Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Personal Data Breach. Show all posts
Stolen Database
Data Breach data security Doxxed Information Leak Personal Data Breach Private Information Stolen Database

Exposing the Business of Doxing and Its Perils

 

Doxing, a once obscure practice of publishing someone’s private information online without their consent, has evolved into a dangerous and profitable underground industry. The dark world of doxing has grown increasingly sophisticated, with malicious actors exploiting the vast amounts of personal data available online to harass, extort, and even physically harm their victims. 

In its early days, doxing was often driven by personal vendettas or ideological disagreements. The perpetrators would scour social media profiles, public records, and other online sources to piece together a victim’s sensitive information, such as home addresses, phone numbers, and even social security numbers. This information would then be posted online, typically on forums or social media, where it could be used to intimidate or threaten the victim. However, the doxing ecosystem has since transformed into something far more nefarious and organized. 

Today, doxers can trick companies and institutions into handing over personal information, using social engineering tactics and other sophisticated methods. By impersonating a legitimate entity or individual, they are able to bypass security measures and obtain sensitive data, which is then sold on the dark web or used to further exploit the victim. One alarming trend within this ecosystem is the rise of “doxing for hire” services. For a fee, individuals can hire professional doxers to target specific people, providing them with a detailed dossier of the victim’s personal information. This information can include everything from private email addresses to detailed records of their online activities. 

In some cases, these services even offer “violence as a service,” where the hired doxers don’t just publish the information, but also coordinate physical attacks on the victim. The consequences of doxing can be devastating. Victims may experience a range of harms, including harassment, identity theft, financial loss, and emotional distress. In extreme cases, doxing has led to physical violence and even death. Despite these dangers, the practice remains alarmingly common and continues to evolve in ways that make it more difficult for authorities to combat. 

As the doxing industry grows, so too does the need for more robust protections for personal data and stronger legal measures to deter and punish perpetrators. The dark world of doxing for profit is a sobering reminder of the perils of our increasingly connected and data-driven world.
Read more »
Sensitive Data Leak
Cyber Attacks data security Healthcare Healthcare Industry Patient Data Personal Data Breach Sensitive Data Leak

Cyberattack Exposes Patient Data in Leicestershire

 

A recent cyberattack has compromised sensitive patient data in Leicestershire, affecting several healthcare practices across the region. The breach, which targeted electronic patient records, has led to significant concerns over privacy and the potential misuse of personal information. Those impacted by the attack have received notifications detailing the breach and the measures being taken to secure their data and prevent further incidents.  

Healthcare providers in Leicestershire are collaborating with cybersecurity experts and law enforcement agencies to investigate the breach, identify the perpetrators, and implement enhanced security measures. The goal is to protect patient information and prevent similar incidents in the future. Patients are advised to be vigilant, monitor their personal information closely, and report any suspicious activity to the authorities. The exposed data includes names, contact details, and medical records, all of which are highly sensitive and valuable to cybercriminals. The breach underscores the growing threat of cyberattacks in the healthcare sector, where such information is frequently targeted. 

In response, affected practices have taken immediate steps to bolster their cybersecurity protocols and provide support to those impacted. In addition to enhancing security measures, healthcare providers are committed to maintaining transparency and keeping patients informed about the investigation’s progress and any new developments. This commitment is crucial in rebuilding trust and ensuring that patients feel secure in the handling of their personal information. The healthcare sector has increasingly become a prime target for cyberattacks due to the vast amounts of sensitive data it holds. This incident in Leicestershire serves as a stark reminder of the vulnerabilities within our digital systems and the importance of robust cybersecurity measures. The breach has highlighted the need for constant vigilance and proactive steps to protect sensitive information from cyber threats. 

In the aftermath of the breach, healthcare providers are focusing on not only addressing the immediate security concerns but also on educating patients about the importance of cybersecurity. Patients are being encouraged to take measures such as changing passwords, enabling two-factor authentication, and being cautious about sharing personal information online. As the investigation continues, healthcare providers are committed to working closely with cybersecurity experts to strengthen their defenses against future attacks. 

