by financial sectors and real estate. Attackers also utilised WinSCP, an open-source file transfer client, to move data within infected systems. The infected files were first acquired from a cloud storage provider before being repackaged and distributed using system vulnerabilities. 

Further investigation into Black Basta's internal chat breaches indicates that members of the gang are now using Cactus ransomware. Researchers believe that this transition will allow Cactus to remain a major threat by 2025.
Read more »
Ransomware group
Cyber Attacks Data Leak data security Genea Healthcare Breach Patient Data Ransomware attack Ransomware group

Genea Cyberattack: Termite Ransomware Leaks Sensitive Patient Data

 

One of Australia’s leading fertility providers, Genea Pty Ltd, has been targeted in a cyberattack allegedly carried out by the Termite ransomware group. On February 26, 2025, the group claimed responsibility for breaching Genea’s systems and stated that they had stolen 700GB of data from 27 company servers. The stolen information reportedly includes financial documents, invoices, medical records, personal identification data, and detailed patient questionnaires. 

Among these files are Protected Health Information (PHI), which contains personal medical histories and sensitive patient details. The cyberattack was first confirmed by Genea on February 19, 2025, when the company disclosed that its network had been compromised. The breach caused system outages and disrupted operations, leading to an internal investigation supported by cybersecurity experts. Genea moved quickly to assess the extent of the damage and reassure patients that the incident was being addressed with urgency. 

In an update released on February 24, 2025, the company acknowledged that unauthorized access had been detected within its patient management systems. By February 26, 2025, Genea confirmed that some of the stolen data had been leaked online by the attackers. In a public statement, the company expressed deep regret over the breach, acknowledging the distress it may have caused its patients. In response, Genea took immediate legal action by securing a court-ordered injunction to prevent further distribution or use of the stolen information. 

This measure was part of the company’s broader effort to protect affected individuals and limit the potential damage caused by the breach. To assist those impacted, Genea partnered with IDCARE, Australia’s national identity and cyber support service. Affected individuals were encouraged to seek help and take necessary steps to safeguard their personal information. The company urged patients to remain alert for potential fraud or identity theft attempts, particularly unsolicited emails, phone calls, or messages requesting personal details.  

The attack was initially detected on February 14, 2025, when suspicious activity was observed within Genea’s network. Upon further investigation, it was revealed that unauthorized access had occurred, and patient data had been compromised. The attackers reportedly targeted Genea’s patient management system, gaining entry to folders containing sensitive information. The exposed data includes full names, contact details, medical histories, treatment records, Medicare card numbers, and private health insurance information. 

However, as of the latest update, there was no evidence that financial data, such as bank account details or credit card numbers, had been accessed. Despite the severity of the breach, Genea assured patients that its medical and administrative teams were working tirelessly to restore affected systems and minimize disruptions to fertility services. Ensuring continuity of patient care remained a top priority while the company simultaneously focused on strengthening security measures to prevent further incidents. 

In response to the breach, Genea has been collaborating with the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC) to investigate the full extent of the attack. The company is committed to keeping affected individuals informed and taking all necessary precautions to enhance its cybersecurity framework. Patients were advised to monitor their accounts and report any suspicious activity to authorities. 

As a precaution, Genea recommended that affected individuals follow security guidelines issued by official government agencies such as the Australian Cyber Security Centre and the ACCC’s Scamwatch. For those concerned about identity theft, IDCARE’s experts were made available to provide support and guidance on mitigating risks associated with cybercrime. The incident has highlighted the growing risks faced by healthcare providers and the importance of implementing stronger security measures to protect patient data.
Read more »
User Privacy
Data Leak Mobile Security Samsung Folder Secure Folder User Privacy

Samsung Secure Folder Vulnerability Exposes Hidden Images

 

Samsung's Secure Folder, a feature designed to provide industry-grade security for sensitive data on Galaxy smartphones, has been identified to have a major flaw. Recent discoveries indicate that apps and images saved in the Secure Folder can be accessible under certain conditions, raising concerns about the privacy and security of the data stored there. 

Modus operandi

The Secure Folder acts as a "Work" profile, allowing users to keep private apps, images, and files separate from their primary profile. Normally, when an app seeks to access files from the Secure Folder, the system prevents it unless the app is specifically approved. 

