Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cybersecurity Incident. Show all posts
stolen employee data
Cybersecurity Incident Data Breach Hunters International leak IdeaLab identity theft protection Ransomware attack stolen employee data

IdeaLab Data Breach Exposes Sensitive Employee Information: Hackers Leak 137,000 Files Online

 

IdeaLab has begun notifying individuals whose personal data was compromised in a cybersecurity incident that occurred last October, when malicious actors infiltrated the company’s network and accessed confidential information.

Although the company did not specify the precise nature of the attack, the breach was claimed by the Hunters International ransomware group, which later published the stolen files on the dark web.

Founded in 1996, IdeaLab is a prominent California-based technology incubator known for launching over 150 companies, including GoTo.com, CitySearch, eToys, Authy, Pet.net, Heliogen, and Energy Vault. As one of the most established venture capital firms in the United States, IdeaLab has driven substantial economic growth, job creation, and investment returns over nearly three decades.

Suspicious activity was first detected on IdeaLab’s systems on October 7, 2024. A subsequent investigation revealed that unauthorized access began three days earlier. To respond, the company engaged external cybersecurity experts to conduct a thorough assessment, which concluded on June 26, 2025.

Investigators confirmed that data belonging to current and former employees, support service contractors, and their dependents had been stolen. In regulatory disclosures, IdeaLab stated that the compromised records included names along with various other sensitive details, though the exact types of data were not fully disclosed.

On October 23, 2024, after what appears to have been a failed extortion attempt, Hunters International published approximately 137,000 files—totaling 262.8 gigabytes. While the download link has since become inactive, security analysts believe other cybercriminals likely retrieved the files prior to removal.

Earlier today, the threat actor announced it was shutting down Hunters International operations, deleting all extortion-related data and offering free decryption keys to victims. However, cybersecurity researchers at Group-IB previously reported that the group had already begun transitioning to a new extortion-focused platform named World Leaks, suggesting this shutdown could be a strategic rebrand.

To help mitigate potential harm, IdeaLab is providing affected individuals with complimentary 24-month access to credit monitoring, identity theft protection, and dark web surveillance services through IDX. Impacted parties must enroll by October 1 to take advantage of these resources.
Read more »
Surmodics cyberattack
Cybersecurity Incident Data Breach IT system shutdown medical device data breach SEC filing Surmodics cyberattack

Surmodics Hit by Cyberattack, Shuts Down IT Systems Amid Ongoing Investigation

 

Minnesota-headquartered Surmodics, a leading U.S. medical device manufacturer, experienced a cyberattack on June 5 that led to a partial shutdown of its IT infrastructure. The company, known for being the largest domestic supplier of outsourced hydrophilic coatings used in devices like intravascular catheters, detected unauthorized access within its network and immediately took several systems offline. During the disruption, it continued fulfilling orders and shipping products through alternative channels.

The incident was disclosed in a filing with the U.S. Securities and Exchange Commission (SEC), which noted that law enforcement has been informed. Surmodics joins Artivion and Masimo as the third publicly listed medical device company to report a cyberattack to the SEC in recent months.

With assistance from cybersecurity professionals, Surmodics has managed to restore essential IT operations, though a complete assessment of what data was compromised is still underway. Some systems remain in recovery.

“The Company remains subject to various risks due to the cyber Incident, including the adequacy of processes during the period of disruption of the Company's IT systems, diversion of management's attention, potential litigation, changes in customer behavior, and regulatory scrutiny,” said Timothy Arens, Chief Financial Officer of Surmodics, in the SEC filing.

The identity of the attackers remains unknown, and according to the company, no internal or third-party data has been leaked. Surmodics also confirmed it holds cyber insurance, which is expected to cover the bulk of the breach-related expenses.

The company has expressed concern about potential lawsuits stemming from the attack—a growing trend in the aftermath of corporate data breaches. Recent class actions have targeted firms like Coinbase and Krispy Kreme over compromised personal information.

Financially, Surmodics reported $28 million in revenue last quarter. It is currently involved in a legal dispute with the Federal Trade Commission (FTC), which is attempting to block a $627 million acquisition bid by a private equity firm. The FTC argues that the deal would merge the two largest players in the specialized medical coating industry, potentially reducing competition.
Read more »
supply chain software
Blue Yonder Cyber Security Cybersecurity Incident manual payroll Ransomware attack Starbucks scheduling issues supply chain software

Ransomware Attack on Blue Yonder Disrupts Starbucks' Scheduling and Payroll Systems

 

Blue Yonder, a vital provider of supply chain management software, experienced a ransomware attack that has disrupted Starbucks’ scheduling and payroll systems. As a result, the coffee chain is temporarily relying on manual methods to manage these processes.

