Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Customer Data Exposed. Show all posts
Phishing Attacks
AP Stylebook Associated Press Customer Data Customer Data Exposed Cyberattack Data Breach Media Outlets Phishing Attacks

AP Stylebook Data Breach: Associated Press Warns That The Breach Led to Phishing Attacks


The Associated Press has warned of what potentially is a data breach in AP Stylebook servers, impacting their customers. Reportedly, the data has been used by the threat actors in launching their targeted phishing attacks. 

The AP Stylebook is a widely popular guide for grammar enthusiasts, used for a better insight in punctuations and writing styles by journalists, magazines and newsrooms.

About the Breach

The Associate press came up with a warning this week, informing AP Stylebook of their old third-party-managed site (no longer in use) that had apparently been under the hacker’s control between July 16 and July 22, 2023. The breach consequently led to the compromise of 224 customers’ data.

According to their report, the compromised data included customers’ personal information such as: 

  • Customer’s name 
  • Email address 
  • Residential address (street, city, state, zip code) 
  • Phone number 
  • User ID 
Also, customers who had registered to their tax-exempt IDs such as Social Security Number or Employer Identification Number, have also compromised their IDs in the breach. 

As stated by the AP, initial information regarding the possible breach reached them on July 20, 2023, when AP Stylebook users reported receiving phishing emails requesting that they update their credit card information. 

After learning of the phishing attack, the AP disabled their outdated site in order to stop any further attacks.

By the end of July, the company began warning AP Stylebook customers about the phishing attacks, informing them that the fraudulent mails were sent from 'support@getscore.my[.]id' with a subject similar to "Regarding AP Stylebook Order no. 07/20/2023 06:48:20 am." 

The Associated Press further advised AP Stylebook customers to reset their passwords upon their next login. 

With only 224 customers affected, this was hardly a significant data breach, however hackers who are always on the lookout for journalists' and media businesses' login information, make the breach noteworthy.

Acquiring illicit access to networks belonging to any media organization could consequently result in a variety of cyberattacks like extortion and ransomware attacks, data theft or even cyber espionage.

Some other examples of local or global media organizations that suffered a ransomware or cyberespionage attack includes News Corp, the Philadelphia Inquirer and the German newspaper Heilbronn Stimme.

Read more »
NSW Bug
Customer Data Exposed Cyberattacks Cybersecurity Data Breach Malwares MyGov App NSW Bug

Data of 3700 Customers Exposed by the Service NSW Bug

 


It has been confirmed that Greg Wells, Service NSW's chief executive, said that the personal information of 3,700 customers was left exposed. This incident occurred on March 20 between 1:20 pm and 2:54 pm. 

Earlier this week, 3700 affected customers received an email from Service NSW's chief executive Greg Wells. The email informed them that their information may have been exposed for 90 minutes due to an update on the company's website on March 20. 

The agency says logged-in individuals could now access the personal information of other logged-in customers who also use Service NSW services due to a privacy incident. The exposed information could include details such as the customer's driving license number, vehicle registration number, mobile number, and your child's name. 

As stated in the email to those affected, Service NSW believes the risk of being harmed by this incident is very low. In addition, this incident was not a cyberattack. Based on Service NSW information, the incident was meant to affect only the website and did not impact the mobile app. 

There were only a few customers affected by this problem who logged on to the website during that period. There was a possibility that they could access other users' data simultaneously. As far as app users are concerned, it does not apply to them. There was no breach of personal data involved in the matter, according to a representative of the government agency in NSW. The issue affected only the landing dashboard page. After 90 minutes, the dashboard page on the landing page was taken down, and the issue was resolved quickly. 

In the email, the customer was advised to be aware of suspicious communications. They should keep an eye out for them as soon as they receive them. Affected customers are informed by email that they do not have to act immediately. This is because their details were “only accessible for a short period to another logged-in individual and were not searchable” because they were not available to anyone else at any time. 

Service NSW has begun an investigation into the incident to prevent similar issues in the future. In addition, the agency has suggested that customers contact ID Support NSW to find out what they can do to better their chances of regaining their identity and for counseling. 

There was an incident that occurred just a few days after federal officials announced they were planning to add a digital Medicare card to the Service NSW app. This was as a means of improving accessibility.

The digital card can be used by MyGov app users from Thursday (31 March) and there has been no interruption in service. In their view, the government believes the digital version will provide more security and be more accessible to the public, both of which will increase efficiency.
Read more »
Subscribe to: Posts (Atom)