This collaborative effort is essential in safeguarding patient data and ensuring the integrity of healthcare systems. The Leicestershire data breach is a significant event that underscores the critical need for heightened security measures in the healthcare sector. It calls for a concerted effort from both healthcare providers and patients to navigate the challenges posed by cyber threats and to work together in creating a secure environment for personal information. 

By taking proactive steps and fostering a culture of cybersecurity awareness, the healthcare sector can better protect itself and its patients from the ever-evolving landscape of cyber threats.
Read more »
Personal Data Breach
cybercriminal arrests Data Breach data security Information Security NSW Personal Data Personal Data Breach

NSW Cybercrime Squad Arrests Suspect in Million-Person Data Breach Case

 

In a significant development, the Cybercrime Squad in New South Wales (NSW) has made a crucial breakthrough in a case involving a mass data breach affecting approximately one million individuals. The arrest of a 46-year-old man from Fairfield West marks a pivotal moment in the investigation into this alarming cyber incident. The suspect was apprehended following a raid on a property in Fairfield West by Cybercrime Squad detectives, underscoring law enforcement's dedication to combating cyber threats and protecting individuals' privacy and security. 

The data breach, which has sent shockwaves across NSW, particularly among patrons of specific clubs, has raised serious concerns about the safety and integrity of personal information online. Individuals of "prominence" are among those affected by the breach, highlighting the far-reaching implications of such cyber incidents. The Cybercrime Squad, part of State Crime Command’s Serious Crime Directorate, has been at the forefront of the investigation, aiming to unravel the complexities surrounding the breach and identify any criminal activities associated with it. 

According to Detective Chief Superintendent Grant Taylor, the personal details compromised in the data breach were collected by certain NSW clubs as part of their membership or entry procedures. The breach has potentially exposed sensitive information, including portions of individuals' driver's license details or membership data. The Cybercrime Squad is diligently investigating the breach, delving into the circumstances surrounding its occurrence and pursuing those responsible for perpetrating this cybercrime. While the investigation is ongoing, it is crucial to acknowledge the broader implications of such data breaches and the risks they pose to individuals' privacy and security. 

The proliferation of cyber threats underscores the need for heightened vigilance and robust cybersecurity measures. With cybercriminals becoming increasingly sophisticated in their tactics, it is imperative for organizations and individuals alike to prioritize cybersecurity and adopt proactive strategies to safeguard sensitive information. The arrest made by the Cybercrime Squad serves as a stark reminder of the pervasive threat posed by cybercriminals and the importance of law enforcement agencies' proactive efforts in combatting cybercrime. 

The collaboration between law enforcement agencies and cybersecurity experts is essential in addressing the evolving landscape of cyber threats and ensuring the safety and security of individuals' digital identities. In response to the data breach, law enforcement authorities are working tirelessly to mitigate the impact on affected individuals and prevent further dissemination of compromised information. Efforts are underway to take down the website responsible for publishing the personal information and prevent unauthorized access to individuals' data. 

Additionally, law enforcement agencies are urging individuals to remain vigilant and exercise caution when sharing personal information online. The incident underscores the critical role of cybersecurity awareness and education in empowering individuals to protect themselves against cyber threats effectively. By staying informed about best practices for online security and adopting secure password practices, individuals can significantly reduce their risk of falling victim to cybercrime. 

As the investigation into the data breach continues, law enforcement agencies remain committed to holding accountable those responsible for compromising individuals' personal information. Through collaborative efforts and proactive cybersecurity measures, stakeholders can work together to strengthen defenses against cyber threats and safeguard the integrity of digital ecosystems.
Read more »
ransomware attacks
Identity Protection LOCKBIT Cybergang Personal Data Breach Privacy ransomware attacks

Russian Cybergang Responsible for Cybertheft in Jacksonville Beach: What You Need to Know


In late January, the city of Jacksonville Beach, Florida, fell victim to a cybertheft incident that potentially impacted up to 50,000 residents. The responsible party? A Russian-based cybergang known as LOCKBIT. In this blog post, we delve into the details of the attack, the aftermath, and what citizens need to be aware of moving forward.

