Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Private Details. Show all posts

Personal Details of 30k Florida Healthcare Professionals Exposed in Unprotected Database

 

Cybersecurity researcher Jeremiah Fowler and a team of ethical hackers with Website Planet have unearthed a non-password-protected database that exposed the private details of more than 30,000 US healthcare professionals. 

Gale Healthcare Solutions, Florida based tech firm maintains a database with 170,239 exposed records that include names, emails, home addresses, photographs, as well as Social Security Numbers and tax papers. The leaked data also included forms about certain incidents, disciplines, and termination. Owing to the cyberattack, the trade volume of the company has gone down, CoinGecko CEO Bobby reported. “Crypto exchange hacks are fairly common. Exchanges are a honeypot for hackers because of the high potential payoff for any successful exploit,” he said.

"We only reviewed a limited sampling of documents and did not review each and every file. The files were hosted on an AWS cloud server, and many of the registration documents were open and publicly accessible," Fowler told ZDNet. 

"The images I saw were usually of the healthcare worker's face or ID badge, but the URL contained their full name, SSN, and a number consistent with an SSN. I called several individuals and validated only that these were real people and their information matched that in the files." 

Due to the high confidentiality of the SSN, it was not appropriate to inquire the victims or ask them to validate their data, the researcher explained. 

"These people have a hard enough job without a random stranger calling them and reading out their SSN to them. If the names, phone numbers, and locations of these individuals matched those who I called and validated, it is logical to assume that the number indicated as SSN would most likely be real," he added. 

"I can only speculate that someone at Gale likely assumed this would make content management easier if the link had all needed information and could be easily indexed in a readable format and not a more secure unidentifiable internal code ID structure. They also overlooked that these URL paths and file names were not secure or private. Even if the images did not contain pictures of SSN cards, exposure in the numerical text of the image name is just as much of privacy risk and identity threat." 

Initially, the firm did not answer requests for comment, but after this story was posted, it sent a statement disputing some of what Fowler and Website Planet discovered.

"When the researcher notified us of a potential vulnerability in September, the environment had already been deactivated and secured. There is no evidence there was any further unauthorized access beyond the researcher or that any personal data has been, or will be, misused," the company stated. 

According to Gale, they haven’t determined how long the database was open to the public and who else may have accessed it. However, the researcher refused to comment about whether they have notified any healthcare professionals who may have had their personal details leaked. He said the firm is obliged to notify victims as part of the Florida Information Protection Act of 2014.

Personal Details of 7 Million Customers Exposed in Robinhood Data Breach

 

Robinhood is the latest online trading platform where threat actors are targeting users. On Nov. 8, the company announced that a data breach exposed the private details of more than 7 million of its customers. Out of them, five million had their email addresses accessed and two million had their full names exposed.

The company said in a news release, the hackers had not accessed any social security numbers, bank account numbers, or debit card information and no customers experienced “financial loss” from the data breach. 

“A malicious hacker had socially engineered a customer service representative over the phone on November 3 to get access to customer support systems. That allowed the hacker to obtain customer names and email addresses, but also the additional full names, dates of birth, and ZIP codes of 310 customers,” the company said in a blog post. 

Robinhood Chief Security Officer Caleb Sima revealed that the hacker threatened to publish the stolen data if the ransom was not paid. The company instead notified law enforcement and security firm Mandiant to investigate the breach. However, the company declined to share details as to whether the firm paid the culprit. 

“As a Safety-First company, we owe it to our customers to be transparent and act with integrity. Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do,” Caleb Sima stated. 

Robinhood said that 10 customers had “more extensive account details revealed.  According to security experts, it’s precisely that kind of information that malicious hackers feed on to facilitate further attacks against victims, like targeted phishing emails, since names and dates of birth can often be used to verify a person’s identity.

This isn't the first security incident Robinhood has faced in recent years. Last year, 2,000 accounts were compromised, and customers’ money was stolen. At the time, it came under fire because affected customers could not contact the company. It has since invested heavily in improving its customer service systems. 

How to protect yourself against threat actors

• Don't click on links in emails 
• Use unique and complex passwords 
• Use two-factor authentication (2FA) 
• Be suspicious of emails if they're pushing you to share your information

Scammers are Using Fake Job Listing to Steal Applicants Identities

 

Job hunting during a pandemic has proven to be much harder than in normal times. Threat actors are using phony job advertisements with the motive to steal your identity and use it to commit scams. 

