Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Personal Information. Show all posts
Stolen Data
Cyberattack Cybersecurity Data Breach health data medical records Personal Information Ransomware Social Security Stolen Data

Sunflower and CCA Suffer Data Breaches, Exposing Hundreds of Thousands of Records

 

Sunflower recently disclosed a cyberattack on its systems, revealing that hackers gained access on December 15 but remained undetected until January 7. 

During this time, sensitive personal and medical data — including names, addresses, dates of birth, Social Security numbers, driver’s license details, medical records, and health insurance information—were compromised. According to its filing with the Maine Attorney General’s Office, the breach impacted 220,968 individuals.

Meanwhile, CCA experienced a similar data breach in July last year. The organization reported that cybercriminals stole extensive patient information, including names, addresses, dates of birth, driver's license numbers, Social Security numbers, diagnoses, lab results, prescriptions, patient ID numbers, and provider details. The breach affected 114,945 individuals, as per its filing with Maine’s Attorney General’s Office.

The Rhysida ransomware group has claimed possession of 7.6TB of Sunflower’s data, including a 3TB SQL database, according to The Register. With the data still listed online, it suggests that either negotiations are ongoing or have collapsed. However, as of now, there is no confirmed evidence of the stolen data being misused on the dark web.

Following these incidents, both organizations have taken steps to strengthen cybersecurity measures to prevent future breaches.
Read more »
Scamming
Cyber Crime Personal Information Psychology Scamming

Scammers Still Use the Same Tricks, Just in New Ways

 



As technology furthers, scams are becoming more advanced, but the way scammers manipulate people hasn't changed. Despite using modern tools, they still rely on the same psychological tactics to deceive their victims.  

Clinical psychologist Dr. Khosi Jiyane explains that scammers understand how human behavior works and use it to their advantage. Even though scams look different today, the methods of tricking people remain similar.  


Thinking You're Safe Can Make You a Target  

One major reason people fall for scams is the belief that it can't happen to them. This mindset, known as optimism bias, makes people think they're less likely to be scammed compared to others.  

Because of this, people often ignore clear warning signs in suspicious emails, messages, or offers. They assume they’re too smart to get fooled, which lowers their guard and makes it easier for scammers to succeed.  


Scammers Play on Trust  

Another trick scammers use is truth bias, where people naturally believe what they are told unless there's a clear reason to doubt it. Scammers pretend to be trustworthy figures like bank officials or family members to gain trust.  

By appearing credible, they can convince people to share personal information, make payments, or click harmful links without hesitation. This works even on cautious people because trust often overrides suspicion.  


Creating Urgency to Trick You  

Scammers often create a sense of urgency to rush people into making quick decisions. Messages like "Act now to protect your account!" or "Claim your prize before time runs out!" are designed to trigger panic and fast responses.  

Dr. Jiyane explains that when people feel rushed, they think less critically, making them easier targets. Scammers use this tactic, especially during busy times, to pressure people into acting without verifying facts.  


How to Protect Yourself  

The best way to avoid scams is to always pause and verify before taking action. Whether you receive a call, email, or message asking for personal information or urgent action, always confirm with the source directly.  

It’s also important to stay aware of your vulnerability. No one is completely immune to scams, and understanding this can help you stay cautious. Avoid making quick decisions under pressure and take time to think before responding.  

By staying alert and verifying information, you can reduce the risk of falling for scams, no matter how convincing they appear.

Read more »
Personal Information
aviation BreachForums Data Breach Data Hackers data security Data Theft Hacker attack Personal Information

ICAO Investigates Potential Data Breach Amid Cybersecurity Concerns

 

The International Civil Aviation Organization (ICAO), a United Nations agency tasked with creating global aviation standards, has disclosed an investigation into a potential cybersecurity incident. Established in 1944, ICAO works with 193 member states to develop and implement aviation-related technical guidelines. The agency announced its inquiry on Monday, following reports of unauthorized access linked to a well-known cybercriminal group targeting international organizations.  

In its statement, ICAO confirmed it is examining allegations of a security breach and has already implemented precautionary measures to address the issue. While the organization did not provide specific details, it assured the public that a comprehensive investigation is underway. Additional updates will be shared once the preliminary analysis is complete. The investigation coincides with claims by a hacker using the alias “natohub,” who posted on BreachForums, a well-known hacking forum, alleging they had accessed and leaked ICAO’s data. 