However, a Reddit user named lawyerz88 revealed that this security feature is ineffective when utilising a "Work" app (with a media picker) linked to a separate work profile. In that instance, files stored in the Secure Folder become available via the app. So it is not difficult to circumvent the intended privacy protections.

“If you have the work profile enabled through something like Island or Shelter (or you know, your actual workplace), any apps in the work profile can access the entirety of files saved in a secure folder without any restrictions whatsoever.” notes the Reddit user. “It seems it’s restricted by policy only and only from the personal profile and someone forgot to restrict access via another work profile.” 

Android Authority confirmed the flaw with the Shelter app, which allows you to create a work profile on any device. This means that anyone with physical access to a Galaxy smartphone might use this flaw to view Secure Folder data. 

Samsung's claim of strong security is called into question by this defect, since private data kept in the Secure Folder can be accessed without the owner's knowledge.While accessing the Secure Folder usually requires biometric authentication or a PIN/password, the workaround via Work applications renders these safeguards ineffective. 

The tech giant reportedly acknowledged that they were aware of the user's findings after he reported them. The firm recently rectified the boot loop issue linked with the Secure Folder, and now that more people are aware of it, we hope it is resolved as quickly as possible.
Read more »
User Privacy
Cyber Fraud Data Leak Financial Scam Indian Banking MHA User Privacy

Open Access to Critical Data With Bank Staff Leading to Financial Scam

 

A concerning trend has sent shockwaves across cybersecurity authorities, with central cyber and intelligence organisations tracking and documenting large-scale data leaks perpetrated by bank staff and third party contractors. 

According to a senior Indian government official, the issue has been raised to the highest levels of government, prompting an emergency meeting at the Ministry of Home Affairs (MHA) a few weeks ago to develop a resolution. The government agencies have determined that unlimited access to critical banking data, granted to staff and third-party vendors, is directly supporting rampant cyber fraud and significant financial losses among citizens. 

“The exposure of highly sensitive banking data to employees, particularly outsourced staff and third-party vendors, is leading to severe information leaks. Cybercriminals are exploiting this breach to systematically target and defraud citizens," a top government official stated. 

What is more concerning is the potential involvement of high management-level bank executives. Intelligence agencies officials at the meeting stated that despite repeated accusations, both public and private sector institutions had failed to take action against fraudulent activity. “Shockingly, banks are neglecting action on nearly 60-70 percent of fraudulent accounts reported on the National Cybercrime Reporting Portal (NCRP)," a senior official who attended the MHA meeting noted. 

Financial intelligence agencies have also detected severe flaws in banking security. The MHA meeting featured a detailed analysis of cyber fraud trends, mule accounts, and bank reaction times. The statistics show a stunning increase in cybercrime events, demonstrating that current security measures are ineffective. Banks seem reluctant to take corrective action, creating serious concerns about their accountability. 

In line with the most recent Reserve Bank of India (RBI) recommendation, authorities have highlighted the need for swift and strict action due to the rapid evolution of cybercrime. According to officials, unregulated data leaks from banks' own infrastructure will continue to fuel cybercriminal networks, putting millions of clients at risk, unless banks strengthen their internal controls and take decisive action.
Read more »
Security Incident
Data Breach Data Leak Financial Data Fintech Security Incident

Fintech Giant Finastra Breach Exposed Private Data, Company Notifies Victims

 

The financial technology behemoth Finastra is alerting victims of a data breach after unidentified hackers initially gained access to its networks in October 2024 and took their personal data. More than 8,100 financial institutions in 130 countries, including 45 of the top 50 banks in the world, rely on London-based Finastra to supply financial services software applications.

The security incident was discovered on November 7 after Finastra detected malicious activity on some of its systems, as the business warned in breach notification letters given to those impacted by the breach. 

"Our investigation revealed that an unauthorized third party accessed a Secure File Transfer Platform (SFTP) at various times between October 31, 2024 and November 8, 2024. Findings from the investigation indicate that on October 31, 2024, the unauthorized third party obtained certain files from the SFTP," the fintech giant noted. 

"Finastra has no indication the unauthorized third party further copied, retained, or shared any of the data. We have no reason to suspect your information has or will be misused. As a result, we believe the risk to individuals whose personal data was involved is low.” 

