Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Customer Data. Show all posts
Ransomwares
Customer Data Cyberattack Data Breach Data Leak data security Personal Information personal information exposure Qilin Qilin Ransomware Ransomware attack Ransomware group Ransomwares

Lee Enterprises Ransomware Attack Exposes Data of 40,000 Individuals

 

Lee Enterprises, a major U.S. news publisher, is alerting nearly 40,000 individuals about a data breach following a ransomware attack that took place in early February 2025. The company, which owns and operates 77 daily newspapers and hundreds of weekly and special-interest publications across 26 states, reported that the cyberattack resulted in the theft of personal information belonging to thousands of people. 

Details of the breach were revealed in a recent disclosure to the Maine Attorney General’s office. According to the company, the attackers gained unauthorized access to internal documents on February 3, 2025. These files contained combinations of personal identifiers such as names, Social Security numbers, driver’s license details, bank account information, medical data, and health insurance policy numbers. The security incident caused widespread operational disruptions. 

Following the attack, Lee Enterprises was forced to shut down multiple parts of its IT infrastructure, impacting both the printing and delivery of its newspapers. Several internal tools and systems became inaccessible, including virtual private networks and cloud storage services, complicating daily workflows across its local newsrooms. In a filing with the U.S. Securities and Exchange Commission shortly after the breach, the company confirmed that critical systems had been encrypted and that a portion of its data had been copied by the attackers. 

The source of the attack is yet to be identified, a group known as Qilin has allegedly claimed responsibility near the end of February. The group alleged it had stolen over 120,000 internal files, totaling 350 gigabytes, and threatened to publish the material unless their demands were met. Soon after, Qilin posted a sample of the stolen data to a dark web leak site, which included scans of government-issued IDs, financial spreadsheets, contracts, and other confidential records. The group also listed Lee Enterprises as a victim on its public-facing extortion portal. 

When asked about the authenticity of the leaked data, a spokesperson for Lee Enterprises stated the company was aware of the claims and was actively investigating. This is not the first cybersecurity issue Lee Enterprises has faced. The company’s network was previously targeted by foreign actors during the lead-up to the 2020 U.S. presidential election, where hackers from Iran allegedly attempted to use compromised media outlets to spread disinformation. 

The ransomware attack highlights ongoing threats facing media companies, especially those handling high volumes of personal and financial data. As Lee Enterprises continues its recovery and legal steps, the incident serves as a reminder of the need for robust digital defenses in today’s information-driven landscape.
Read more »
GitHub Advanced Security
AWS Cloud Security Critical Infrastructure Customer Data Cyberattack Data Breach Data Safety User Data data security GitHub GitHub Advanced Security

Massive Cyberattack Disrupts KiranaPro’s Operations, Erases Servers and User Data


KiranaPro, a voice-powered quick commerce startup connected with India’s Open Network for Digital Commerce (ONDC), has been hit by a devastating cyberattack that completely crippled its backend infrastructure. The breach, which occurred over the span of May 24–25, led to the deletion of key servers and customer data, effectively halting all order processing on the platform. Despite the app still being live, it is currently non-functional, unable to serve users or fulfill orders. 


Company CEO Deepak Ravindran confirmed the attack, revealing that both their Amazon Web Services (AWS) and GitHub systems had been compromised. As a result, all cloud-based virtual machines were erased, along with personally identifiable information such as customer names, payment details, and delivery addresses. The breach was only discovered on May 26, when the team found themselves locked out of AWS’s root account. Chief Technology Officer Saurav Kumar explained that while they retained access through IAM (Identity and Access Management), the primary cloud environment had already been dismantled. 

Investigations suggest that the initial access may have been gained through an account associated with a former team member, although the company has yet to confirm the source of the breach. To complicate matters, the team’s multi-factor authentication (MFA), powered by Google Authenticator, failed during recovery attempts—raising questions about whether the attackers had also tampered with MFA settings. 

Founded in late 2024, KiranaPro operates across 50 Indian cities and allows customers to order groceries from local kirana shops using voice commands in multiple languages including Hindi, Tamil, Malayalam, and English. Before the cyberattack, the platform served approximately 2,000 orders daily from a user base of over 55,000 and was preparing for a major rollout to double its footprint across 100 cities. 

Following the breach, KiranaPro has contacted GitHub for assistance in identifying IP addresses linked to the intrusion and has initiated legal action against ex-employees accused of withholding account credentials. However, no final evidence has been released to the public about the precise origin or nature of the attack. 

The startup, backed by notable investors such as Blume Ventures, Snow Leopard Ventures, and TurboStart, had recently made headlines for acquiring AR startup Likeo in a $1 million stock-based deal. High-profile individual investors include Olympic medalist P.V. Sindhu and Boston Consulting Group’s Vikas Taneja. 

Speaking recently to The Indian Dream Magazine, Ravindran had laid out ambitious plans to turn India’s millions of kirana stores into a tech-enabled delivery network powered by voice AI and ONDC. International expansion, starting with Dubai, was also on the horizon—plans now put on hold due to this security incident. 

This breach underscores how even tech-forward startups are vulnerable when cybersecurity governance doesn’t keep pace with scale. As KiranaPro works to recover, the incident serves as a wake-up call for cloud-native businesses managing sensitive data.
Read more »
Sensitive Information
Customer Data Cyber Attacks Data Leak Data protection data security Data Theft Employee Data Identity Theft Prevention Radio Station Sensitive Information

iHeartMedia Cyberattack Exposes Sensitive Data Across Multiple Radio Stations

 

iHeartMedia, the largest audio media company in the United States, has confirmed a significant data breach following a cyberattack on several of its local radio stations. In official breach notifications sent to affected individuals and state attorney general offices in Maine, Massachusetts, and California, the company disclosed that cybercriminals accessed sensitive customer information between December 24 and December 27, 2024. Although iHeartMedia did not specify how many individuals were affected, the breach appears to have involved data stored on systems at a “small number” of stations. 