The LOCKBIT Cybergang

LOCKBIT is not a new player in the cybercrime world. Known for its sophisticated tactics, this group specializes in ransomware attacks. Their modus operandi involves infiltrating systems, encrypting data, and demanding hefty ransoms in exchange for decryption keys. In the case of Jacksonville Beach, LOCKBIT targeted the city’s information system, potentially compromising sensitive data.

The Jacksonville Beach Incident

On February 12, LOCKBIT escalated the situation by listing local residents’ personal information on their website. Social security numbers, addresses, and other private details were suddenly exposed. Panic ensued as citizens grappled with the realization that their identities were at risk. The city’s response was swift: they refused to pay the ransom demanded by LOCKBIT, adhering to Florida’s laws prohibiting such payments.

The International Police Operation

Fortunately, an international police operation intervened, dismantling the criminal empire. LOCKBIT’s reign of terror was cut short, but the damage had already been done. The question remained: where did the stolen data end up? Forensic experts began their painstaking work, attempting to trace the digital breadcrumbs left by the cybergang. Months of investigation lay ahead, and even then, a complete picture might never emerge.

The Fallout

The fallout from the Jacksonville Beach incident is multifaceted. First and foremost, citizens face the uncertainty of whether their personal information is circulating on the dark web. LOCKBIT’s exposure of social security numbers and addresses could have severe consequences, from identity theft to financial fraud. The hotline set up by the city (844-709-0703) aims to address citizens’ concerns, but the road ahead remains murky.

Lessons Learned

As we reflect on this cybertheft, several crucial lessons emerge:

Vigilance is Key: Cyber threats are real and ever-evolving. Citizens must remain vigilant, practicing good cybersecurity hygiene. Regularly update passwords, avoid suspicious emails, and be cautious when sharing personal information online.

Backup Your Data: Ransomware attacks can cripple organizations and individuals. Regularly back up your data to secure locations. If your files are encrypted, having backups ensures you don’t have to pay a ransom to regain access.

No Ransom Payments: Jacksonville Beach’s refusal to pay the ransom was commendable. By adhering to this stance, they not only followed the law but also sent a message to cybercriminals that their tactics won’t work.

Collaboration Matters: International cooperation played a crucial role in dismantling LOCKBIT. Cybercrime knows no borders, and joint efforts are essential to combating it effectively.

Read more »
ransom refusal
Cybersecurity Data Breach Data Theft Estes Express Lines FBI Investigation Freight shipping identity monitoring IT Security Personal Data Breach ransom refusal

Estes Declines Ransom Demand Amidst Personal Data Breach and Theft

 

Estes Express Lines, a major private freight shipping company in the United States, has notified over 20,000 customers about a security breach where their personal information was stolen by unknown hackers.

The company revealed that on October 1, 2023, unauthorized individuals gained access to a part of their IT network and deployed ransomware. Despite the standard advice from the FBI and financial regulators, Estes chose not to pay the ransom demanded by the attackers. 

Initially disclosed in early October as a "cyberattack" affecting their IT infrastructure, Estes later announced the full restoration of their system capabilities by October 24 through a video posted by their chief operating officer, Webb Estes.

A group known as Lockbit claimed responsibility for the breach a month later and disclosed that they leaked data taken from the company on November 13. On New Year's Eve, Estes filed a data breach notice with the Maine Attorney General, providing further insights into the digital intrusion, now confirmed to be a ransomware attack.

According to Estes, they are collaborating with the FBI in the investigation. While the forensic analysis confirmed that personal information was stolen, the specifics of the accessed data were not explicitly mentioned in the sample notification letter. 

However, the Maine filing indicated that it involved names or other personal identifiers combined with Social Security numbers, suggesting a broader scope of compromised information.

Estes has not provided immediate responses to inquiries regarding details about the breach, such as the stolen data specifics, the initial network access point for the hackers, the ransom amount demanded, and the rationale behind the decision to refrain from paying the ransom. 

This decision has sparked a contentious debate encompassing practical considerations like effective backups and financial implications, along with broader ethical concerns such as potential support for criminal activities like human trafficking, terrorism, or future cybercrimes through ransom payments.

