Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Financial Data. Show all posts
Security Incident
Data Breach Data Leak Financial Data Fintech Security Incident

Fintech Giant Finastra Breach Exposed Private Data, Company Notifies Victims

 

The financial technology behemoth Finastra is alerting victims of a data breach after unidentified hackers initially gained access to its networks in October 2024 and took their personal data. More than 8,100 financial institutions in 130 countries, including 45 of the top 50 banks in the world, rely on London-based Finastra to supply financial services software applications.

The security incident was discovered on November 7 after Finastra detected malicious activity on some of its systems, as the business warned in breach notification letters given to those impacted by the breach. 

"Our investigation revealed that an unauthorized third party accessed a Secure File Transfer Platform (SFTP) at various times between October 31, 2024 and November 8, 2024. Findings from the investigation indicate that on October 31, 2024, the unauthorized third party obtained certain files from the SFTP," the fintech giant noted. 

"Finastra has no indication the unauthorized third party further copied, retained, or shared any of the data. We have no reason to suspect your information has or will be misused. As a result, we believe the risk to individuals whose personal data was involved is low.” 

At least 65 people in the state whose financial account information was stolen received breach notification letters from Finastra last week, although the company has not yet disclosed the number of victims or the type of data that was compromised (apart from the names of the victims), according to filings with the Massachusetts Attorney General's office. 

Additionally, the financial services organisation offers those whose information was compromised or stolen in the incident two years of free credit monitoring and identity restoration services through Experian.

The hack is believed to be connected to a (now-deleted) post on the BreachForums online cybercrime community by a threat actor called "abyss0" who claimed to sell 400GB of data allegedly stolen from Finastra's network, despite the fact that Finastra only revealed a very small amount of information in filings with Attorney General offices.

Last year in November, when a local media outlet enquired about the forum post, a Finastra spokesperson declined to confirm or deny ownership of the data, stating that the company experienced a limited-scope security incident and is assessing its impact.

"On November 7, 2024 Finastra's Security Operations Center (SOC) detected suspicious activity related to an internally hosted Secure File Transfer Platform (SFTP) we use to send files to certain customers," Finastra added. 

Finastra was also forced to shut down parts of its systems in March 2020 to combat what Tom Kilroy, the company's Chief Operating Officer at the time, described as a ransomware attack. While the company did not disclose how the attackers got access to its systems, cyber threat intelligence firm Bad Packets discovered that Finastra had many unpatched Pulse Secure VPN and Citrix ADC (NetScaler) servers prior to the attack.
Read more »
Personal Data
data attacks Data Breach Data Leak data security Financial Data healthcare data breach HIPAA Medical Data Medical Data breach Personal Data

Medusind Data Breach Exposes Health and Personal Information of 360,000+ Individuals

 

Medusind, a major provider of billing and revenue management services for healthcare organizations, recently disclosed a data breach that compromised sensitive information of over 360,000 individuals. The breach, which occurred in December 2023, was detected more than a year ago but is only now being reported publicly. 

The Miami-based company supports over 6,000 healthcare providers across 12 locations in the U.S. and India, helping them streamline billing processes and enhance revenue generation. According to a notification submitted to the Maine Attorney General’s Office, the breach was identified when Medusind noticed suspicious activity within its systems. 

This led the company to immediately shut down affected systems and enlist the help of a cybersecurity firm to investigate the incident. The investigation revealed that cybercriminals may have gained access to and copied files containing personal and medical details of affected individuals. Information compromised during the breach includes health insurance details, billing records, and medical data such as prescription histories and medical record numbers. Financial data, including bank account and credit card information, as well as government-issued identification, were also exposed. 

Additionally, contact details like addresses, phone numbers, and email addresses were part of the stolen data. In response, Medusind is providing affected individuals with two years of free identity protection services through Kroll. These services include credit monitoring, identity theft recovery, and fraud consultation. The company has advised individuals to stay vigilant by reviewing financial statements and monitoring credit reports for unusual activity that could indicate identity theft. 