The exact number of compromised stations remains undisclosed. With a network of 870 radio stations and a reported monthly audience of 250 million listeners, the potential scope of this breach is concerning. According to the breach notification letters, the attackers “viewed and obtained” various types of personal information. The compromised data includes full names, passport numbers, other government-issued identification numbers, dates of birth, financial account information, payment card data, and even health and health insurance records. 

Such a comprehensive data set makes the victims vulnerable to a wide array of cybercrimes, from identity theft to financial fraud. The combination of personal identifiers and health or insurance details increases the likelihood of victims being targeted by tailored phishing campaigns. With access to passport numbers and financial records, cybercriminals can attempt identity theft or engage in unauthorized transactions and wire fraud. As of now, the stolen data has not surfaced on dark web marketplaces, but the risk remains high. 

No cybercrime group has claimed responsibility for the breach as of yet. However, the level of detail and sensitivity in the data accessed suggests the attackers had a specific objective and targeted the breach with precision. 

In response, iHeartMedia is offering one year of complimentary identity theft protection services to impacted individuals. The company has also established a dedicated hotline for those seeking assistance or more information. While these actions are intended to mitigate potential fallout, they may offer limited relief given the nature of the exposed information. 

This incident underscores the increasing frequency and severity of cyberattacks on media organizations and the urgent need for enhanced cybersecurity protocols. For iHeartMedia, transparency and timely support for affected customers will be key in managing the aftermath of this breach. 

As investigations continue, more details may emerge regarding the extent of the compromise and the identity of those behind the attack.
Read more »
secure VPN
Customer Data customer data privacy Cyber Security Identity Fraud Identity Theft identity theft protection NordVPN secure VPN

NordVPN Introduces £5,000 ID Theft Recovery Coverage for UK Users on Ultimate Plan

 

NordVPN has launched a new identity theft recovery benefit for its UK subscribers, offering up to £5,000 in reimbursement to help users recover from the financial and emotional toll of identity fraud. This latest addition to its cybersecurity toolkit is exclusively available to customers subscribed to the NordVPN Ultimate plan, priced at £5.09 per month, paid annually at £137.43. 

This move comes amid growing concerns over online threats, especially following recent data breaches involving major UK retailers like Marks & Spencer, Harrods, and Co-op. In these incidents, attackers managed to access sensitive customer data, highlighting the increasing risk faced by consumers today. NordVPN’s ID theft recovery feature complements its existing scam loss protection and is designed to ease the burden of recovering one’s identity after it has been compromised. 

Covered expenses include restoring credit ratings, resolving issues with bank accounts or loans, and even reclaiming lost wages if a victim had to take time off work to deal with the aftermath of identity theft. Additionally, this protection can help victims clear their names in cases where their identities are used for malicious purposes. For those who fall prey to scams—whether through phishing, AI-driven deepfake schemes, or romance fraud—NordVPN offers up to 12 months to file a claim if their bank or financial institution cannot provide assistance. 

These benefits are not limited to the UK alone. NordVPN’s coverage also extends to users in countries like France, Germany, Italy, Sweden, and the Netherlands, with 24/7 access to support services. While NordVPN Basic remains the more affordable option at £2.39 per month, the Ultimate plan’s added layer of financial security could be a worthwhile upgrade for users seeking peace of mind. In comparison, NordVPN users in the United States receive broader coverage through the NordProtect service, which includes cyber extortion and fraud protection with coverage up to $1 million—either through NordVPN Prime or as a standalone service.  

Although the UK plan doesn’t offer the same level of compensation as its U.S. counterpart, the £5,000 coverage still represents a meaningful step toward consumer protection. In an age where cyberattacks are common and even large companies struggle to safeguard data, investing in robust protection is becoming increasingly important. Whether or not users choose to upgrade, staying informed about digital security best practices remains the first line of defence.
Read more »
Sensitive data
Co-op Customer Data Customer Data Exposed cyber attack Data Breach Data Leak data security IT Infrastructure Sensitive data

Co-op Cyberattack Exposes Member Data in Major Security Breach

 

Millions of Co-op members are being urged to remain vigilant following a significant cyberattack that led to a temporary shutdown of the retailer’s IT infrastructure. The company confirmed that the breach resulted in unauthorized access to sensitive customer data, although it emphasized that no financial or account login information was compromised. 

Shirine Khoury-Haq, Chief Executive Officer of Co-op, addressed members directly, expressing regret and concern over the breach. She assured customers that the company’s core operations were largely unaffected by the attack and that members could continue to use their accounts and services as normal. However, she acknowledged the seriousness of the data exposure, which has affected both current and past members of the Co-op Group. 

“We deeply regret that personal member information was accessed during this incident. While we’ve been able to prevent disruption to our services, we understand how unsettling this news can be,” Khoury-Haq stated. “I encourage all members to take standard security precautions, including updating their passwords and ensuring they are not reused across platforms.” 

According to an official statement from Co-op, the malicious activity targeted one of their internal systems and successfully extracted customer data such as names, contact information, and dates of birth. Importantly, the company clarified that no passwords, payment details, or transactional records were included in the breach. They also emphasized that their teams are actively investigating the incident in coordination with the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA). 

The company said that it has implemented enhanced security measures to prevent further unauthorized access, while minimizing disruption to business operations and customer services. Forensic specialists are currently assessing the full scope of the breach, and affected individuals may be contacted as more information becomes available. In response to the incident, Stephen Bonner, Deputy Commissioner of the UK Information Commissioner’s Office (ICO), offered guidance to concerned members. “Cyberattacks like this can be very unsettling for the public. 