According to the claims, the leak comprises 42,000 documents containing sensitive personal information, including names, dates of birth, addresses, phone numbers, email addresses, and employment records. Another source suggested the leaked archive is approximately 2GB and contains data linked to 57,240 unique email accounts. ICAO has not verified the authenticity of these claims but has emphasized the seriousness with which it is handling the situation. 

This development follows a pattern of cyberattacks on United Nations agencies in recent years. In April 2024, the United Nations Development Programme (UNDP) launched an investigation into a ransomware attack reportedly orchestrated by the 8Base group. Similarly, in January 2021, the United Nations Environment Programme (UNEP) experienced a breach that exposed over 100,000 records containing personally identifiable information. Earlier, in July 2019, UN networks in Vienna and Geneva suffered a significant breach through a SharePoint exploit. 

That attack compromised sensitive data, including staff records, health insurance details, and commercial contracts. A senior UN official later described the incident as a “major meltdown.” These recurring incidents highlight the increasing vulnerability of global organizations to cyber threats. Despite their critical roles in international operations, such institutions remain frequent targets for cybercriminals. 

This underscores the urgent need for robust cybersecurity measures to protect sensitive data from exploitation. As ICAO continues its investigation, it serves as a reminder of the evolving threats facing international organizations in a rapidly digitizing world. Enhanced vigilance and collaboration are essential to safeguarding global systems against future cyberattacks.
Read more »
Personal Information
Data Breach Data Services database Internet Personal Information

Database Service Provider Leak Results in Exposing Over 600,000 Records on Web

Database Service Provider Leak Results in Exposing Over 600,000 Records on Web


SL Data Services, a U.S.-based data broker, experienced a massive data breach, exposing 644,869 personal PDF files on the web. The leaked records included sensitive information such as personal details, vehicle records, property ownership documents, background checks, and court records. Alarmingly, the exposed files were not encrypted or password-protected.

Cybersecurity expert Jeremiah Fowler discovered the breach, identifying sample records in the 713.1 GB database. Remarkably, 95% of the documents were labeled as “background checks.”

"This information provides a full profile of these individuals and raises potentially concerning privacy considerations," Fowler stated.

Details of the Leaked Data

The breached documents contained the following sensitive information:

  • Residential addresses
  • Contact details and emails
  • Employment data
  • Full names
  • Social media accounts
  • Family members
  • Criminal record history

Fowler confirmed the accuracy of the residential addresses associated with named individuals in the leaked files.

How the Leak Happened

According to Fowler, property reports ordered from SL Data Services were stored in a database accessible via a web portal for customers. The vulnerability arose when a threat actor, knowing the file path, could locate and access these documents.

SL Data Services used a single database for multiple domains without proper segmentation. The only separation was through folders named after the respective websites. After Fowler reported the breach, database access was blocked for a week, but during that time, over 150,000 additional records were exposed. It remains unclear how long the data was publicly accessible or what information was accessed by unauthorized parties.

When Fowler contacted SL Data Services, he was only able to reach call center agents who denied the breach, claiming their systems used SSL and 128-bit encryption. Despite these assurances, the exposed records suggest serious lapses in data security practices.

The Risks of Exposed Data

Fowler warned about the dangers posed by the leaked information:

"The criminals could potentially leverage information about family members, employment, or criminal cases to obtain additional sensitive personal information, financial data, or other privacy threats."

Publicly exposed data allows threat actors to:

  • Launch phishing campaigns or social engineering attacks
  • Fake identities using stolen information
  • Target victims whose data appeared in background check documents

Staying Safe

To protect personal data when working with data brokers, Fowler recommends the following:

  1. Research Data Storage Practices
    Understand how the company stores and secures sensitive data.
  2. Conduct Vulnerability Scans
    Ensure the broker performs regular scans to detect potential security issues.
  3. Request Penetration Testing
    Verify whether the company tests its systems to prevent unauthorized access.

Conclusion

This breach underscores the importance of robust data security practices for companies handling sensitive information. By adopting proactive measures and holding data brokers accountable, both organizations and consumers can mitigate the risks of future breaches.

Read more »
Personal Information
comcast Data Breach FBCS Identity Theft Personal Information

Comcast Data Breach Impacts Thousands, Sensitive Information Compromised

 



Comcast Cable Communications LLC reports that it is a victim of a data breach compromising personal information of more than 237,000 individuals, including 22 residents of Maine. According to an investigation, the breach is traced back to Financial Business and Consumer Solutions, Inc., a third-party with which Comcast has associated in the past.