This breach highlights the increasing cybersecurity challenges facing the healthcare industry, where sensitive personal information is often targeted. To address these risks, the U.S. Department of Health and Human Services has proposed updates to the Health Insurance Portability and Accountability Act (HIPAA). These proposed changes include stricter requirements for encryption, multifactor authentication, and network segmentation to protect patient data from cyberattacks. The Medusind incident follows a series of high-profile breaches in the healthcare sector.

In May 2024, Ascension reported that a ransomware attack had exposed data for 5.6 million individuals. Later in October, UnitedHealth disclosed a breach stemming from a ransomware incident affecting over 100 million people. As healthcare providers continue to face cyber threats, the urgency to implement robust data security measures grows. Medusind’s experience serves as a reminder of the significant risks posed by such breaches and the importance of safeguarding sensitive information.
Read more »
Healthcare
Ascension Cyber Attacks Financial Data Healthcare

New Finds from The June Ascension Hack




Healthcare industry giant Ascension has broken the silence and revealed more sensitive information concerning the recent hack in June. Through a worker opening a suspicious file without even knowing the malware was actually very harmful to download, it gave room for hackers into their network exposing patient information, among others.


During the past months, the healthcare system has worked with experts in cybersecurity to analyze how the breach affected them and the amount of patient and employee data that was taken. Since the investigation has been concluded, Ascension has informed the public regarding the data stolen and measures undertaken to safeguard the victims.

The investigation established that several kinds of personal information were accessed during the breach. Though the specifics vary for each individual, the leaked information may include:  

  • Medical Records: Medical record numbers, service dates, types of lab tests, and procedure codes.  
  • Financial Data: Credit card numbers, bank account information, and insurance details such as Medicaid and Medicare IDs.
  • Government Identifications: Social Security numbers and other governmental IDs. 

Ascension has come out to clarify that their main Electronic Health Records, which hold extensive patient's medical histories, were unaffected. This means that those operations that are considered most core in healthcare, such as viewing patient records and prescribing drug therapies, remain safe and unimpeded.


How Ascension is Reacting

To make amends for the breach, Ascension is offering free credit monitoring and identity protection services to anyone affected. Those affected will be sent formal notification letters within the next two to three weeks, which will detail step-by-step instructions to enroll in protection services so those affected may protect themselves from potential misuse of their data.

The credit monitoring service will be offered for two years and can be used to track suspicious activity regarding an individual's personal information. Ascension also informed those who had already enrolled in protection services after the initial breach that they could continue coverage without any interruption.


If you receive a notification, enrolling in the complimentary identity protection services is crucial. For assistance, you can visit Ascension’s website or contact their support line at (866) 724-3233 during business hours.  

Additionally, Ascension advises practicing general security measures, such as monitoring bank statements and staying alert for unusual activity. These steps can help minimize potential risks.

Ascension acknowledged the hurdle caused by the cyberattack and gave thanks to its patients, employees, and clinicians for their continued support. The organization highlighted its ability to persevere with such a team, and it assured the community that utmost care will be taken in protecting the information of its patients in the future.




Read more »
iPhones
AirDrop Apple Pay Cyber Security Financial Data iPhones

Debunking the Viral TikTok Myth: Apple Pay and AirDrop Security




Recent viral TikTok videos have raised unnecessary alarm among iPhone users by claiming that hackers can steal financial information from Apple Pay via AirDrop. According to these videos, simply having AirDrop enabled would allow a nearby stranger to gain access to sensitive credit card information. However, cybersecurity experts have thoroughly debunked these claims, confirming that they are baseless and entirely unfounded.

The central rumor suggests that if AirDrop is active on an iPhone, a hacker could exploit it to perform a so-called "walk-by hack," thereby gaining unauthorized access to financial data through Apple Pay. Viewers were urged to disable AirDrop to protect themselves from this imagined threat. Despite the buzz, experts, including reports by Apple Insider, have dismissed these claims as misinformation, emphasizing that AirDrop and Apple Pay function independently and cannot interact in the manner described.

AirDrop does not facilitate automatic data transfers, as it requires the recipient to manually accept incoming files. Additionally, the "Everyone" mode is only active for 10 minutes unless reactivated, with most users defaulting to "Contacts Only" or "Off" settings. Similarly, Apple Pay uses advanced encryption and secure technology that makes such a breach impossible. Each card added to Apple Pay generates a unique Device Account Number stored securely within the Secure Element—a tamper-proof chip designed to keep sensitive data isolated from the operating system. Transactions are further protected by biometric authentication like Face ID or Touch ID, along with dynamic security codes, ensuring card details are never reused or exposed.