If you’re concerned about your data, we recommend using strong, unique passwords for each of your online accounts and enabling two-factor authentication wherever possible,” he advised. “Customers should also stay alert to updates from Co-op and follow any specific instructions they provide.” The Co-op has apologized to its customers and pledged to continue prioritizing data protection as it works to resolve the issue. While the investigation continues, members are encouraged to remain cautious and take proactive steps to safeguard their personal information online.
Read more »
Personal Data
Bank CyberSecurity Bank Data Leak Cleo Server CLOP Customer Data Data Breach Data Leak Data Theft Identity Theft Personal Data

Western Alliance Bank Data Breach Exposes Nearly 22,000 Customers’ Personal Information

 

Western Alliance Bank has alerted nearly 22,000 customers that their personal information was compromised following a cyberattack in October. The breach stemmed from a vulnerability in a third-party vendor’s secure file transfer software, which allowed attackers to gain unauthorized access to the bank’s systems and extract sensitive customer data. 

Western Alliance, a subsidiary of Western Alliance Bancorporation with over $80 billion in assets, first disclosed the incident in a February SEC filing. The bank revealed that hackers exploited a zero-day vulnerability in the software, which was officially disclosed on October 27, 2024. However, unauthorized access to the bank’s systems had already occurred between October 12 and October 24. The breach was only confirmed after the attackers leaked stolen files online. 

According to breach notification letters sent to 21,899 affected customers and filed with the Office of Maine’s Attorney General, the stolen data includes names, Social Security numbers, birth dates, financial account details, driver’s license numbers, tax identification numbers, and passport information if previously provided to the bank. Despite the exposure, Western Alliance stated there is no evidence of fraud or identity theft resulting from the breach. 

To support affected customers, the bank is offering one year of free identity protection services through Experian IdentityWorks Credit 3B. Although Western Alliance did not disclose the name of the compromised software in its SEC filing or customer notifications, the Clop ransomware gang has claimed responsibility for the attack. In January, Clop listed the bank among 58 companies targeted in a campaign that exploited a critical zero-day vulnerability (CVE-2024-50623) in Cleo LexiCom, VLTransfer, and Harmony software. 

The ransomware group had previously leveraged similar security flaws in MOVEit Transfer, GoAnywhere MFT, and Accellion FTA to conduct large-scale data theft operations. Further investigations revealed that Clop exploited an additional zero-day vulnerability (CVE-2024-55956) in Cleo software in December. This allowed them to deploy a Java-based backdoor, dubbed “Malichus,” enabling deeper infiltration into victims’ networks. Cleo, which serves over 4,000 organizations worldwide, confirmed the vulnerability had been used to install malicious backdoor code in affected instances of its Harmony, VLTrader, and LexiCom software. 

The full extent of the breach remains unclear, but it highlights the growing risks posed by vulnerabilities in third-party software. Organizations relying on such solutions must remain vigilant, promptly apply security patches, and implement robust defenses to prevent similar incidents.
Read more »
Privacy
Customer Data Federal Trade Commission General Motors Privacy

GM Faces FTC Ban on Selling Customer Driving Data for Five Years

 



General Motors (GM) and its OnStar division have been barred from selling customer-driving data for the next five years. This decision follows an investigation that revealed GM was sharing sensitive customer information without proper consent.  

How Did This Happen?

This became public after it was discovered that GM had been gathering detailed information about how customers drove their vehicles. This included how fast they accelerated, how hard they braked, and how far they travelled. Rather than keeping this data private, GM sold it to third parties, including insurance companies and data brokers.

Many customers did not know about this practice and complained when their insurance premiums suddenly increased. According to reports, one customer complained that they had enrolled in OnStar to enjoy its tracking capabilities, not to have their data sold to third parties.

FTC's Allegations

The Federal Trade Commission (FTC) accused GM of misleading customers during the enrollment process for OnStar’s connected vehicle services and Smart Driver program. According to the FTC, GM failed to inform users that their driving data would be collected and sold.

FTCP Chair Lina Khan said GM tracked and commercially sold the extremely granular geolocation data of consumers and drove behaviour as frequently as every couple of seconds, and the settlement action is taking to protect privacy and prevent people from being subjected to unauthorized surveillance, according to officials.

Terms of Settlement

 Terms of the agreement require GM to:
1. Explain clearly data collection practices.
2. Obtain consent before collecting or sharing any driving data.  
3. Allow customers to delete their data upon request.  
Additionally, GM has ended its OnStar Smart Driver program, which was central to the controversy.

In a brief response, GM stated that it is committed to safeguarding customer privacy but did not address the allegations in detail.

Why This Matters  

This case highlights the growing importance of privacy in the digital age. It serves as a warning to companies about the consequences of using customer data without transparency. For consumers, it’s a reminder to carefully review the terms of services they sign up for and demand accountability from businesses handling personal information.

The action the FTC takes in this move is to make sure that companies give ethical practice priority and respect customers' privacy.







Read more »
Sensitive customer information
Chrome Extension Customer Data Cyber Attacks Cybersecurity measures Data Loss data security Phishing email Sensitive customer information

Cyberattack on Cyberhaven Chrome Extension Exposes Sensitive Data

 


On Christmas Eve, Cyberhaven, a data loss prevention company, experienced a cyberattack targeting its Google Chrome extension. The breach exposed sensitive customer data, including passwords and session tokens. The company has since taken swift measures to address the issue and prevent future incidents.

The attack occurred after a Cyberhaven employee fell victim to a phishing email, inadvertently sharing their credentials. This gave the attacker access to Cyberhaven’s systems, specifically the credentials for the Google Chrome Web Store. Leveraging this access, the attacker uploaded a malicious version (24.10.4) of the Cyberhaven Chrome extension. The compromised version was automatically updated on Chrome-based browsers and remained active from 1:32 AM UTC on December 25 to 2:50 AM UTC on December 26.

Swift Response by Cyberhaven

Cyberhaven’s security team discovered the breach at 11:54 PM UTC on Christmas Day. Within an hour, they removed the malicious extension from the Web Store. CEO Howard Ting praised the team’s dedication, stating, “Our team acted swiftly and with remarkable dedication, interrupting their holiday plans to safeguard our customers and maintain our commitment to transparency.”

