Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Third-Party Risks. Show all posts
Third-Party Risks
Bank Data Leak Customer Data Data Breach Data Leak Financial Data Breach Fintech Ransomware attack Third-Party Risks

Wise and Evolve Data Breach Highlights Risks of Third-Party Partnerships

 

Wise, a prominent financial technology company, recently disclosed a data breach impacting some customer accounts due to a ransomware attack on their former partner, Evolve Bank & Trust. The breach has raised significant concerns about the security of third-party partnerships, especially in financial services. From 2020 to 2023, Wise partnered with Evolve to provide USD account details for their customers. Last week, Evolve confirmed an attack attributed to the notorious ransomware group LockBit. 

The group leaked the data after the bank refused to pay the ransom. The breach underscores the precarious nature of relying on third-party companies for critical services and trusting their security measures. Evolve has not yet confirmed the specific personal information leaked. However, Wise has taken a transparent approach, confirming that the shared information included names, addresses, dates of birth, contact details, Social Security numbers (SSNs) or Employer Identification Numbers (EINs) for U.S. customers, and other identity document numbers for non-U.S. customers. 

Evolve’s initial investigation suggests that names, SSNs, bank account numbers, and contact information for most of their personal banking customers, as well as customers of their Open Banking partners, were affected. In response to the breach, Wise assured its customers that they no longer work with Evolve Bank & Trust. Currently, USD account details are provided by a different bank, emphasizing their commitment to security and customer trust. 

Wise has implemented additional security protocols and is collaborating with cybersecurity experts to understand the breach’s scope and fortify their defenses. Wise has proactively communicated with its customers, recommending precautionary steps such as changing passwords, enabling two-factor authentication, and monitoring account activity for any suspicious transactions. They have also provided resources and support to help customers protect their information. The breach has heightened concerns among customers regarding the security of their personal and financial information. 

Despite the challenges posed by the breach, Wise’s proactive approach and transparent communication have helped reassure customers. The company continues to work closely with cybersecurity experts to enhance their defenses and prevent future incidents. As the investigation progresses, Wise is determined to provide regular updates and support to affected customers. Their dedication to transparency and user security remains unwavering, ensuring that they take every step necessary to safeguard their users’ information and maintain their trust. 

This incident highlights the growing threat of cyberattacks on financial institutions and the critical need for robust security measures. Customers are reminded to stay alert and take proactive steps to protect their online accounts. Wise’s efforts to address the breach and protect their users underscore their commitment to maintaining trust and security for their customers.
Read more »
Third-Party Risks
Biometric data biometric vulnerability Data Breach Data Leak Hackers attack Indian Government Indian Government hacked personal information exposure Third-Party Risks

Massive Data Breach Exposes Sensitive Information of Indian Law Enforcement Officials

 

Recently, a significant data breach compromised the personal information of thousands of law enforcement officials and police officer applicants in India. Discovered by security researcher Jeremiah Fowler, the breach exposed sensitive details such as fingerprints, facial scans, signatures, and descriptions of tattoos and scars. Alarmingly, around the same time, cybercriminals advertised the sale of similar biometric data on Telegram. 

The breach was traced to an exposed web server linked to ThoughtGreen Technologies, an IT firm with offices in India, Australia, and the United States. Fowler found nearly 500 gigabytes of data, encompassing 1.6 million documents dating from 2021 to early April. This data included personal information about various professionals, including teachers, railway workers, and law enforcement officials. Among the documents were birth certificates, diplomas, and job applications. 

Although the server has been secured, the incident highlights the risks of collecting and storing biometric data and the potential misuse if leaked. “You can change your name, you can change your bank information, but you can't change your actual biometrics,” Fowler noted. This data, if accessed by cybercriminals, poses a long-term risk, especially for individuals in sensitive law enforcement roles. Prateek Waghre, executive director of the Internet Freedom Foundation, emphasized the extensive biometric data collection in India and the heightened security risks for law enforcement personnel. 