Both paying and not paying ransoms have proven to be financially burdensome for affected entities. Caesars Entertainment allegedly paid $15 million to a ransomware group to decrypt their data and prevent customer information leakage after a September breach, while MGM Resorts, despite not paying the ransom in a similar attack, suffered losses surpassing $100 million.

While the US government advises against ransom payments, some voices advocate for a complete ban on such extortion payments. Despite the breach, Estes has stated that they are not currently aware of any instances of identity theft, fraud, or financial losses stemming from the incident. Additionally, they plan to offer affected individuals 12 months of free identity monitoring services through Kroll.
Read more »
US Energy Service
Akira Ransomware BHI Energy Data Breach Personal Data Breach Ransomware attack US Energy Service

US Energy Service Shared Details on How Akira Ransomware Hacked its Network


US energy service firm BHI Energy recently shared how it compromised its network and data in a ransomware campaign conducted by the Akira ransomware.  

BHI Energy, a division of Westinghouse Electric Company, provides specialized engineering services and workforce solutions to support government and private-run power generation facilities, including nuclear, wind, solar, and fossil fuel units and transmission and distribution lines for energy. 

The company has sent a data breach notification to affected individuals, where it has provided details on how the ransomware gang (Akira) breached its network on May 30, 2023.  

The Akira threat actor initiated the attack by utilizing the compromised VPN credentials of a third-party contractor to gain entry to BGI Energy's internal network. 

"Using that third-party contractor's account, the TA (threat actor) reached the internal BHI network through a VPN connection[…]In the week following initial access, the TA used the same compromised account to perform reconnaissance of the internal network," the breach notification read.  

On June 16, 2023, the Akira operators checked the network again to see how much data had been taken. The threat actors took 690 GB of data, including the Windows Active Directory database of BHI, in 767k files between June 20 and June 29.

After obtaining the data from BHI's network, the threat actors deployed the Akira ransomware on every targeted system to encrypt files on June 29, 2023. At this point, the IT staff at BHI were aware that the business had been compromised. 

The data obtained by the ransomware group involved the personal information of the victim. In an investigation held on September 1, 2023, it was revealed that the stolen data included: 

  • Full name 
  • Date of birth 
  • Social Security Number (SSN) 
  • Health information
The firm confirms that in order to assist them in recovering the affected systems, they got in touch with external experts and informed law enforcement about the breach. On July 7, 2023, the threat actor's access to BHI's network was eliminated. 

The firm claims that it was able to restore its systems without having to pay a ransom because it was able to retrieve data from a cloud backup solution that was unaffected by the ransomware attack.

Moreover, by implementing multi-factor authentication for VPN access, resetting all passwords globally, expanding the deployment of EDR and AV technologies to cover every area of its environment, and decommissioning legacy systems, BHI strengthened its security protocols even further.  

Read more »
Phishing Attacks
BreachForums D-Link D-Link Data Breach Data Breach Personal Data Breach Phishing Attacks

D-Link Confirms Data Breach, After Employees Suffer Phishing Attack


Taiwan-based networking equipment manufacturer, D-Link recently revealed to have suffered a data breach in which it lost information linked to its network. The data was then put up for sale on illicit sites, one being BreachForums.

Reportedly, the hackers claim to have stolen the company’s source code for D-View network management software. The company has also compromised millions of personal data entries of its customers and employees, along with that of its CEO. 

The compromised data includes the victim’s names, addresses, emails, phone numbers, account registration dates, and the users' last sign-in dates.

A thread participant noted that the data appeared to be very old after releasing samples of 45 stolen records with timestamps between 2012 and 2013.

The attacker stated, "I have breached the internal network of D-Link in Taiwan, I have 3 million lines of customer information, as well as source code to D-View extracted from system[…]This does include the information of MANY government officials in Taiwan, as well as the CEOs and employees of the company."

The stolen data has been available on the illicit forums since October 1st, with the hackers demanding a ransom of $500 for the stolen client data and purported D-View source code.

Data Stolen From a “Test Lab” System

According to D-Link, the security lapse happened as a result of a worker falling for a phishing scam, which gave the attacker access to the company's network.

After realizing what had transpired, the company quickly shut down possibly impacted systems in reaction to the hack, and all user accounts used for the investigation — except two — were disabled. 