While no other Cyberhaven systems, such as CI/CD processes or code signing keys, were affected, the compromised extension potentially enabled the exfiltration of user cookies and authenticated sessions for specific targeted websites. This incident underscores the persistent risks posed by phishing attacks and the critical need for robust security measures.

Mitigation Measures for Users

To mitigate the impact of the breach, Cyberhaven has advised users to take the following steps:

  • Update the extension to version 24.10.5 or newer.
  • Monitor logs for unusual activity.
  • Revoke or reset passwords not protected by FIDOv2.

These proactive measures are essential to prevent further exploitation of compromised credentials.

Enhanced Security Measures

In response to the attack, Cyberhaven has implemented additional security protocols to strengthen its defenses. The company is also working with law enforcement to investigate the breach and identify the attackers, who reportedly targeted other companies as well.

This attack highlights the increasing sophistication of cyber threats, particularly those exploiting human error. Phishing remains one of the most effective tactics for gaining unauthorized access to sensitive systems. Companies must prioritize employee training on recognizing phishing attempts and establish multi-layered security frameworks to mitigate vulnerabilities.

Cyberhaven’s swift response and transparent communication reflect its commitment to customer security and trust. As the investigation continues, this incident serves as a stark reminder of the importance of vigilance in the ever-evolving landscape of cybersecurity threats.

Read more »
Salt Typhoon
AT&T Customer Data Cyber Attacks Salt Typhoon

AT&T Confirms Cyberattack Amid Salt Typhoon Hacking Incident

 

AT&T has confirmed being targeted in the Salt Typhoon hacking attack, a cyber operation suspected to involve China. Despite the attack, the telecommunications giant assured customers that its networks remain secure.

In a statement, AT&T revealed that hackers aimed to access information related to foreign intelligence subjects. The company clarified, “We detect no activity by nation-state actors in our networks at this time.” It further added that only a limited number of individuals’ data had been compromised. Affected individuals were promptly notified, and AT&T cooperated with law enforcement to address the breach.

Investigation and Preventive Measures

To prevent future incidents, AT&T is collaborating with government agencies, other telecom companies, and cybersecurity experts. The company has intensified its monitoring efforts and implemented enhanced measures to safeguard customer data.

The Salt Typhoon attack is not an isolated event; it forms part of a broader wave of cyberattacks targeting major telecom companies. Reports suggest that hackers may have accessed systems used by federal agencies to process lawful wiretapping requests. These systems play a critical role in law enforcement operations, making their compromise particularly alarming.

In October, similar breaches were reported by other telecom providers. Verizon Communications disclosed suspicious activity, and T-Mobile revealed it had thwarted an attempted breach before customer data could be accessed.

White House Deputy National Security Advisor Anne Neuberger stated that nine telecom companies had been targeted in the Salt Typhoon attack but refrained from naming all the affected firms.

China, in response, denied any involvement in the attacks, asserting that it opposes state-sponsored cyber activities.

Lessons for Cybersecurity

The Salt Typhoon attack underscores the critical need for robust cybersecurity practices in the telecom industry. AT&T’s prompt response highlights the importance of transparency and collaboration in addressing cyber threats. This incident serves as a reminder for organizations to invest in stronger protective measures, especially as digital systems become increasingly integral to global operations.

While no system is entirely immune to cyber threats, preparedness and swift action can significantly mitigate potential damage.

Read more »
Password Security
Account security blocking unauthorized access Customer Data Cyber Security Data Safety User Data Password Security

Zello Urges Password Resets Amid Potential Security Incident

 

Zello, a widely used push-to-talk mobile service with over 140 million users, has advised customers to reset their passwords if their accounts were created before November 2, 2024. This precautionary measure follows what appears to be a new security concern, though the exact nature of the issue remains unclear. Zello's actions suggest possible unauthorized access to user accounts. 
 

Zello’s Advisory and User Notification 

 
Starting November 15, 2024, users began receiving notifications from Zello recommending password changes. The notification stated: > 

“As a precaution, we are asking that you reset your Zello app password for any account created before November 2nd, 2024. We also recommend that you change your passwords for any other online services where you may have used the same password.” 
 
The notification also provided a link to a support page with instructions on how to reset passwords through the Zello app. 

Potential Causes: Data Breach or Credential Stuffing? 

 
While Zello has yet to provide further clarification, the lack of detailed communication has raised concerns among users. Efforts by media outlets to obtain a response from the company have been unsuccessful. 
 

The timing and scope of the notice suggest two possibilities: 

 
1. A Data Breach – Unauthorized access to Zello’s systems, potentially compromising user data. 
2. Credential Stuffing – A cyberattack method where attackers use stolen login credentials from other platforms to gain access to Zello accounts. 
 
Notably, the advisory affects only accounts created before November 2, 2024, indicating that the security event may have occurred around that date. 


Past Security Incidents 

This is not the first time Zello has faced a security issue. In 2020, the company experienced a data breach that compromised customer email addresses and hashed passwords, prompting a similar password reset. 

The Importance of Cybersecurity for Essential Services 

 
Zello plays a critical role in communication for sectors such as first responders, transportation, and hospitality, making robust security measures essential. The incident underscores the importance of adopting strong cybersecurity practices: 
- Use Unique, Complex Passwords: Avoid reusing passwords across multiple platforms. 
- Enable Two-Factor Authentication (2FA): Adds an additional layer of security and significantly reduces the risk of unauthorized access. 

User Vigilance and the Need for Transparency 


While Zello’s proactive warning is a positive step, users are calling for greater transparency regarding the root cause of the issue and the measures being taken to prevent future incidents. Organizations like Zello, which support essential communication services, have a heightened responsibility to ensure platform integrity and promptly address security vulnerabilities. 
 
In the meantime, users are strongly encouraged to follow Zello’s instructions and reset their passwords immediately. Taking these precautions can help safeguard personal data and reduce exposure to potential cyber threats. 