If compromised, such data can be misused to gain unauthorized access to sensitive information. Fowler also found a Telegram channel advertising the sale of Indian police data, including specific individuals’ information, shortly after the database was secured. The structure and screenshots of the data matched what Fowler had seen. For ethical reasons, he did not purchase the data, so he could not fully verify its authenticity. In response, ThoughtGreen Technologies stated, “We take data security very seriously and have taken immediate steps to secure the exposed data.” 

They assured a thorough investigation to prevent future incidents but did not provide specific details. The company also reported the breach to Indian law enforcement but did not specify which organization was contacted. When shown a screenshot of the Telegram post, the company claimed it was “not our data.” Telegram did not respond to requests for comment. 

Shivangi Narayan, an independent researcher, stressed the need for more robust data protection laws and better data handling practices by companies. Data breaches are so frequent that they no longer shock people, as evidenced by a recent face-recognition data breach involving an Indian police force.

Globally, as governments and organizations increasingly use biometric data for identity verification and surveillance, the risk of data leaks and abuse rises. For example, a recent face recognition leak in Australia affected up to a million people and led to a blackmail charge. It also has to be noted that many countries are looking at biometric verification for identities, and all of that information has to be stored somewhere. If they decide to farm it out to a third-party company, they lose control of that data.
Read more »
Third-Party Risks
customer privacy Cyber Security data security Incident response Third-Party Risks

Data Breach at Giant Tiger: Protecting Customer Information in the Digital Age

Data Breach at Giant Tiger: Protecting Customer Information in the Digital Age

In an increasingly interconnected world, data breaches have become a recurring nightmare for organizations of all sizes. The recent incident at Giant Tiger Stores Ltd., a popular discount retailer based in Ottawa, serves as a stark reminder of the importance of safeguarding customer information.

The Breach

On March 4, Giant Tiger discovered that its customer data had been compromised. The breach affected various categories of customers:

Email Subscribers: Names and email addresses of those who subscribe to Giant Tiger emails.

Loyalty Members and Online Orders: Names, emails, and phone numbers of loyalty members and customers who placed online orders for in-store pickups.

Home Delivery Orders: Some customers who placed online orders for home delivery may have had their street addresses compromised.

Thankfully, no payment information or passwords were part of the data breach. However, the incident highlights the vulnerability of customer data and the need for robust security measures.

Third-Party Vendor Involvement

Giant Tiger’s breach was linked to a third-party vendor. While the retailer did not disclose the vendor’s name, it relies on this external partner for managing customer communications and engagement. This situation underscores the risks associated with outsourcing critical functions to third parties. Organizations must carefully vet their vendors and ensure they adhere to stringent security protocols.

The Fallout

The fallout from a data breach can be severe:

Reputation Damage: Customers trust companies with their personal information. When that trust is violated, it erodes brand reputation. Giant Tiger now faces the challenge of rebuilding customer confidence.

Legal and Regulatory Consequences: Data breaches often trigger legal and regulatory investigations. Organizations may face fines, lawsuits, and compliance requirements. In Giant Tiger’s case, the breach occurred in Canada, where privacy laws are stringent.

Financial Impact: Remediation efforts, legal fees, and potential compensation to affected customers can strain an organization’s finances. Moreover, the cost of reputational damage can be immeasurable.

Mitigation Strategies

To prevent such incidents, companies must adopt proactive measures:

Vendor Risk Assessment: Regularly assess third-party vendors’ security practices. Understand their data handling processes and ensure they align with your organization’s standards.

Encryption and Access Controls: Encrypt sensitive data and limit access to authorized personnel. Implement robust access controls to prevent unauthorized entry.

Employee Training: Educate employees about cybersecurity best practices. Human error remains a significant factor in data breaches.

Incident Response Plan: Have a well-defined incident response plan in place. Swift action can minimize damage and protect customer trust.

Transparency and Communication

Giant Tiger’s response has been commendable. They hired cybersecurity experts for an independent investigation and promptly informed affected customers. Transparency is crucial during a breach. Customers appreciate honesty and timely updates.

Read more »
Subscribe to: Posts (Atom)