The data breach began on February 14, 2024, when an unauthorised third party gained access to FBCS's computer network. Access to this unauthorised party had led to a ransomware attack where cybercriminals downloaded and encrypted sensitive data. Initially, on March 13, 2024, FBCS had communicated to Comcast that customer information did not appear to have been compromised. However, months later, on July 17, 2024, it came to be known that sensitive customer data had indeed been affected.


New Comcast Hacking Findings

As soon as the breach was discovered, FBCS reached out to the FBI and hired some private cybersecurity firms to comprehend the full dimension of the breach. The investigation revealed names, addresses, Social Security numbers, birth dates, and Comcast account numbers accessed. The acquired information is of a very sensitive nature that encompasses substantial risk factors for identity theft and even financial frauds.

Still, FBCS has maintained that, to date, there is nothing known to be ill-gotten from the stolen data. Only the records starting 2021 are affected, as in 2020, FBCS terminated its contract with Comcast.


Support for Victims

Comcast began notifying the victims on 16 August 2024 and is providing them with free identity theft protection for 12 months. Comcast is partnering with CyEx Identity Defense Complete for credit monitoring and additional support services.

The notification stated that the breach had occurred only in FBCS systems and was unrelated to Comcast's networks themselves. To reach out to the affected customers, the company, Comcast, geared efforts towards helping them manage the fallout of the breach. It provided direct communication and access to a support service. Outside legal counsel for Comcast, Michael Borgia noted, "We are committed to helping our customers navigate the aftermath of this incident and ensuring they have the resources necessary to protect themselves."

Watching Your Back: Protection of Consumer Data End

The Comcast breach highlights the kinds of current risks facing consumers whose data is managed by third-party vendors. In response to this, Comcast is counselling its consumers to be on their guard. Protecting measures include: reviewing account statements for suspicious transactions, reviewing credit reports, and registering for the identity protection services Comcast is offering. Moreover, Comcast is suggesting the enabling of two-step verification for Xfinity accounts in order to increase security to its fullest potential.

This incident underlines the critical need to protect information while ensuring greater caution with regard to personal information in light of more prudent cyber attacks.



Read more »
Personal Information
Customer Data Customer Data Exposed Cybersecurity Breach Data Breach Data Leak Data protection Personal Information

Avis Data Breach Exposes Over 400,000 Customers’ Personal Information

 

Over 400,000 customers of Avis, a prominent car rental company known for its presence at U.S. airports, have had their personal data compromised in a recent cybersecurity breach. The company revealed the incident to the public on Monday, stating that the breach occurred between August 3 and August 6. Avis, which is part of the Avis Budget Group, sent notifications to affected customers last week, advising them on how to protect themselves from potential identity theft or fraud. 

The Avis Budget Group, which owns both Avis and Budget, operates over 10,000 rental locations across 180 countries, generating $12 billion in revenue in 2023, according to its most recent financial report. However, the recent data breach has cast a shadow over its operations, highlighting vulnerabilities in its data security measures. In a data breach notice filed with the Iowa Attorney General’s office, Avis disclosed that the compromised information includes customer names, dates of birth, mailing addresses, email addresses, phone numbers, credit card details, and driver’s license numbers. 

A separate filing with the Maine Attorney General revealed that the data breach has impacted a total of 299,006 individuals so far. Texas has the highest number of affected residents, with 34,592 impacted, according to a report filed with the Texas Attorney General. The fact that sensitive personal information was stored in a manner that allowed it to be accessed by cybercriminals has raised serious questions about the company’s data protection practices. Avis first became aware of the data breach on August 5 and took immediate steps to stop the unauthorized access to its systems.

The company stated that it had launched a comprehensive investigation into the incident and enlisted third-party security consultants to help identify the breach’s origins and scope. Avis has not yet disclosed specific details about the nature of the attack, the vulnerabilities exploited, or the identity of the perpetrators, leaving many questions unanswered. This breach underscores the growing challenges faced by companies in protecting customer data in an increasingly digital world. While Avis acted quickly to contain the breach, the company’s reputation could suffer due to the extent of the data compromised and the sensitive nature of the information accessed. 