As cybersecurity threats continue to evolve, both service providers and users must remain vigilant to ensure the safety and security of their digital ecosystems.
Read more »
TransUnion
Customer Data Customer Data Exposed Data Breach Fidelity Investment fraud OWASP TransUnion

Fidelity Investments Data Breach Affects 77,099 Customers

 

Fidelity Investments recently disclosed a data breach that impacted 77,099 customers, with details made public in an October 9 filing with the Maine Attorney General’s Office. The breach occurred on August 17, 2024, and was discovered two days later on August 19. According to a letter sent to those affected, unauthorized access was gained to two newly established customer accounts. Using these accounts, the attackers were able to view and obtain personal information, although Fidelity noted that account balances or transactions were not viewed. 

While Fidelity did not disclose the specific types of data stolen, it has assured affected customers by offering 24 months of free credit monitoring and identity restoration services through TransUnion. The absence of service disruptions during the breach suggests that the attack was likely not ransomware-based, although the form of the attack remains undisclosed. Fidelity’s spokesperson, when addressing the breach, said the attackers “viewed customer information” without directly accessing customer accounts. Security experts believe that this kind of attack likely exploited a vulnerability in Fidelity’s web applications. 

Venky Raju, the field chief technology officer at ColorTokens, noted that the attack vector likely involved a misconfiguration in customer-facing applications, allowing the attackers to establish new accounts and access customer information through them. This method aligns with known vulnerabilities in web security, including those listed in the OWASP Top 10 Web Application Security Risks. Exploiting these vulnerabilities can allow attackers to bypass account security and access sensitive data. Cybersecurity analysts have speculated that the breach was primarily an information-gathering exercise. According to Sarah Jones, a cyberthreat intelligence research analyst at Critical Start, the motive behind the breach likely involved gathering data that could be used for future attacks. 

These could range from identity theft and phishing campaigns to more severe scenarios like ransomware demands. The personal information obtained through such breaches can be valuable on its own, or it can serve as a means for launching further, more sophisticated cyberattacks. As the investigation continues, Fidelity is working with external cybersecurity experts to understand the scope of the breach and to implement additional security measures. Customers are encouraged to stay vigilant and monitor their accounts for unusual activity. By providing affected users with credit monitoring and identity restoration services, Fidelity aims to mitigate the risks posed by the breach while ensuring that proper measures are put in place to prevent future incidents.  

While the exact impact of the data breach remains unclear, it serves as another reminder of the growing threats to personal information in the digital age. The evolving tactics of cybercriminals, particularly in exploiting vulnerabilities in web applications, highlight the importance of continuous security assessments and prompt responses to emerging threats.
Read more »
Penetration Testing
Automotive Industry connected technology Customer Data Cybersecurity Dark Web Data Breach Hyundai IoT. IPO Penetration Testing

Hyundai's IPO Documents Reveal Cybersecurity Measures Amid Rising Data Breach Concerns

 

Hyundai’s recent IPO filing sheds light on its cybersecurity stance, offering a detailed look at the obstacles the company has encountered while safeguarding customer data. The red herring prospectus of Hyundai Motor India Ltd (HMIL) not only assesses its financial standing but also exposes past cybersecurity breaches, outlining the company’s risk management strategies.

The IPO launch comes at a time when cybersecurity is a top priority for global businesses, especially in the automotive sector, which increasingly depends on connected technologies. Hyundai's documents disclose two significant data breaches—one in December 2022 and another in February 2023. In both cases, hackers exposed customer information on the dark web.

Hyundai IPO: Key Cybersecurity Disclosures

The first breach, in December 2022, resulted in customer data being leaked online. Following the attack, Hyundai implemented extensive penetration tests to detect vulnerabilities and managed to remove the stolen information from the dark web, according to Autocar Professional. After a second breach in February 2023, the company quickly disabled the vulnerable APIs hackers had used to exploit the system. Hyundai’s prospectus notes the persistent challenge of securing data against cyberattacks, emphasizing that while efforts have been made, the risk of future breaches remains. Hackers may still seek unauthorized access, potentially impacting vehicle operations and customer data, the document warns.

Recognizing these vulnerabilities is vital for investors, especially considering the legal risks the company could face if customer data is compromised. Hyundai has actively outlined its cybersecurity efforts, stressing that protecting customer information is a top priority for the company.

Hyundai’s Next Steps in Cybersecurity

Hyundai’s cybersecurity efforts include assembling a specialized team to manage vulnerabilities and monitor potential cyber threats continuously. This proactive approach is increasingly necessary as cyberattacks become more advanced, particularly with the rise of connected vehicles and IoT technologies.

The automaker adheres to both national and international cybersecurity standards, consistently updating its protocols to align with the evolving threat landscape. This commitment is not just about data protection; it reflects the company’s awareness that consumer trust is key to maintaining its brand reputation as it moves forward with its IPO.

With these cybersecurity incidents in mind, it’s clear that the automotive industry must stay alert in protecting sensitive data. For companies like Hyundai, which handle vast amounts of customer information, the threat of cyber exploitation remains a major concern.
Read more »
Ransom Demand
CloudSEK Customer Data Customer Data Exposed Cybersecurity Breach Data Breach Fortnite IAM system MFA Ransom Demand

Fortinet Cybersecurity Breach Exposes Sensitive Customer Data

 

Fortinet experienced a significant cybersecurity breach involving a third-party cloud drive, where 440 GB of data was leaked by a hacker named “Fortibitch” after the company refused to pay the ransom. The breach affected about 0.3% of Fortinet’s customers, roughly 1,500 corporate users, and included sensitive information such as financial documents, HR data, customer details, and more. Experts highlight that the breach underscores the critical need for implementing rigorous cybersecurity measures like multi-factor authentication (MFA) and robust identity access management (IAM) systems. 