The confusion surrounding this claim may stem from the introduction of Apple’s **NameDrop** feature in 2023. NameDrop allows users to exchange contact details by bringing two iPhones close together, but this feature only shares basic contact information—not financial data. While this new functionality may have caused some misunderstanding, there is no connection between NameDrop, AirDrop, or Apple Pay’s secure payment system.

Although the viral claims are false, users are encouraged to follow basic smartphone security practices to safeguard their devices. For instance, turning AirDrop off when not needed can reduce exposure to unwanted file sharing. It is also important to rely on trusted sources for information regarding potential security risks instead of viral social media posts. These steps, combined with Apple Pay’s robust security infrastructure, provide comprehensive protection for users’ financial information.

This incident underscores the importance of critically evaluating viral content before sharing it. Spreading unverified rumours can lead to unnecessary panic, despite the lack of credible evidence supporting such claims. Users can rest assured that Apple Pay remains one of the safest payment methods, supported by encryption, biometric authentication, and secure design principles.

Read more »
Personal Data Breach
Cybernews Data Breach Data Leak Financial Data healthcare data breach Healthcare Industry Personal Data Breach

Data Breach at Datavant Exposes Thousands of Minors to Cyber Threats

 

While cybercriminals often target adults for their valuable financial and personal information, children are not exempt from these risks. This was made evident by a recent data breach involving health IT company Datavant, which exposed sensitive information of thousands of minors. This incident highlights the vulnerabilities of even the youngest members of society in today's digital age.

The Datavant Breach: A Timeline of Events

The breach occurred in May following a phishing attack targeting Datavant employees. Hackers sent deceptive emails to trick employees into revealing their login credentials—a tactic relying on human error rather than exploiting technical vulnerabilities. While most employees recognized the phishing attempt, a few fell victim, granting attackers unauthorized access to one of the company’s email accounts.

An investigation revealed that between May 8 and 9, the attackers accessed sensitive data stored in the compromised inbox. Over 11,000 minors were affected, with stolen information including:

  • Names and contact details
  • Social Security numbers
  • Financial account details
  • Driver’s licenses and passports
  • Health information

Implications of the Breach

The stolen data poses severe risks, particularly identity theft and targeted scams. Among these, medical identity theft is particularly alarming. Hackers can use health data to file fraudulent insurance claims or manipulate medical records, which may disrupt access to healthcare services and create significant financial and administrative challenges for victims.

Unlike standard identity theft, medical identity theft carries unique dangers, such as incorrect medical information being added to a person’s records. This could lead to inappropriate treatments or delayed care, further complicating the recovery process for affected families.

Datavant’s Response

In response to the breach, Datavant has implemented additional security measures, including:

  • Strengthened cybersecurity protocols
  • Enhanced employee training on phishing awareness

While these steps aim to prevent future incidents, the emotional and financial toll on affected families remains substantial. For many, the breach represents a loss of security that is not easily restored.

Protecting Affected Families

Families impacted by the breach are advised to take proactive measures to safeguard their children’s identities, including:

  • Monitoring credit reports regularly
  • Freezing their child’s credit if necessary
  • Remaining vigilant against phishing attempts and unusual account activity

Lessons from the Breach

The Datavant breach is a stark reminder of the evolving tactics used by cybercriminals and the devastating consequences of compromised data. Organizations handling sensitive information, particularly data about children, must prioritize cybersecurity practices and invest in training to mitigate risks. For individuals, heightened awareness and vigilance are crucial defenses against potential threats.

Conclusion

As cyberattacks become increasingly sophisticated, incidents like the Datavant breach underscore the importance of robust security measures and proactive steps to protect sensitive information. The digital age brings immense benefits, but it also demands constant vigilance to ensure the safety of personal data—especially when it comes to protecting our youngest and most vulnerable populations.