One of the methods scammers employ to tempt people is by advertising unusually generous pay. One such example is of Airport shuttle driver vacancy in which scammers are offering a job that involves picking up passengers for 35 hours a week at an appealing weekly pay rate that works out to more than $100,000 a year. 

But in reality, airports aren't really offering six-figure salaries for shuttle drivers. Instead, the fake ads are scammers’ latest attempt to steal people’s identities and use them to commit fraud, according to recent warnings from the FBI, the Federal Trade Commission, and cybersecurity firms that monitor such cyber frauds. 

The U.S. Secret Service responsible for investigating financial crimes, also acknowledged that it has noticed a “marked increase” in phony job ads seeking to steal people’s personal data, often with the motive of filing fake unemployment insurance claims.

“These fraudsters, they’re like a virus. They continue to mutate. This particular mutation is an emerging threat,” said Haywood Talcove, chief executive of the government division of LexisNexis Risk Solutions. 

Earlier this year in March, LexisNexis discovered around 2,900 ads offering unusually generous pay, using suspicious email domains and requiring that one verify one’s identity upfront. The total of these fake job scams surged to 18,400 by July, and then to 36,350 as of this month. Talcove said these figures are based on a small sample of job ads and that the real number is likely much higher.

According to the U.S. Department of Labor, nearly 2.9% of total workers in America quit their jobs in August which is an all-time-high. Meanwhile, huge numbers of laid-off workers are still seeking out work, making for a historic churn in the labor market. In 2020, the FBI’s Internet Crime Complaint Center data showed 16,012 people were victims of employment scams. 

Some scammers recreate companies’ hiring websites to trick people. One such fake job application site uses Spirit Airlines’ photos, text, font, and color code. The fake site asks applicants to upload a copy of both sides of their driver’s license at the outset of the process and sends them an email seeking more information from a web address that resembles Spirit’s, with an extra “i” (spiiritairline.com). 

Last week, the FBI issued an alert regarding phony websites that scammers design to resemble the state unemployment websites of Illinois, Maryland, Nevada, New Mexico, and Wisconsin. Fraudsters use the sites to steal victims’ private details, according to the FBI. 

To mitigate the risks, the FBI recommends people search the company by its name only. If multiple websites with similar names pop up, that may suggest the job listing is fake. Also, companies typically ask for bank account information after hiring applicants, not before. The FBI is also requesting people to never provide bank details to an employer and to only reveal personal details after verifying the firm's identity.

Four Months Later, Cox Media Group Acknowledges Ransomware Attack

 

Cox Media Group (CMG), which owns 57 TV and radio stations across 20 American markets, has formally announced that it was hit by a ransomware attack that crippled live TV and radio broadcast streams in June 2021.

The firm confirmed the assault in data breach notification letters sent last week via U.S. Mail to over 800 affected individuals whose private details were exposed in the attack. The media firm first informed potentially impacted individuals of the incident via email on July 30. 

"On June 3, 2021, CMG experienced a ransomware incident in which a small percentage of servers in its network were encrypted by a malicious threat actor. CMG discovered the incident on the same day, when CMG observed that certain files were encrypted and inaccessible,” the broadcasting firm stated.

Private information leaked, but not stolen

Cox Media Group instantly took down programs offline after the attack was discovered and reported the incident to the FBI after launching an investigation with the help of exterior cybersecurity specialists. 

The media company discovered proof that threat actors exfiltrated private details stored on the breached systems. While they also tried to exfiltrate this data outside of CMG's network, there is no evidence that they were successful in their attempt. Additionally, there was no evidence of identity theft, fraud, or financial losses impacting potentially affected individuals.

According to the breach notification letter, private details leaked during the assault include names, addresses, Social Security numbers, financial account numbers, health insurance information, health insurance policy numbers, medical condition information, medical diagnosis information, and online user credentials, stored for human resource management purposes.

"CMG did not pay a ransom or provide any funds to the threat actor as a result of this incident. There has been no observed malicious activity in CMG's environment since June 3, 2021," CMG added.

The corporate has additionally taken a number of steps to enhance its programs’ safety. "These steps include multi-factor authentication protocols, performing an enterprise-wide password reset, deploying additional endpoint detection software, reimaging all end-user devices, and rebuilding clean networks," CMG explained. 

CMG is a broadcasting, publishing, and digital media services company created by the amalgamation of Cox Newspapers, Cox Radio, and Cox Television in 2008. Its operations embrace 33 tv stations (including main associates of ABC, CBS, FOX, NBC, and MyNetworkTV), 65 radio stations, as well as more than 100 news outlets.