Multi-factor authentication is particularly emphasized as a vital layer of defense against unauthorized access, significantly reducing the risk of data exposure when combined with strong identity access management. Organizations need to ensure that they enforce MFA and other identity management protocols consistently, especially for accessing essential systems like SharePoint and cloud storage services. Jim Routh, Chief Trust Officer at Saviynt, pointed out the growing concern over cloud security, given its increased adoption in software development and data storage. He stressed that without proper safeguards, such as MFA and secure access controls, sensitive data is at risk of exposure. 

Cybersecurity analyst Koushik Pal from CloudSEK echoed this sentiment, advocating for stricter IAM policies and urging organizations to regularly monitor repositories for potential misconfigurations, exposed credentials, or sensitive data leaks. This kind of vigilance is necessary for all teams to adhere to security best practices and minimize vulnerabilities. Relying on third-party vendors for data storage, as Fortinet did, is not inherently dangerous but introduces additional risks if strict security protocols are not enforced. The breach serves as a reminder that even established cybersecurity companies can fall victim to attacks, highlighting the need for ongoing vigilance. 

According to Routh, it’s crucial for system administrators to manage accounts meticulously, ensuring that identity access management protocols are properly configured and that privileged access is monitored effectively. The breach exemplifies how cybercriminals exploit security weaknesses to gain unauthorized access to sensitive data. As cloud technologies continue to be integrated into businesses, the responsibility to protect data becomes increasingly important. Cybersecurity experts emphasize that organizations must invest in proper training, regularly update security measures, and remain vigilant to adapt to evolving cyber threats. 

Ensuring that MFA, identity management systems, and monitoring practices are in place can go a long way in protecting against similar breaches in the future. This Fortinet incident serves as a wake-up call, showing that no organization is entirely immune to cyber threats, regardless of its expertise in cybersecurity.
Read more »
Small Businesses
Australia Australian Businesses Customer Data Cyber Security awareness Data Breach Data Leak small business security Small Businesses

Small Trade Businesses Urged to Strengthen Security After Total Tools Data Breach

 

Small trade businesses are on high alert following a significant data breach at Total Tools, a major Australian hardware retailer, which exposed sensitive information of over 38,000 customers. This breach compromised customer names, credit card details, email addresses, passwords, mobile numbers, and shipping addresses, making small trade businesses potential targets for secondary cyberattacks. 

The CEO of the Council of Small Business Organisations Australia (COSBOA), Luke Achterstraat, emphasized the importance of heightened vigilance for businesses, especially those in the construction and trades sector, as they face increased risks of cyber threats. Achterstraat urged all businesses with online hardware accounts to monitor for any unusual activity in the coming days and weeks. He stressed the importance of protecting sensitive data, finances, and client information from potential scams and fraud. COSBOA recommends businesses to immediately review their security protocols, change all passwords linked to Total Tools accounts, and enable two-factor authentication where possible to minimize the risk of unauthorized access. 

To further support small businesses, COSBOA is promoting the Cyber Wardens program, a free eLearning initiative funded by the Federal Government. This program is designed to help small businesses and their employees fortify their digital defenses against cyber threats, equipping them with the knowledge to identify and prevent cyberattacks. COSBOA has partnered with industry bodies such as the Master Builders Association, the National Timber and Hardware Association, and the Master Grocers Association to ensure that small businesses across Australia have access to the necessary resources to safeguard against cybercrime. 

With cyberattacks on the rise, especially in sectors like construction and trades, small businesses must stay informed and prepared. Hackers often exploit vulnerabilities in these industries due to the valuable data they handle, such as payment information, client details, and supplier contracts. Therefore, investing time in employee training and implementing cybersecurity best practices can significantly reduce the risk of future breaches. The recent data leak at Total Tools serves as a critical reminder that even trusted suppliers can fall victim to cyberattacks, putting customers and affiliated businesses at risk. As more companies move toward digital solutions, the importance of cybersecurity can’t be overstated. COSBOA’s efforts, through the Cyber Wardens program, aim to create a more secure environment for Australia’s 2.5 million small businesses, ensuring they are well-equipped to tackle the ever-evolving cyber threats. 

In addition to joining cybersecurity programs, businesses should regularly update software, employ strong, unique passwords, and back up essential data to reduce the impact of potential breaches. By taking these proactive steps, small trade businesses can enhance their digital security, ensuring they remain resilient against future cyber threats.
Read more »
Personal Information
Customer Data Customer Data Exposed Cybersecurity Breach Data Breach Data Leak Data protection Personal Information

Avis Data Breach Exposes Over 400,000 Customers’ Personal Information

 

Over 400,000 customers of Avis, a prominent car rental company known for its presence at U.S. airports, have had their personal data compromised in a recent cybersecurity breach. The company revealed the incident to the public on Monday, stating that the breach occurred between August 3 and August 6. Avis, which is part of the Avis Budget Group, sent notifications to affected customers last week, advising them on how to protect themselves from potential identity theft or fraud. 

The Avis Budget Group, which owns both Avis and Budget, operates over 10,000 rental locations across 180 countries, generating $12 billion in revenue in 2023, according to its most recent financial report. However, the recent data breach has cast a shadow over its operations, highlighting vulnerabilities in its data security measures. In a data breach notice filed with the Iowa Attorney General’s office, Avis disclosed that the compromised information includes customer names, dates of birth, mailing addresses, email addresses, phone numbers, credit card details, and driver’s license numbers. 

A separate filing with the Maine Attorney General revealed that the data breach has impacted a total of 299,006 individuals so far. Texas has the highest number of affected residents, with 34,592 impacted, according to a report filed with the Texas Attorney General. The fact that sensitive personal information was stored in a manner that allowed it to be accessed by cybercriminals has raised serious questions about the company’s data protection practices. Avis first became aware of the data breach on August 5 and took immediate steps to stop the unauthorized access to its systems.