D-Link further noted that the hackers have also gained access to one of its product registration systems when it was running on an old D-View 6 system, which reached its end of life in 2015, in what D-Link described as a "test lab environment,"

However, D-Link did not make it clear as to why the end-of-life server was still running on the company’s network and was subsequently exposed to the Internet for the past seven years.

D-Link confirmed that the compromised system only had about 700 records, with information on accounts that had been open for at least seven years, in contrast to the attacker's assertion that millions of users' data had been stolen. 

"Based on the investigations, however, it only contained approximately 700 outdated and fragmented records that had been inactive for at least seven years," D-Link stated. "These records originated from a product registration system that reached its end of life in 2015. Furthermore, the majority of the data consisted of low-sensitivity and semi-public information."

D-Link believes the threat actor intentionally altered the timestamps of recent logins in order to give the impression that more recent data theft occurred. The majority of the business's current clients aren't anticipated to be affected by this issue, the company added.  

Read more »
US Department of Health and Human Services
Cyber Attacks Medical Data Personal Data Breach Prospect Medical Holdings ransomware attacks Rhysida Rhysida ransomware gang US Department of Health and Human Services

Rhysida Ransomware Group: Social Security Numbers, Passport Data Compromised in Recent Hospital Attack


On Thursday, the Rhysida ransomware gang confirmed to have been behind the recent cyberattack on Prospect Medical Holdings, as reported by a dark web listing reviewed by Axios.

Apparently, the ransomware gang stole more than 500,000 Social Security numbers and copies of the company’s employees’ driving licenses and passports. Also, other legal and financial documents are said to be compromised.

Prospect Medical Holdings—currently operating 16 hospitals spread across four U.S. states—confirms that the ransomware attack was launched earlier this month, because of which they have been facing issues in their online operations.

Moreover, several elective surgeries, outpatient appointments, blood drives and other services are put to hold owing to the attack. 

According to a Prospect spokesperson, the company was unable to comment on the suspected data leak due to "the sensitivity of the incident and law enforcement involvement."

"Prospect Medical continues to work around-the-clock to recover critical systems and restore their integrity[…]We are making significant progress. Some operational systems have been fully restored and we are in the process of bringing others online," the spokesperson said. 

Rhysida Ransomware Group 

Rhysida confirmed Prospect as one of its victims on its dark web site this Thursday, stating that it had taken 1.3 terabytes of SQL data and 1 terabyte of "unique" files.

Certainly, if the ransom demands are not fulfilled, the ransomware group has threatened the firm to expose their victims’ names to their site. 

Rhysida, in a listing, says that it will auction off "more than 500,000 SNNs, passports of their clients and employees, driver's licenses, patient files (profile, medical history), financial and legal documents!!!"

The auction apparently ends in nine days, with 50 Bitcoins as ransom, per the listing.

Rhysida first came to light in May, however the government officials and cybersecurity professionals claim to have already known about the group, following instances of the group targeting critical infrastructure organizations in recent months.

Also, the Department of Health and Human Services (HHS) published an advisory in regards to the group, since Rhysida’s prime targets involved organizations in the health and public health sector. They further noted that Rhysida’s victims also involved firms in the education and manufacturing sectors.

HHS has advised organizations to patch known security flaws present in their systems and install data back-ups in case they are taken offline. Moreover, they recommended phishing awareness training programs for employees.  

Read more »
The Telegraph
BBC Boots British Airways (BA) Clop Ransomware Cyber Attacks MOVEit Personal Data Breach Secureworks The Telegraph

Zellis Cyberattack: British Airways, Boots and BBC Employee’s Personal Data Exploited


Zellis Cyberattacks Exploiting MOVEit

British Airways (BA), Boots, and BBC have recently been investigating an alleged cyber incident. The attack, apparently carried out by a Russia-based criminal gang, included the theft of the personal data of the companies' employees.

BA confirmed the attack, noting that the hackers targeted software named MOVEit used by Zellis, a payroll provider.

“We have been informed that we are one of the companies impacted by Zellis’s cybersecurity incident, which occurred via one of their third-party suppliers called MOVEit,” said a British Airways spokesperson.