The attack, which began on November 21, 2024, has not affected Starbucks' customer service or store operations. Store managers are using pen and paper to track employee hours due to the disruption of the back-end systems responsible for scheduling and time management.

The incident has caused problems in other sectors as well. In the UK, supermarket chains such as Morrisons and Sainsbury’s reported interruptions in their warehouse management systems. However, they managed to mitigate the impact by activating backup systems.

Blue Yonder has engaged external cybersecurity experts to address the breach and has deployed enhanced defensive measures. The company has yet to provide a definitive timeline for restoring its services. The event highlights the heightened vulnerability of supply chain systems during the busy holiday season. Blue Yonder’s clients include:
  • 46 of the top 100 manufacturers
  • 64 of the top 100 consumer product goods companies
  • 76 of the top 100 global retailers

This attack follows a series of cybersecurity incidents targeting major food service companies earlier this year, including McDonald’s and Panera. Panera’s incident even led to a class action lawsuit after employee data was compromised.

“We are working around the clock to respond to this incident and continue to make progress. There are no additional updates to share at this time with regard to our restoration timeline following our post yesterday,” stated Blue Yonder in an official report.

The timing of this breach is notable, as 86% of ransomware attacks reportedly occur during holidays or weekends. In 2023 alone, cybercriminals extorted $1.1 billion in ransom payments worldwide, despite increasing countermeasures.

The incident comes at a challenging time for Starbucks’ new CEO, Brian Niccol, who is already grappling with three consecutive quarters of declining sales. The company remains focused on maintaining seamless customer service and ensuring fair employee compensation during this crisis.
Read more »
Windows reboot loop
Azure outage CrowdStrike CrowdStrike outage Cyber Security Cybersecurity Incident faulty software update global IT crisis Windows Windows reboot loop

Recent IT Meltdown: CrowdStrike Update Causes Global Chaos, Predicted Hours Earlier on Reddit

 

Only a few times in history has a single piece of code instantly wreaked havoc on computer systems globally. Examples include the Slammer worm of 2003, Russia’s NotPetya cyberattack targeting Ukraine, and North Korea’s WannaCry ransomware. However, the recent digital catastrophe over the past 12 hours wasn't caused by hackers, but by the software meant to protect against them.

Two major internet infrastructure issues converged on Friday, causing widespread disruptions across airports, train systems, banks, healthcare organizations, hotels, and television stations. The trouble began on Thursday night with a widespread outage on Microsoft's cloud platform, Azure. By Friday morning, things worsened when CrowdStrike released a flawed software update, causing Windows computers to reboot repeatedly. Microsoft stated that the two failures are unrelated.

The cause of one disaster was identified: a faulty update to CrowdStrike’s Falcon monitoring product. This antivirus platform, which requires deep system access, aims to detect malware and suspicious activity. However, the update inadvertently caused the system to crash. Mikko Hyppönen of WithSecure noted that this is unprecedented in its global impact, although similar issues were more common in the past due to worms or trojans.

CrowdStrike CEO George Kurtz explained that the problem was due to a defect in the code released for Windows, leaving Mac and Linux systems unaffected. A fix has been deployed, and Kurtz apologized for the disruption. CrowdStrike’s blog revealed that the crash was caused by a configuration file update aimed at improving Falcon’s malware detection capabilities, which triggered a logic error leading to system crashes.

Security analysts initially believed the issue was due to a kernel driver update, as the file causing the crash ended in .sys, the extension for kernel drivers. Despite CrowdStrike clarifying that it wasn’t a kernel driver, the file altered the driver’s functionality, causing the crash. Matthieu Suiche of Magnet Forensics compared the risk of running security software at the kernel level to “open-heart surgery.”

Microsoft requires approval for kernel driver updates but not for configuration files. CrowdStrike is not the first to cause such crashes; similar issues have occurred with updates from Kaspersky and Windows Defender. CrowdStrike’s global market share likely contributed to the widespread impact, potentially causing a chain reaction across web infrastructure.