The company stated that it had launched a comprehensive investigation into the incident and enlisted third-party security consultants to help identify the breach’s origins and scope. Avis has not yet disclosed specific details about the nature of the attack, the vulnerabilities exploited, or the identity of the perpetrators, leaving many questions unanswered. This breach underscores the growing challenges faced by companies in protecting customer data in an increasingly digital world. While Avis acted quickly to contain the breach, the company’s reputation could suffer due to the extent of the data compromised and the sensitive nature of the information accessed. 

The breach also serves as a reminder of the importance of robust cybersecurity measures, especially for businesses that handle large volumes of personal and financial data. The incident has also prompted scrutiny from regulators and data privacy advocates. Many are questioning how sensitive customer information was stored and protected and why it was vulnerable to such an attack. Companies like Avis must ensure they are equipped with advanced security systems, encryption protocols, and regular audits to prevent such breaches from occurring in the future. As the investigation continues, Avis customers are advised to monitor their financial accounts closely, watch for signs of identity theft, and take appropriate measures.
Read more »
Ransomware
BlackSuit Customer Data Data Breach Data Leak Financial Loss Ransomware

Private Data of 950K Users Stolen in BlackSuit Ransomware Attack

 

On April 10, 2024, a BlackSuit ransomware assault disclosed 954,177 personally identifiable information, forcing Young Consulting to send out data breach notifications. 

Young Consulting (formerly Connexure) is an Atlanta-based software solutions provider that specialises in the employer stop-loss marketplace. It helps insurance carriers, brokers, and third-party administrators manage, market, underwrite, and administer stop-loss insurance policies.

Earlier this week, the company began notifying nearly a million individuals about a data breach. Among them are Blue Shield of California subscribers whose data was stolen during a ransomware campaign carried out by BlackSuit earlier this year.

The network intrusion occurred on April 10, but the company only noticed it three days later when the perpetrators triggered the encryption of its systems. The subsequent investigation was completed on June 28, finding that the following information had been hacked: full names, Social Security numbers (SSNs), dates of birth, and insurance claim details. 

Those affected will receive free access to Cyberscout's 12-month complimentary credit monitoring service, which they can claim until the end of November 2024. 

According to security experts, potentially affected individuals should take full advantage of this offer immediately, as BlackSuit has already disclosed the stolen information on its darknet-based extortion portal. 

Users should also keep an eye out for unknown communications, phishing messages, fraud efforts, and requests for more information. The attackers claimed responsibility for the attack on Young Consulting on May 7. They followed through on their threats to publish the stolen data a few weeks later, most likely after failing to extort the software company. 

BlackSuit claimed to have leaked far more than what Young Consulting disclosed in notices to affected individuals, including business contracts, contacts, presentations, employee passports, contracts, contacts, family details, medical examinations, financial audits, reports, and payments, as well as various content from personal folders and network shares. 

BlackSuit's operations this year have resulted in enormous financial losses for American businesses, the most notable being the CDK Global outage. Earlier this month, CISA and the FBI claimed that BlackSuit is an updated version of Royal ransomware that has demanded over $500 million in ransom over the last two years.
Read more »
Personal Information
ADT data breach Customer Data Cyberattack Data Breach impact data privacy. Home Security Personal Information

ADT Data Breach: Millions of Customers Potentially Exposed

Home security behemoth ADT has confirmed a substantial data breach affecting an undisclosed number of its six million customers. The incident, which remains shrouded in mystery due to the company's reluctance to provide specifics, involved unauthorized access to sensitive customer information stored within ADT's databases.

Hackers successfully infiltrated the company's systems, exfiltrating data that included customers' home addresses, email addresses, and phone numbers. While ADT has categorically denied any compromise of home security systems, the company has been notably reticent about disclosing the methods used to reach this conclusion. The lack of transparency has raised concerns among customers and cybersecurity experts alike.

The breach came to light following allegations from an anonymous online figure who claimed to have acquired over 30,000 ADT customer records. Although the authenticity of these claims has yet to be independently verified, ADT's admission of a data breach lends credence to the hacker's assertions.

The incident underscores the growing vulnerability of even the most established companies to cyberattacks. As a major player in the home security industry, ADT's breach has far-reaching implications for the broader cybersecurity landscape. Customers are now left grappling with the potential misuse of their personal information, while the company faces mounting pressure to provide a comprehensive and transparent account of the incident.

The breach also highlights the complex web of corporate ownership in today's digital age. ADT's parent company, Apollo Global Management, is a significant player in the financial industry and also owns TechCrunch, a leading technology news outlet. This interconnectedness raises questions about potential conflicts of interest and the extent to which such relationships might influence the handling of cybersecurity incidents.

As the investigation unfolds, industry experts and consumers will be watching closely to see how ADT responds to the crisis. The company's ability to regain customer trust and strengthen its security posture will be crucial in determining the long-term impact of this breach.
Read more »
security measures
Account security AT&T Customer Data Cybersecurity measures Data Breach data security Data Theft security measures

AT&T Data Breach: Essential Steps for Victims to Protect Themselves

 

Telecom giant AT&T recently disclosed a massive data breach affecting nearly all of its approximately 110 million customers. If you were a customer between May 2022 and January 2023, there is a high chance your data, including call and text message records, was accessed through an illegal download from a third-party cloud platform. Customers should watch for contact from AT&T or check their accounts for notifications. First, change your password. 

Since your password is likely compromised, update it on both your AT&T account and any other accounts where it was used. While it’s inconvenient, using different passwords for each service is essential. Numerous tools can create secure, randomly generated passwords, and password managers can help you remember them. Also, activate two-factor authentication on your account and any other accounts using the same password. Combining two login methods enhances security. Given the nature of this leak, consider changing your cell phone number as well. Prepare for an increase in spam calls, but the bigger concern is potential scammers.

Be extra cautious about giving out personal details such as banking information or your address over the phone, as these could be cleverly disguised phishing schemes. Stay vigilant online, as even anonymous phone number information can be pieced together by scammers to identify individuals. Treat every email from unfamiliar addresses as suspicious. Additionally, inform your bank about the breach. They can monitor for any suspicious transactions and introduce new security measures to ensure you are contacting your bank, not an imposter.  