The breach also serves as a reminder of the importance of robust cybersecurity measures, especially for businesses that handle large volumes of personal and financial data. The incident has also prompted scrutiny from regulators and data privacy advocates. Many are questioning how sensitive customer information was stored and protected and why it was vulnerable to such an attack. Companies like Avis must ensure they are equipped with advanced security systems, encryption protocols, and regular audits to prevent such breaches from occurring in the future. As the investigation continues, Avis customers are advised to monitor their financial accounts closely, watch for signs of identity theft, and take appropriate measures.
Read more »
Slack
Data Breach Data Hacking data security Disney Disney data leak Disney Slack breach Hacking Group Personal Information Sensitive data Slack

Disney Data Breach Exposes Sensitive Corporate and Personal Information

 

In July, Disney experienced a significant data breach that exposed far more than initially reported, compromising a wide array of sensitive information. While early reports focused on stolen Slack messages, it has since been revealed that the breach extended deep into the company’s critical corporate files. According to sources, hackers gained access to sensitive information, including financial projections, strategic plans, sales data, and streaming forecasts. 

The breach did not stop at corporate data. Hackers also accessed personal information of Disney Cruise Line members, including passport numbers, visa statuses, contact details, and birthplaces. In addition, data related to theme park pass sales was compromised, potentially impacting thousands of visitors. This breach has raised serious concerns about the security of personal data at Disney, one of the world’s most recognized entertainment companies. 

Initially, Disney reported that over a terabyte of data was leaked, but the full extent of the breach is still under investigation. In an August address to investors, the company acknowledged the severity of the attack, prompting questions about the cybersecurity measures in place not only at Disney but also at other major corporations. The incident has highlighted the growing need for robust and effective cybersecurity strategies to protect against increasingly sophisticated cyber threats. The hacking group Nullbulge has claimed responsibility for the attack. 

In a blog post, the group boasted of gaining access to internal data on upcoming projects as well as employee details stored in Disney’s Slack system. This claim has raised further alarms about the potential exposure of sensitive company plans and employee information. When asked to comment on the specifics of the breach, Disney declined to provide details. A spokesperson stated, “We decline to comment on unverified information that has purportedly been obtained as a result of illegal activity.” 

This response underscores the complexity and evolving challenges that companies face in safeguarding sensitive information from cyber threats. As cyber threats become more sophisticated, this breach serves as a stark reminder of the vulnerabilities even within prominent organizations. It emphasizes the urgent need for businesses to strengthen their cybersecurity measures to protect both corporate and personal data from being compromised in an increasingly digital world.
Read more »
Personal Information
Credit Card Credit Card Theft Cyber Security DBS Bank Hacker attack PDPC Personal Information

Esso Corporate Fleet Programme Hit by Ransomware Attack on Abecha Servers

 

A ransomware attack on Abecha, the company managing Singapore’s Esso Corporate Fleet Discount Programme, may have compromised sensitive credit card information of its customers. Abecha discovered the breach on August 13 and notified affected customers on August 28. According to the company, the hackers may have accessed customers’ credit card numbers and expiration dates, but other personal information, such as names, addresses, and contact details, appears to have remained secure. 

In light of the breach, Abecha advised customers to review their credit card statements for any unauthorized or suspicious transactions. They also encouraged prompt reporting of any unusual activity to prevent potential misuse. An Abecha representative stated that there was no indication that any data had been taken by unauthorized parties. The company assured customers that their transactions were secure, and normal business operations were continuing. The Esso Corporate Fleet Discount Programme, a collaboration with ExxonMobil, has been in operation since 2003 and currently serves more than 18,000 corporate clients. 

The programme provides fuel discounts to corporate employees and is one of Abecha’s key offerings, alongside other corporate programmes with Citibank and DBS Bank. Following the attack, Abecha quickly shut down the affected servers and hired data protection and cybersecurity specialists to investigate the breach and recommend additional security protocols. The company also filed a police report and informed the Personal Data Protection Commission Singapore (PDPC), which is now investigating the incident. Despite assurances from Abecha, some customers have expressed concern. 

Alson Tang, a public relations professional, voiced his anxiety since he had provided his bank account number when signing up for the discount programme. “Fuel prices are high, and the discount is appealing, but my trust in the organization has been somewhat shaken,” Tang said. Davidson Chua, co-founder of the car-selling aggregator platform Telequotes, called the news “alarming.” While he had not detected any suspicious activity on his credit card, he noted that he might not have checked had he not learned of the breach. “If I hadn’t heard about this, I wouldn’t have checked my credit card transactions, and something could have happened, especially since I don’t use the Abecha Esso fleet card regularly,” Chua said, indicating he would likely cancel his card. 

This incident highlights the importance of stringent cybersecurity measures for companies handling sensitive financial data. The PDPC’s investigation may provide further insights into the breach and any potential regulatory consequences for Abecha.
Read more »
Subscribe to: Posts (Atom)