Data Breaches
www.theverge.com
> Keep yourself safe after a data breach. Not my usual post, but maybe someone will find it useful.
> Nidec Corporation is informing that hackers behind a ransomware attack is suffered earlier this year stole data and leaked it on the dark web.
arstechnica.com
> The bankrupt company may not see any consequences.
> The BianLian ransomware group has claimed the cyberattack on Boston Children's Health Physicians (BCHP) and threatens to leak stolen files unless a ransom is paid.
> Insurance giant Globe Life says an unknown threat actor attempted to extort money in exchange for not publishing data stolen from the company's systems earlier this year.
> Cisco has confirmed to BleepingComputer that it is investigating recent claims that it suffered a breach after a threat actor began selling allegedly stolen data on a hacking forum.
techcrunch.com
> A ransomware and extortion racket called Underground has claimed responsibility for the breach on its dark web leak site, which TechCrunch has seen.
> Japanese video game developer Game Freak has confirmed it suffered a cyberattack in August after source code and game designs for unpublished games were leaked online.
theintercept.com
> A recent data breach is not the only way that Internet Archive users have been left vulnerable online.
www.techspot.com
> Jerico Pictures, the data brokerage company operating as National Public Data, recently filed for bankruptcy in the Southern District of Florida. The organization was compromised by a cybercriminal group known as "USDoD," which listed a massive trove of personal information for sale on the dark web at the discounted price of $3.5 million.
> Fidelity Investments, a Boston-based multinational financial services company, disclosed that the personal information of over 77,000 customers was exposed after its systems were breached in August.
> The Underground ransomware gang has claimed responsibility for an October 5 attack on Japanese tech giant Casio, which caused system disruptions and impacted some of the firm's services.
www.csoonline.com
> The insurance firm’s CISO took $150,000 for selling 7.24 terabytes of data, according to the hacker who said the company’s senior management was involved in the data breach.
> Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records.
> An APT hacking group known as GoldenJackal has successfully breached air-gapped government systems in Europe using two custom toolsets to steal sensitive data, like emails, encryption keys, images, archives, and documents.
> Japanese tech giant Casio has suffered a cyberattack after an unauthorized actor accessed its networks on October 5, causing system disruption that impacted some of its services.
> MoneyGram has confirmed that hackers stole customers' personal information and transaction data in a September cyberattack that caused a five-day outage.
> Home and small business security company ADT disclosed it suffered a breach after threat actors gained access to its systems using stolen credentials and exfiltrated employee account data.
> Comcast Cable Communications and Truist Bank have disclosed they were impacted by a data breach at FBCS, and are now informing their respective customers that their data has been compromised.
> On Thursday, K-12 school district Highline Public Schools confirmed that a ransomware attack forced it to shut down all schools in early September.
www.csoonline.com
> Despite layers of protection rolled out by Adobe, active CosmicSting exploits plague Adobe Commerce customers.
> The national Dutch police (Politie) says that a state actor was likely behind the data breach it detected last week.
techcrunch.com
> The Paris-based news giant said it notified French regulators of a potential data breach following a recent cyberattack.
www.csoonline.com
> The threat actor posted a sample of stolen data on the dark web, consisting of customers’ personal and billing information.
> The Federal Communications Commission (FCC) announced a $31.5 million settlement with T-Mobile over multiple data breaches that compromised the personal information of millions of U.S. consumers.
techcrunch.com
> Reset your clocks: Meta has been hit with yet another privacy penalty in Europe. On Friday, Ireland’s Data Protection Commission (DPC) announced a reprimand and a €91 million fine — around $101.5 million at current exchange rates — after concluding a multiyear investigation into a 2019 security breach by Facebook’s parent company.
techcrunch.com
> The world’s second-largest money transfer provider, which filed a data breach notice with U.K. authorities, serves over 50 million people.
techcrunch.com
> The health insurance giant is investigating an incident that allegedly leaked sensitive customer medical data.
> A group of security researchers discovered critical flaws in Kia's dealer portal that could let hackers locate and steal millions of Kia cars made after 2013 using just the targeted vehicle's license plate.
> AutoCanada is warning that employee data may have been exposed in an August cyberattack claimed by the Hunters International ransomware gang.
> The Centers for Medicare & Medicaid Services (CMS) federal agency announced earlier this month that health and personal information of more than three million health plan beneficiaries was exposed in the MOVEit attacks Cl0p ransomware conducted last year.
> Money transfer giant MoneyGram has confirmed it suffered a cyberattack after dealing with system outages and customer complaints about lack of service since Friday.
> Dell has confirmed to BleepingComputer that they are investigating recent claims that it suffered a data breach after a threat actor leaked the data for over 10,000 employees.
www.csoonline.com
> The data is available for free in small portions, while bulk data — amounting to 7.24 terabytes — is being offered for sale, according to a hacker using the alias “xenZen.”
> On Tuesday, Russian anti-malware company Doctor Web (Dr.Web) disclosed a security breach after its systems were targeted in a cyberattack over the weekend.
> Temu denies it was hacked or suffered a data breach after a threat actor claimed to be selling a stolen database containing 87 million records of customer information.
> The Federal Communications Commission (FCC) has reached a $13 million settlement with AT&T to resolve a probe into whether the telecom giant failed to protect customer data after a vendor's cloud environment was breached three years ago.
> Over 1,000 misconfigured ServiceNow enterprise instances were found exposing Knowledge Base (KB) articles that contained sensitive corporate information to external users and potential threat actors.