Lastly, protect yourself further by using one of the best VPNs to secure your online data. VPNs not only spoof your IP address location but also securely encrypt your data. There are even free VPN plans like ProtonVPN. Many VPNs also include antivirus elements. For instance, NordVPN has its Threat Protection Pro system, which is effective against phishing. A Surfshark One subscription includes dedicated antivirus software and an Alternative ID feature, which allows you to sign up for services online with randomly generated details, including a decoy phone number. With an Alternative ID, you can create accounts for less trustworthy services (or those frequently attacked, like AT&T) with peace of mind. 

This way, you can minimize spam and rest assured that if your details get leaked, you haven’t actually been compromised. Hackers will have nothing to piece together; you can simply disconnect that ID, generate another random identity, and move on securely.
Read more »
Third-Party Risks
Bank Data Leak Customer Data Data Breach Data Leak Financial Data Breach Fintech Ransomware attack Third-Party Risks

Wise and Evolve Data Breach Highlights Risks of Third-Party Partnerships

 

Wise, a prominent financial technology company, recently disclosed a data breach impacting some customer accounts due to a ransomware attack on their former partner, Evolve Bank & Trust. The breach has raised significant concerns about the security of third-party partnerships, especially in financial services. From 2020 to 2023, Wise partnered with Evolve to provide USD account details for their customers. Last week, Evolve confirmed an attack attributed to the notorious ransomware group LockBit. 

The group leaked the data after the bank refused to pay the ransom. The breach underscores the precarious nature of relying on third-party companies for critical services and trusting their security measures. Evolve has not yet confirmed the specific personal information leaked. However, Wise has taken a transparent approach, confirming that the shared information included names, addresses, dates of birth, contact details, Social Security numbers (SSNs) or Employer Identification Numbers (EINs) for U.S. customers, and other identity document numbers for non-U.S. customers. 

Evolve’s initial investigation suggests that names, SSNs, bank account numbers, and contact information for most of their personal banking customers, as well as customers of their Open Banking partners, were affected. In response to the breach, Wise assured its customers that they no longer work with Evolve Bank & Trust. Currently, USD account details are provided by a different bank, emphasizing their commitment to security and customer trust. 

Wise has implemented additional security protocols and is collaborating with cybersecurity experts to understand the breach’s scope and fortify their defenses. Wise has proactively communicated with its customers, recommending precautionary steps such as changing passwords, enabling two-factor authentication, and monitoring account activity for any suspicious transactions. They have also provided resources and support to help customers protect their information. The breach has heightened concerns among customers regarding the security of their personal and financial information. 

Despite the challenges posed by the breach, Wise’s proactive approach and transparent communication have helped reassure customers. The company continues to work closely with cybersecurity experts to enhance their defenses and prevent future incidents. As the investigation progresses, Wise is determined to provide regular updates and support to affected customers. Their dedication to transparency and user security remains unwavering, ensuring that they take every step necessary to safeguard their users’ information and maintain their trust. 

This incident highlights the growing threat of cyberattacks on financial institutions and the critical need for robust security measures. Customers are reminded to stay alert and take proactive steps to protect their online accounts. Wise’s efforts to address the breach and protect their users underscore their commitment to maintaining trust and security for their customers.
Read more »
Slack
AI Models AI Training Customer Data Cyber Security Data Policies data security GDPR GDPR Breach Privacy Policy Salesforce Slack

Slack Faces Backlash Over AI Data Policy: Users Demand Clearer Privacy Practices

 

In February, Slack introduced its AI capabilities, positioning itself as a leader in the integration of artificial intelligence within workplace communication. However, recent developments have sparked significant controversy. Slack's current policy, which collects customer data by default for training AI models, has drawn widespread criticism and calls for greater transparency and clarity. 

The issue gained attention when Gergely Orosz, an engineer and writer, pointed out that Slack's terms of service allow the use of customer data for training AI models, despite reassurances from Slack engineers that this is not the case. Aaron Maurer, a Slack engineer, acknowledged the need for updated policies that explicitly detail how Slack AI interacts with customer data. This discrepancy between policy language and practical application has left many users uneasy. 

Slack's privacy principles state that customer data, including messages and files, may be used to develop AI and machine learning models. In contrast, the Slack AI page asserts that customer data is not used to train Slack AI models. This inconsistency has led users to demand that Slack update its privacy policies to reflect the actual use of data. The controversy intensified as users on platforms like Hacker News and Threads voiced their concerns. Many felt that Slack had not adequately notified users about the default opt-in for data sharing. 

The backlash prompted some users to opt out of data sharing, a process that requires contacting Slack directly with a specific request. Critics argue that this process is cumbersome and lacks transparency. Salesforce, Slack's parent company, has acknowledged the need for policy updates. A Salesforce spokesperson stated that Slack would clarify its policies to ensure users understand that customer data is not used to train generative AI models and that such data never leaves Slack's trust boundary. 

However, these changes have yet to address the broader issue of explicit user consent. Questions about Slack's compliance with the General Data Protection Regulation (GDPR) have also arisen. GDPR requires explicit, informed consent for data collection, which must be obtained through opt-in mechanisms rather than default opt-ins. Despite Slack's commitment to GDPR compliance, the current controversy suggests that its practices may not align fully with these regulations. 

As more users opt out of data sharing and call for alternative chat services, Slack faces mounting pressure to revise its data policies comprehensively. This situation underscores the importance of transparency and user consent in data practices, particularly as AI continues to evolve and integrate into everyday tools. 

The recent backlash against Slack's AI data policy highlights a crucial issue in the digital age: the need for clear, transparent data practices that respect user consent. As Slack works to update its policies, the company must prioritize user trust and regulatory compliance to maintain its position as a trusted communication platform. This episode serves as a reminder for all companies leveraging AI to ensure their data practices are transparent and user-centric.
Read more »
Subscribe to: Posts (Atom)