The outages had severe consequences worldwide. In the UK, Israel, and Germany, healthcare services and hospitals faced disruptions, while emergency services in the US experienced issues with 911 lines. TV stations, including Sky News in the UK, had to stop live broadcasts. Air travel was significantly affected, with airports using handwritten boarding passes and airlines grounding flights temporarily.

The incident highlights the fragility and interconnectedness of global digital infrastructure. Security practitioners have long anticipated such vulnerabilities. Ciaran Martin of the University of Oxford noted the event’s powerful illustration of global digital vulnerabilities.

The update’s extensive impact puzzled experts. CrowdStrike’s significant market share suggests the update triggered crashes in various parts of the web infrastructure. Hyppönen speculated that human error might have played a role in the update process.

As system administrators work to fix the issue, the larger question of preventing similar crises looms. Jake Williams of Hunter Strategy suggested that CrowdStrike’s incident might prompt demands for changes in how updates are managed, emphasizing the unsustainability of pushing updates without IT intervention.

Redditor Predicted CrowdStrike Outage Hours Before Global IT Chaos

A Reddit user, u/King_Kunta_, predicted vulnerabilities in CrowdStrike's systems just hours before the company caused a massive global IT outage. The user called CrowdStrike a "threat vector," suggesting it was susceptible to exploits that could lead to widespread damage. Initially, users dismissed the claims, but their tune changed dramatically after the outage occurred.

One commenter noted, "He tells us that CrowdStrike is a threat vector. A few hours later, every computer in the world with the CrowdStrike client installed goes blue screen. The single biggest global PC system collapse in history. Just uncanny."

Amidst the chaos, CrowdStrike's CEO George Kurtz reassured the public via X (formerly Twitter), stating, "Today was not a security or cyber incident. Our customers remain fully protected," and confirming that the issue was due to an update error, not a cyberattack.

Despite reassurances, many were left suspicious and impressed by the timing and accuracy of the Reddit post. One user aptly summed up the sentiment: "There’s no way the timing of this crazy post aligns so perfectly."
Read more »
post-breach strategies
breach containment breach recovery Cybersecurity Cybersecurity Incident cybersecurity resilience Data Breach Data Compromise identity data incident response planning post-breach strategies

Emphasizing Post-Breach Strategies in Cybersecurity

 

Cybersecurity discourse heavily emphasizes prevention, yet often neglects post-breach strategies. While we invest significant effort in establishing protocols to avert attacks, breaches remain an unavoidable reality. The "IBM Cyber Security Intelligence Index" report highlights human error as a leading factor in 95% of breaches worldwide, underscoring the significance of swift identification and mitigation.

In the event of a breach, promptly gathering pertinent information is paramount. Understanding the extent of the breach, often facilitated by access to organizational identity data, enables quick containment by disabling compromised accounts. This proactive measure mitigates further damage, as attackers commonly exploit initial access to seek additional vulnerabilities.

Addressing breaches goes beyond initial help desk notifications. Temporary account provisions and the temporary suspension of Single Sign-On (SSO) services safeguard against unauthorized access to sensitive data while the situation is managed. However, ultimate accountability lies with executive leadership, necessitating transparent communication with stakeholders and proactive security training initiatives.

Post-breach recovery, termed the "right of boom," demands meticulous incident response planning, data backup, and cybersecurity strategy redevelopment. Achieving visibility across organizational user access, particularly in modern, cloud-based environments, requires a platform-based approach for comprehensive oversight and timely issue resolution.

Acknowledging the inevitability of breaches, businesses can fortify their resilience by implementing these four steps, facilitating effective recovery and future readiness. Only by integrating robust post-breach measures can organizations confidently navigate the evolving cybersecurity landscape alongside preventative strategies.
Read more »
Willis Lease Finance
Black Basta Ransomware Cyber Security Cybersecurity Incident Data Breach Jet engines major airlines SEC filing unauthorized activity Willis Lease Finance

Dealers of Jet Engines to Major Airlines Reveals 'Unauthorized Activity'

 

The Willis Lease Finance Corporation has disclosed to US regulators that it was targeted in a "cybersecurity incident," with data allegedly taken from the company being shared on the Black Basta ransomware group's leak blog.