The affected BA employees were informed about the situation through an email, which read that the compromised data included their names, addresses, national insurance numbers, and banking details, according to The Telegraph which initially reported about the incident. BA further added that the attack has prominently affected the staff who were paid via BA payroll in the UK and Ireland.

Another company affected by the attack, Boots, says that “some of our team members’ personal details” were compromised. The Telegraph reported that the staff members were informed about the attacks, with the stolen data involving their names, surnames, employee numbers, dates of birth, email addresses, the first lines of home addresses, and national insurance numbers.

While a BBC spokesperson has confirmed the attacks, the corporations decline that the breach involves any of its staff’s bank details.

“We are aware of a data breach at our third-party supplier, Zellis, and are working closely with them as they urgently investigate the extent of the breach. We take data security extremely seriously and are following the established reporting procedures,” the spokesperson said.

Microsoft’s Investigation of the Attacks

Microsoft threat intelligence, in a tweet on Sunday, claimed the attacks on MOVEit were carried out by a threat group called Lace Tempest. The group is popular among threat intelligence firms for their ransomware operations and running “extortion sites” carrying data obtained in attacks using a ransomware strain called Clop.

Microsoft says “The threat actor has used similar vulnerabilities in the past to steal data and extort victims.”

According to Rafe Pilling, director of Secureworks, a US-based security firm, the attack was probably carried out by an affiliate of the cybercriminal gang behind the Clop ransomware, as well as the connected website alluded to by Microsoft where stolen data is advertised. He adds that a Russian-speaking cybercrime organization was responsible for Clop.

Pilling forewarns the victims, asserting they might be contacted by the hackers in the near future, demanding ransom in return for the stolen data. “Victims will be contacted and if they refuse they will probably be listed and published on the Clop site,” he said. Furthermore, MOVEit spokesperson recently confirmed that they have “corrected” the vulnerability exploited by the threat actors.

“We are continuing to work with industry-leading cybersecurity experts to investigate the issue and ensure we take all appropriate response measures,” they added.  

Read more »
Profiles for sale
Bank Data Darknet Data Breach Data Leakage DLBI Location data location tracking Personal Data Personal Data Breach Profiles for sale

The DLBI Expert Called the Cost of Information about the Location of any Person

Ashot Oganesyan, the founder of the DLBI data leak intelligence and monitoring service, said that the exact location of any Russian on the black market can be found for about 130 dollars. 

According to him, this service in the illegal market is called a one-time determination of the subscriber's location. Identification of all phones of the client linked to the card/account using passport data costs from 15 thousand rubles ($200). 

"The details of the subscriber's calls and SMS for a month cost from 5 thousand ($66) to 30 thousand rubles ($400), depending on the operator. Receiving subscriber data by his mobile phone number cost from 1 thousand rubles ($13)", he added. 

Mr. Oganesyan said that fixing movement on planes, trains, buses, ferries, costs from 1.5 thousand ($20) to 3 thousand rubles ($40) per record. Data on all issued domestic and foreign passports will cost from 900 ($12) to 1.5 thousand rubles ($20) per request. Information about crossing the Russian border anywhere and on any transport costs from 3 thousand rubles ($40) per request, Ashot Oganesyan clarified, relying on the latest data on leaks. 

According to him, both law enforcement agencies and security services of companies are struggling with leaks, but only banks have managed to achieve some success. The staff of mobile network operators, selling data of calls and SMS of subscribers, are almost weekly convicted, however, the number of those wishing to earn money is not decreasing. 

The expert noted that under the pressure of the Central Bank of Russia and the constant public scandals, banks began to implement DLP systems not on paper, but in practice, and now it has become almost impossible to download a large amount of data unnoticed. As a result, today it is extremely rare to find a database with information about clients of private banks for sale. 

However, another problem of leakage from the marketing systems of financial organizations has emerged. The outsourcing of the customer acquisition process and the growth of marketplaces have led to information being stored and processed with a minimal level of protection and, naturally, leaking and getting into sales.
Read more »
User Security
Bank Data Leak Data Breach Personal Data Breach Sensitive Data Leak User Data User Privacy User Security

African Bank Alerts of Data Breach With Personal Details Compromised

 

South African retail bank African Bank has confirmed that one of its debt recovery partners, Debt-IN, was targeted by a ransomware attack in April 2021. 