At least 65 people in the state whose financial account information was stolen received breach notification letters from Finastra last week, although the company has not yet disclosed the number of victims or the type of data that was compromised (apart from the names of the victims), according to filings with the Massachusetts Attorney General's office. 

Additionally, the financial services organisation offers those whose information was compromised or stolen in the incident two years of free credit monitoring and identity restoration services through Experian.

The hack is believed to be connected to a (now-deleted) post on the BreachForums online cybercrime community by a threat actor called "abyss0" who claimed to sell 400GB of data allegedly stolen from Finastra's network, despite the fact that Finastra only revealed a very small amount of information in filings with Attorney General offices.

Last year in November, when a local media outlet enquired about the forum post, a Finastra spokesperson declined to confirm or deny ownership of the data, stating that the company experienced a limited-scope security incident and is assessing its impact.

"On November 7, 2024 Finastra's Security Operations Center (SOC) detected suspicious activity related to an internally hosted Secure File Transfer Platform (SFTP) we use to send files to certain customers," Finastra added. 

Finastra was also forced to shut down parts of its systems in March 2020 to combat what Tom Kilroy, the company's Chief Operating Officer at the time, described as a ransomware attack. While the company did not disclose how the attackers got access to its systems, cyber threat intelligence firm Bad Packets discovered that Finastra had many unpatched Pulse Secure VPN and Citrix ADC (NetScaler) servers prior to the attack.
Read more »
Hackers
CVE CVEs Cybersecurity Dark Web Data Breach Data Leak data security FortiGate devices Hackers

Hackers Leak 15,000 FortiGate Device Configs, IPs, and VPN Credentials

 

A newly identified hacking group, the Belsen Group, has leaked critical data from over 15,000 FortiGate devices on the dark web, making sensitive technical details freely available to cybercriminals. The leak includes configuration files, IP addresses, and VPN credentials, significantly increasing security risks for affected organizations. 

Emerging on cybercrime forums and social media just this month, the Belsen Group has been actively promoting itself. As part of its efforts, the group launched a Tor website where it released the stolen FortiGate data, seemingly as a way to establish its presence in the hacking community. In a post on an underground forum, the group claimed responsibility for breaching both government and private-sector systems, highlighting this operation as its first major attack. 

The exposed data is structured within a 1.6 GB archive, organized by country. Each country’s folder contains multiple subfolders corresponding to specific FortiGate device IP addresses. Inside, configuration files such as configuration.conf store FortiGate system settings, while vpn-passwords.txt holds various credentials, some of which remain in plaintext. 

Cybersecurity researcher Kevin Beaumont examined the leak and confirmed that these files include firewall rules, private keys, and other highly sensitive details that could be exploited by attackers. Further analysis suggests that the breach is linked to a known vulnerability from 2022—CVE-2022-40684—which was actively exploited before Fortinet released a security patch. 

According to Beaumont, evidence from a forensic investigation into a compromised device revealed that this zero-day vulnerability provided attackers with initial access. The stolen data appears to have been gathered in October 2022, around the same time this exploit was widely used. Fortinet had previously warned that CVE-2022-40684 was being leveraged by attackers to extract system configurations and create unauthorized super-admin accounts under the name fortigate-tech-support. 

Reports from the German news site Heise further confirm that the leaked data originates from devices running FortiOS firmware versions 7.0.0-7.0.6 or 7.2.0-7.2.2. The fact that FortiOS 7.2.2 was specifically released to address this vulnerability raises questions about whether some systems remained compromised even after the fix was made available. 

Although the leaked files were collected over two years ago, they still pose a significant threat. Configuration details, firewall rules, and login credentials could still be exploited if they were not updated after the original breach. Given the scale of the leak, cybersecurity experts strongly recommend that administrators review their FortiGate device settings, update passwords, and ensure that no outdated configurations remain in use.
Read more »
Sensitive Information
Data Breach Data Leak data security DDoS Hackers Personal Data Police Sensitive Information

Hackers Leak 8,500 Files from Lexipol, Exposing U.S. Police Training Manuals

 

An anonymous hacker group called the “puppygirl hacker polycule” recently made headlines by leaking over 8,500 files from Lexipol, a private company that provides training materials and policy manuals for police departments across the United States. 