Read more »
Personal Data
Data Breach Data breaches attacks Data protection Data Theft Financial Data Hacker attack Hackers Personal Data

Set Forth Data Breach: 1.5 Million Impacted and Next Steps

 

The debt relief firm Set Forth recently experienced a data breach that compromised the sensitive personal and financial information of approximately 1.5 million Americans. Hackers gained unauthorized access to internal documents stored on the company’s systems, raising serious concerns about identity theft and online fraud for the affected individuals. Set Forth, which provides administrative services for Americans enrolled in debt relief programs and works with B2B partners like Centrex, has initiated notification protocols to inform impacted customers. The breach reportedly occurred in May this year, at which time Set Forth implemented incident response measures and enlisted independent forensic specialists to investigate the incident. 

However, the full extent of the attack is now coming to light. According to the company’s notification to the Maine Attorney General, the hackers accessed a range of personal data, including full names, Social Security numbers (SSNs), and dates of birth. Additionally, information about spouses, co-applicants, or dependents of the affected individuals may have been compromised. Although there is currently no evidence that the stolen data has been used maliciously, experts warn that it could end up on the dark web or be utilized in targeted phishing campaigns. This breach highlights the ongoing risks associated with storing sensitive information digitally, as even companies with incident response plans can become vulnerable to sophisticated cyberattacks. 

To mitigate the potential damage, Set Forth is offering free access to Cyberscout, an identity theft protection service, for one year to those affected. Cyberscout, which has over two decades of experience handling breach responses, provides monitoring and support to help protect against identity fraud. Impacted customers will receive notification letters containing instructions and a code to enroll in this service. For those affected by the breach, vigilance is critical. Monitoring financial accounts for unauthorized activity is essential, as stolen SSNs can enable hackers to open lines of credit, apply for loans, or even commit crimes in the victim’s name. 

Additionally, individuals should remain cautious when checking emails or messages, as hackers may use the breach as leverage to execute phishing scams. Suspicious emails—particularly those with urgent language, unknown senders, or blank subject lines—should be deleted without clicking links or downloading attachments. This incident serves as a reminder of the potential risks posed by data breaches and the importance of proactive protection measures. While Set Forth has taken steps to assist affected individuals, the breach underscores the need for businesses to strengthen their cybersecurity defenses. For now, impacted customers should take advantage of the identity theft protection services being offered and remain alert to potential signs of fraud.
Read more »
Rhadamanthys malware
AI CAPTCHA cryptocurrency wallet Financial Data malware Rhadamanthys malware

AI-Powered Malware Targets Crypto Wallets with Image Scans

 



A new variant of the Rhadamanthys information stealer malware has been identified, which now poses a further threat to cryptocurrency users by adding AI to seed phrase recognition. The bad guys behind the malware were not enough in themselves, but when added into this malware came another functionality that includes optical character recognition or OCR scans for images and seed phrase recognition-the total key information needed to access cryptocurrency wallets.

According to Recorded Future's Insikt Group, Rhadamanthys malware now can scan for seed phrase images stored inside of infected devices in order to extract this information and yet further exploitation.

So, basically this means their wallets may now get hacked through this malware because their seed phrases are stored as images and not as text.


Evolution of Rhadamanthys

First discovered in 2022, Rhadamanthys has proven to be one of the most dangerous information-stealing malware available today that works under the MaaS model. It is a type of service allowing cyber criminals to rent their malware to other cyber criminals for a subscription fee of around $250 per month. The malware lets the attackers steal really sensitive information, including system details, credentials, browser passwords, and cryptocurrency wallet data.

The malware author, known as "kingcrete," continues to publish new versions through Telegram and Jabber despite the ban on underground forums like Exploit and XSS, in which mainly users from Russia and the former Soviet Union were targeted.

The last one, Rhadamanthys 0.7.0, which was published in June 2024, is a big improvement from the structural point of view. The malware is now equipped with AI-powered recognition of cryptocurrency wallet seed phrases by image. This has made the malware look like a very effective tool in the hands of hackers. Client and server-side frameworks were fully rewritten, making them fast and stable. Additionally, the malware now has the strength of 30 wallet-cracking algorithms and enhanced capabilities of extracting information from PDF and saved phrases.

Rhadamanthys also has a plugin system allowing it to further enhance its operations through keylogging ability, cryptocurrency clipping ability- wallet address alteration, and reverse proxy setups. The foregoing tools make it flexible for hackers to snoop for secrets in a stealthy manner.