Expert security advice determined at the time that there was no indication that the ransomware assault resulted in a data leak – nevertheless, Debt-IN is now aware of the fact that the personal information of some customers, including several African Bank Loan customers under debt review, has been breached. 

Debt-IN is certain that no data communicated after April 1, 2021, has been compromised, as per the bank. 

It stated, “A robust mitigation plan has been implemented by Debt-IN to contain and reduce any further adverse impact.”

“We have been collaborating with Debt-IN to address this breach. We have notified the relevant regulatory authorities and we are also in the process of alerting customers who have been affected, via email and SMS.” 

African Bank's fraud prevention team has significantly enhanced security safeguards to protect all clients as an added precaution. 

“If you detect any suspicious activity, or feel that your information has been compromised, you can apply for a free Protective Registration listing with the Southern African Fraud Prevention Services (SAFPS),” the bank added. 

“This will alert banks and credit providers that an identity has been compromised. You can apply by emailing protection@safps.org.za.” 

Latest in a line of high-profile data breaches

Customers of African Bank can contact 0861 111 011 if they detect suspicious activity on their accounts. The breach is the most recent in a string of high-profile data breaches and cyber assaults in South Africa this year. 

Following an investigation into the data breach at Experian in August 2020, the Hawks caught a 36-year-old suspect in Gauteng last week (15 September). 

The South African Banking Risk Information Centre (SABRIC) stated that Experian, a consumer credit reporting firm, has suffered a data breach, compromising the personal information of millions of South Africans. 

Experian initially disclosed that there had been a data breach that leaked personal details of up to 24 million South Africans and 793,749 business enterprises to a potential criminal. 

In recent months, the Justice Department was also targeted by a ransomware attack, and it is currently working to restore its systems. In July, Transnet was also targeted in a similar manner.
Read more »
Personal Data Breach
Cyberattack cybercriminals Hackers Personal Data Breach

Manchester United Hit By a Cyber Attack on their Systems

 

Manchester United affirmed the hacking on the club and revealed systems required for the match remained secure.

Have been hit by a cyber-attack on their systems however state they are not “currently aware of any breach of personal data associated with our fans and customers”. 

In a statement, United stated: “Manchester United can confirm that the club has experienced a cyber-attack on our systems. The club has taken swift action to contain the attack and is currently working with expert advisers to investigate the incident and minimize the ongoing it disruption.

Paul Pogba 'significant for us' says Solskjær after Deschamps comments, “Although this is a sophisticated operation by organized cybercriminals, the club has extensive protocols and procedures in place for such an event and had rehearsed for this eventuality.

Our cyber defenses identified the attack and shut down affected systems to contain the damage and protect data. Club media channels, including our website and app, are unaffected and we are not currently aware of any breach of personal data associated with our fans and customers. 

We are confident that all critical systems required for matches to take place at Old Trafford remain secure and operational and that tomorrow’s game against West Bromwich Albion will go ahead.”




The club told the British authorities about the incident, including the information commissioner's office. 

The united likewise dispatched a forensic investigation into the incident. 

A spokesperson for the club added: “These types of attacks are becoming more and more common and are something you have to rehearse for.” 

United have informed the information commissioner's office and added that forensic tracing is being completed by carrying out an attempt to set up additional insight regarding the attack.


Read more »
Personal Data Breach
Apple Facebook Personal Data Breach

Facebook's Defunct Research Program Collects 'Untargeted' Data That May Be Sensitive On Almost 200K Users



Facebook's recently launched research program came down with a huge crash as it 'harvested the potential sensitive personal data' of approximately 187,000 people around the globe, including a large number of teenagers of the US.

Apple had already prohibited the use of the application practically about a year back and correspondences among Facebook and Sen. Richard Blumenthal's office detail the breadth of the organization's data collection program for the first time since then.

As indicated by those emails, of the about 190,000 individuals participating, 31,000 were US residents and 4,300 of those natives were between the ages of 13 to 17-years of old. The remaining users were located in India, says the report.