As first reported by The Daily Dot, the data breach exposed internal documents, including thousands of police policies, emails, phone numbers, addresses, and other sensitive information about Lexipol employees. The hackers published the stolen data on Distributed Denial of Secrets (DDoS), a nonprofit platform for leaked information. In a statement, the group said they targeted Lexipol because, in their view, there aren’t “enough hacks against the police,” so they took action themselves.  

Founded in 2003, Texas-based Lexipol LLC, also known for its online training platform PoliceOne, has become a significant force in police privatization. The company supplies policy manuals and training content to more than 20% of U.S. police departments, according to a 2022 Indiana Law Journal analysis. This widespread adoption has effectively shaped public policy, despite Lexipol being a private company. 

Critics have long raised concerns about Lexipol’s focus on minimizing legal liability for police departments rather than addressing issues like excessive force or racial profiling. The Intercept reported in 2020 that Lexipol’s training materials, used by the NYPD after the George Floyd protests, prioritized protecting departments from lawsuits rather than promoting accountability or reform. 

Additionally, Lexipol has actively opposed proposed changes to police use-of-force standards, favoring a more lenient “objectively reasonable” standard. The leaked documents revealed striking similarities in policy language across different police departments, with matching sections on use-of-force protocols and even identical “Code of Ethics” pages — some ending with a religious oath dedicating officers to their profession before God. 

Despite Lexipol’s intent to reduce legal risks for its clients, some police departments using its policies have faced legal consequences. In 2017, Culver City, CA, adopted a Lexipol manual that suggested detaining suspected undocumented immigrants based on “lack of English proficiency,” contradicting the city’s sanctuary status. Similarly, Spokane, WA, paid a $49,000 settlement in 2018 after police violated local immigration laws using Lexipol’s guidance. 

Although the puppygirl hacker polycule isn’t linked to previous major breaches, their tactics echo those of SiegedSec, a group known for hacking government sites and playfully demanding research into “IRL catgirls.” As political tensions rise, the hackers predict more “hacktivist” attacks, aiming to expose injustices and empower public awareness. The Lexipol breach serves as a stark reminder of the vulnerabilities in privatized law enforcement systems and the growing influence of cyberactivism.
Read more »
USAID
Cyber Security Data Leak DOGE Elon Musk Threat Landscape USAID

Threat Analysts Warn of the 'Largest Data Breach' After Elon Musk's DOGE Controversy

 

The debate over Elon Musk's Department of Government Efficiency continues, with the world's richest man accused of snooping on some of America's most sensitive data. The DOGE has been tasked with reducing government spending by a paltry $2 trillion, which Musk himself admits might be unfeasible. 

However, the billionaire and his crew have lost no time to shed the fat, targeting everything from the National Space Council to USAID. Concerns have been raised regarding the DOGE's level of access, and some staff members have received death threats as a result of the debate.

"You can’t un-ring this bell,” the anonymous source told the local media outlet. Once these DOGE guys have access to these data systems, they can ostensibly do with it what they want." 

Four sources spoke to the local media outlet, but only Scott Cory would go on record. The former CIO for an HHS agency said: "The longer this goes on, the greater the risk of potential fatal compromise increases.” 

The National Oceanic and Atmospheric Administration, the Office of Personnel Management, the Department of Health and Human Services, and the U.S. Treasury have all apparently been accessed by the DOGE. "I don't think the public quite understands the level of danger," a federal agency administrator continued. 

With its newfound authority, the DOGE might prevent payments to government agencies and redirect funds to organisations it chooses. There are concerns that possible access to Federal Aviation could be "dire," even if Musk hasn't altered the current system yet. 

There have also been criticism that he has brought in a young team of technical wizards, but one payment-systems expert remarked that this is actually a good thing: "If you were going to organise a heist of the US Treasury, why in the world would you bring a handful of college students?" He went on to suggest that you'd need numerous people with at least ten years of experience with COBOL. 

Despite not being paid, working 120 hours a week, and sleeping in the offices, DOGE employees have been flexing their muscles to make some significant savings. Looking at the broad picture, one source concluded: "I'd want to believe that this is all so enormous and convoluted that they won't be successful in whatever they're attempting to do. But I wouldn't bet that outcome against their egos.”
Read more »
User Privacy
Data Breach Data Leak Healthcare Hack Medical Data User Privacy

Community Health Centre Data Breach Impacts Over 1 Million Patients

 

Over a million people have been notified of a recent data breach by Community Health Centre, a nonprofit healthcare organisation based in Middletown, Connecticut. On January 2, 2025, unauthorised activity was detected in its computer systems, and external cybersecurity specialists were hired to help with the investigation and establish the nature and scale of the unauthorised activity. 