Higher Risks for Crypto Users in Term of Security

Rhadamanthys is a crucial threat for anyone involved with cryptocurrencies, as the attackers are targeting wallet information stored in browsers, PDFs, and images. The worrying attack with AI at extracting seed phrases from images indicates attackers are always inventing ways to conquer security measures.

This evolution demands better security practices at the individual and organization level, particularly with regards to cryptocurrencies. Even for simple practices, like never storing sensitive data within an image or some other file without proper security, would have prevented this malware from happening.


Broader Implications and Related Threats

Rhdimanthys' evolving development is part of a larger evolutionary progress in malware evolution. Some other related kinds of stealer malware, such as Lumma and WhiteSnake, have also released updates recently that would further provide additional functionalities in extracting sensitive information. For instance, the Lumma stealer bypasses new security features implemented in newly designed browsers, whereas WhiteSnake stealer has been updated to obtain credit card information stored within web browsers.

These persistent updates on stealer malware are a reflection of the fact that cyber threats are becoming more mature. Also, other attacks, such as the ClickFix campaign, are deceiving users into running malicious code masqueraded as CAPTCHA verification systems.

With cybercrime operatives becoming more sophisticated and their tools being perfected day by day, there has never been such a challenge for online security. The user needs to be on the alert while getting to know what threats have risen in cyberspace to prevent misuse of personal and financial data.


Read more »
Mastercard
AI cybersecurity Credit Card Fraud Credit Card hack Cyber Attacks Financial Data Financial Scam Financial Security Mastercard

Preventing Credit Card Fraud in 2024: Tips to Avoid Declined Transactions and Fraud Alerts

 

Credit card fraud is a growing issue, with over 60% of cardholders experiencing attempted fraud in 2023. The use of AI by cybercriminals has dramatically increased, allowing them to open hundreds of accounts daily. Global losses from card fraud reached $33 billion in 2022, with the U.S. accounting for 40% of these losses. 

Although AI is part of the problem, it is also crucial to the solution. Companies like Visa and Mastercard are using AI to enhance their fraud detection systems, reducing false alerts while improving accuracy. Beyond traditional credit card fraud, criminals are now focusing on stealing other types of personal data, such as social security numbers, to commit more sophisticated financial crimes. This shift highlights the importance of comprehensive fraud prevention systems that account for more than just card theft. 

The decrease in false credit card purchases, down 5.4% from 2023, reflects improvements in fraud detection, with Mastercard noting a 20% increase in fraud detection accuracy thanks to AI technology. To minimize the risk of fraud, consumers should adopt strong security measures such as two-factor authentication, biometric passcodes, and password managers. Shopping on reputable sites and using secure payment methods like tap-to-pay can also help reduce exposure to fraudulent activity. Monitoring services and setting personalized fraud alert thresholds can ensure that consumers are notified only when necessary, cutting down on false alerts. 

One key trigger for fraud alerts is changes in shopping behavior, such as buying high-ticket items or frequent purchases from new vendors. These patterns raise red flags, prompting card companies to issue alerts or block transactions. To avoid these issues, consumers can notify their card companies of upcoming travel or large purchases in advance, helping to reduce false fraud alerts. Despite the inconvenience of fraud alerts, they are essential in preventing unauthorized transactions. Consumers are encouraged not to ignore these alerts, even if they seem excessive. 

Experts like Satish Lalchand emphasize the importance of vigilance, as fraud is expected to remain a significant threat. Properly understanding fraud alerts and securing personal data is crucial in staying one step ahead of cybercriminals. To further protect against fraud, individuals should avoid using public Wi-Fi for online transactions and consider freezing their credit to limit unauthorized access. Regularly monitoring credit reports and financial accounts for unusual activity is also essential. Using secure mobile payment methods like tap-to-pay or mobile wallet apps adds an extra layer of protection. 

Financial institutions are continuing to enhance their fraud detection systems, and consumers must take proactive steps to stay vigilant. This combination of personal responsibility and advanced security measures can significantly reduce the chances of falling victim to fraud.
Read more »
Subscribe to: Posts (Atom)