The now-banned research program named Project Atlas and the Research application were although terminated not long ago after reports came of the abuse of a special developer's certificate that enabled the organization to sidestep Apple's App Store.

In the program, the participants were paid $20 every month to download an altered VPN, in which the organization sucked up an enormous sum of personal data, including web browsing histories, encrypted messages, application activity, and much more.

Apple repudiated the enterprise privileges of both Facebook and Google which was likewise observed to manhandle its developers certificate.

Facebook said it decided not to decrypt the majority of the data collected by the program and didn't expand on what the 'non-targeted' content was cleared up in the process.

The contention though hasn't halted Facebook from proceeding to seek after mobile users data through broad market program.



Regardless in another 'iteration announced' only the earlier week called 'Facebook Study,' only accessible through Google Pay, the company says it will compensate users in return for a variety of data points about precisely how and when they use apps on their phones.

Read more »
Personal Data Breach
Customer Data Hackers Personal Data Breach

Malware Attack Compromises Titan’s System and Steals Customer Data


Titan Manufacturing and Distribution  Inc. and its computer framework was reported to be compromised by a malware that too for about a year around from November 23, 2017 until October 25, 2018 as per an IT security expert.

Given the fact that the company expressed that it doesn't store customer data, the malware installed in the company's framework could have gained access to the users' shopping cart including their data, for example, the users' full names, billing addresses, contact numbers, payment card details, like the card numbers, termination dates, as well as verification codes.

After finding out about the episode, Titan advised its customers about the occurrence and unveiled in a notice for the customers who have had purchased products from its online stores between November 23, 2017 and October 25, 2018, that they might have been influenced by the said incident.

 “Titan Manufacturing and Distributing, Inc. (“Titan”) values your business and recognizes the importance of the security of your information. For these reasons, we are writing to let you know, as a precautionary measure, that Titan has been the victim of a data security incident that may involve your information,” the notice read.

Titan is now working intimately with a 'third-party' IT security expert so as to research and investigate the incident carefully and is all set to provide one-year complimentary identity theft protection for all conceivably influenced customers.

By finding a way to upgrade their security framework and moving its computer framework to another server, deleting and resetting all authoritative login credentials the company has additionally asked for its users to remain cautious by frequently monitoring their financial records for any suspicious exercises and take immediate measures by reporting them.

Read more »
Trojan
malware Personal Data Breach Sextortion Scam Trojan

Sextortion Scams At a Rise Yet Again; Now Leading To Ransomware



In the recent times the sextortion email scams have been at a high rise as they have proved time and time again to being quite a significant and effective method for producing easy money for the hoodlums. A sextortion scam is basically when an individual receives an email stating that they have been spied upon while they were browsing adult websites.

The sextortion campaign which traps recipients into installing the Azorult data stealing Trojan, then further downloading and installing the GandCrab ransomware is in the highlight now.

The first infection, Azorult, will be utilized to steal data from the user's PC, for example, account logins, cookies, documents, chat history, and that's just the beginning. At that point it installs the GandCrab Ransomware, which will encrypt the computer's information.

There have been numerous cases of such scams being accounted for generally where the emails may likewise contain passwords of the users that were leaked amid information breaches so as to make the scams look progressively genuine.

Experts at ProofPoint detected another campaign that as opposed to containing a bitcoin addresses to send a blackmail payment to prompts the user to download a video they made of them indulging in certain "exercises". The downloaded compress document, however, contains an executable that will further install the malware onto the computer.

"However, this week Proofpoint researchers observed a sextortion campaign that also included URLs linking to AZORult stealer that ultimately led to infection with GandCrab ransomware," stated ProofPoint's research.

The downloaded documents will be named like Foto_Client89661_01.zip and the full text of the sextortion trick email is below:




This new strategy is turned out to be significantly hazardous, as when the recipients are already terrified with the need to affirm if a video exists. They download the document, endeavor to open the compressed file, and thusly find themselves infected with two distinct sorts of malware.

Consequently, it is recommended for the user's to not believe anything they receive via email from a strange address and rather do a few inquiries on the Web to check whether others have experienced emails this way or not.

Read more »
Subscribe to: Posts (Atom)