The investigation revealed that an online criminal gained access to its computer systems and stole data from the network. The Community Health Centre did not confirm whether a ransom demand was made; however, it did state that no data was deleted from its network and no files were encrypted, therefore the incident had no effect on its daily operations.

In the statement to the Attorney General of Maine, Community Health Centre explained that "there is no current threat to our systems, and we believe we stopped the criminal hacker's access within hours." The breach initially occurred on October 14, 2024, according to the breach notice from the Maine Attorney General.

The file review is now concluded, and the Community Health Centre has confirmed that the following data may have been compromised: names, addresses, phone numbers, email addresses, dates of birth, diagnoses, test results, treatment information, health insurance information, and Social Security numbers.

Up to 1,060,936 people have been impacted, including paediatric patients, their parents, and guardians. Some of the affected individuals passed away, and notifications are being given to their nearest of kin. While the majority of affected patients are likely from Connecticut, the California Attorney General has also been notified of the data leak. 

With over 1 million records, this is the most significant healthcare data breach revealed this year. Employees at Moses-Weitzman Health System were also impacted.

According to Community Health Centre, software has been put in place to keep an eye on its systems for suspicious activity, and security has been reinforced. Community Health Centre has provided the impacted individuals with free identity theft protection services for a period of 24 months, even though there are currently no signs that any of the stolen data has been compromised.
Read more »
User Privacy
Business Security Cyber Security Data Leak Insider Threat User Privacy

Three Ways To Prevent Insider Threat Driven Data Leaks

 

The United States is poised to undergo a period of highly disruptive transformation. The incoming administration has promised to make significant changes, including forming a new body, the Department of Governmental Efficiency (DOGE), with the aim of substantially reducing the size of the government. 

Many people in our hugely polarised society are unhappy with the upcoming changes. Some will even refuse to "go down without a fight" and attempt to sabotage the shift or the new administration's prospects for success. How? One popular disruption method is to leak bits and pieces of insider information in order to distract, provoke opposition, and ultimately stall the changes.

While insider leaks can occur at any organisation and at any moment, a controversial move can be a major driver for such threats. We don't need to look far back for examples of this. After Donald Trump was elected to his first term, someone explicitly got a job as an IRS contractor so that he could leak the tax returns of key leaders, including President Trump. There was also information disclosed concerning a Trump cabinet pick. 

It's possible that this behaviour will worsen significantly. Agencies and organisations can take proactive measures to prepare for this. 

Launch an insider threat program: Nearly 80% of organisations have noticed an increase in insider threat activity since 2019, and just 30% believe they have the ability to deal with the situation. While external threats are frequently addressed, according to IBM's Cost of a Data Breach report, breaches by people within an organisation were the most costly, averaging just shy of $5 million.

Having a formal security strategy in place can safeguard sensitive data, maintain operational integrity, and ensure that your organization's communication links remain open and secure. Start by assessing your risk, establishing guidelines for data sharing and management, and installing technologies to monitor user activity, detect irregularities, and notify security teams of potential risks. 

Individualize information: Organisations can also explore using steganographic technologies to personalise the information they send to their employees. Forensic watermarking technology allows sensitive information to be shared in such a way that each employee receives a completely unique copy that is undetectable to the human eye. With this technology in place, employees are more likely to think twice before giving a secret presentation on future strategy. If a leak still occurs, the organisation can easily identify the source.

Avoid sharing files: The world must shift away from using files to share personal information. At first glance, it may appear impossible, yet changing the way organisations share information might help them preserve their most valuable information. File sharing is more than a risk factor; it is also a threat vector, as files are the source of the majority of data exfiltration risks. As a result, deleting them would naturally eliminate the threat. What are the alternatives? Using SaaS applications in which no one can download anything. This strategy also helps to safeguard against external attacks.
Read more »
Private Data
Data Breach Data Leak Elasticsearch Georgia Private Data

Private Data of Millions of Georgians Exposed in Massive Data Leak

 

A ghost database comprising millions of records on Georgian people appeared in the cloud before inexplicably vanishing. The alarming leak could make sensitive personal information available to malicious actors.

Bob Dyachenko, a cybersecurity expert and the founder of SecurityDiscovery.com, and the Cybernews research team uncovered an unprotected Elasticsearch index. Elasticsearch is a data analytics and search platform that operates in near real time. The instance was hosted on a server controlled by a German cloud service company.

The data contains a wide range of sensitive personal information regarding citizens of the Republic of Georgia. One of the exposed indices held approximately five million personal data records, while another contained more than seven million phone records with related private data. Georgia, by comparison, has a population of about four million. The data may include duplicate entries as well as records of deceased people. 

The millions of files contained data such as ID numbers, full names, birth dates, and gender, they reported. The leaked data most likely also included insurance numbers and phone numbers ‘with descriptive information about the owner’. 

The data was apparently linked with 1.45 million car owner details and 7.2 million citizen phone numbers and identities, however some of the data seems to be linked to a 2020 leak. There is no clear indication of who is in charge of overseeing the Elasticsearch index.

The server was taken offline shortly after the discovery, and the public's access to the exposed data was discontinued. But there are still millions of individuals who could be in danger. 

Given the current geopolitical environment of high tensions, polarisation, and Russian influence, the exposure of millions of Georgian citizens could have severe consequences. 

“Threat actors can weaponize personal data for both political or criminal activities. State-sponsored hackers can exploit the leak for political manipulation, disinformation campaigns, or targeted harassment. Meanwhile, profit-seeking hackers can exploit the data for various malicious activities,” Dyachenko stated.

He warns Georgians to be wary of potential identity theft and fraud efforts, as cybercriminals may attempt to mimic individuals or use other social engineering techniques to hijack accounts and carry out financial crimes.
Read more »
Sensitive customer information
Customer Information Cyber Security Data Exposure Data Leak data security IT Data Sensitive customer information

Willow Data Exposure Puts Over 240,000 Customer Records at Risk

 


Data Breach at Willow Exposes Over 240,000 Customer Records

A significant data exposure incident involving the Chicago-based financial technology firm Willow has left the personal details of more than 240,000 customers vulnerable. Willow, which offers a service to pay customer bills upfront and allows repayment in installments, reportedly left a large volume of sensitive data accessible online without password protection. The discovery was made by cybersecurity researcher Jeremiah Fowler, who uncovered an unsecured database containing approximately 241,970 files.

The exposed data included customer names, email addresses, phone numbers, transaction details, and partial banking information. Alarmingly, receipts uploaded to the database revealed additional sensitive details, such as partial credit card numbers and home addresses. Fowler also found a T-Mobile bill containing call and text message records, underscoring the severity of the breach. One particularly concerning file contained data on 56,864 individuals categorized as prospects, active customers, or former customers barred from using Willow’s services.

The scale of the exposure raises significant concerns about the risk of identity theft and financial fraud. While there is no evidence yet that the leaked data has been exploited, the breach highlights the potential for phishing scams and social engineering attacks. Fraudsters could use the exposed information to craft convincing schemes, such as fraudulent billing requests or identity verification scams, targeting affected individuals.

Fowler immediately attempted to notify Willow of the breach, but his outreach went unanswered. Shortly thereafter, the database was secured and removed from public access. However, it remains unclear whether the database was managed directly by Willow or a third-party contractor. The duration of the exposure also remains unknown, raising concerns about whether unauthorized parties may have accessed the data before it was secured.

Experts recommend that affected customers take proactive measures to protect themselves. These include closely monitoring financial accounts for unusual activity, changing passwords linked to Willow, and remaining vigilant against phishing attempts. Customers should be cautious of unsolicited communications requesting personal or financial information, as scammers may leverage the exposed data to appear legitimate.

Willow has yet to publicly address the breach or outline measures to prevent future incidents. This lack of transparency underscores the importance of stringent data protection protocols. Cybersecurity experts stress that companies handling sensitive financial information must regularly audit their systems to identify and mitigate vulnerabilities.

Until Willow provides clarity, customers must rely on their own vigilance to safeguard against potential misuse of their information. This incident serves as a stark reminder of the growing need for robust data security practices in today’s digital landscape.

Read more »
Subscribe to: Posts (Atom)