In a filing submitted to the Securities and Exchange Commission (SEC) on February 9, the publicly listed company on NASDAQ stated that it became aware of a potential breach on January 31, prompting immediate action to address the situation.

According to the filing, the company initiated an investigation into the incident with the help of leading cybersecurity experts, taking measures to contain and address the activity, including temporarily shutting down certain systems. The company reported no unauthorized activity after February 2, 2024, and believes it has successfully contained the breach.

During the period when systems were offline, the company acknowledged resorting to alternative methods to maintain operations and serve customers, although specific details were not provided.

Willis Lease Finance also stated it is still evaluating the extent of the breach and whether any data was compromised. Law enforcement has been notified about the breach.

Although the company refrained from explicitly mentioning "ransomware" or "attack" in its disclosure, the presence of passport scans on Black Basta's website suggests that the investigation into potential data theft may yield results soon.

The ransomware group claims to have obtained 910 GB of company data, including information about customers, employees, HR records, non-disclosure agreements (NDAs), among others. Black Basta published a selection of documents online, including screenshots of accessed files, HR documents containing social security numbers, and identity documents such as passports.

Attempts to match names on these documents with online profiles revealed matches predominantly in the US and UK, along with some from other countries.

Efforts to reach Willis Lease Finance for comment were unsuccessful at the time of reporting.

Established for over 45 years, Willis Lease Finance describes itself as a leading independent provider of jet engines to major airlines worldwide.

Black Basta, known for its high-profile ransomware attacks, is linked to the now-defunct Conti group and is believed to have amassed over $100 million from its victims, including major organizations like Capita and Southern Water in the UK.
Read more »
Privacy Breach
affected individuals CBS parent company Cybersecurity Incident Data Breach Online Security Paramount hack Privacy Breach

Parent Company of CBS and Paramount Discloses Cybersecurity Breach Impacting 80K Individuals

 

The parent company of CBS and Paramount, National Amusements, has recently reported a data breach that occurred a year ago, affecting 82,128 individuals. TechCrunch initially covered the incident, which was disclosed in a legal filing with the Attorney General of Maine under the state's 2005 digital privacy law. Despite the company not making public comments about the breach beyond the legal filing, it remains unclear whether the compromised data pertains to customers or exclusively employees.

According to Maine's data breach notification, the hack took place from December 13 to 15, 2022, with 82,128 people impacted, including 64 Maine residents. The notice, filed by National Amusements' senior vice president of human resources, suggests a focus on internal employee data. 

The company reportedly began notifying affected customers in writing on December 22, 2023, approximately 372 days after the breach was identified. In a letter to victims, National Amusements stated that it became aware of suspicious network activity on or about December 15, 2022, taking immediate steps to secure its network.

However, an inconsistency arises as the notice from Maine's Attorney General's office lists the "date breach discovered" as August 23, 2023. This indicates that the company may not have been aware of the intrusion until eight months after the incident, contradicting the claim of immediate action.

The legal filing mentions that hackers accessed financial information, including account and credit/debit card numbers in combination with security codes, access codes, passwords, or PINs. National Amusements has committed to providing 12 months of Experian credit monitoring and identity theft services to individuals whose social security numbers were compromised.

Engadget has reached out to National Amusements for confirmation and additional information.  

It's important to note that National Amusements, which gained a controlling stake in Paramount and CBS in 2019 through the Viacom-CBS merger, experienced a separate hack from the one disclosed by Paramount in August through Massachusetts' Attorney General's Office. The latter breach was reported to have occurred between May and June 2023.
Read more »
Taj Hotels data breach
CERT-In customer data compromise Cybersecurity Incident Data Breach Dnacookies hack Taj Hotels data breach

Taj Hotels Faces Data Breach, Revealing Data of 1.5 Million Customers

 

The cybersecurity landscape witnessed a recent data breach that sent shockwaves through the esteemed Taj Hotels chain. Perpetrated by the group "Dnacookies," the hack has potentially impacted more than 1.5 million consumers, prompting heightened concerns about data security, customer privacy, and the overall state of digital defenses within the hotel industry.

According to reports from CNBC-TV18, the compromised data spans a six-year period, ranging from 2014 to 2020. The exposed information includes addresses, membership IDs, mobile numbers, and other personally identifiable details. Despite the hacker's claim that the dataset is "non-sensitive," the reality is that any compromise of personal information can expose individuals to various risks, from identity theft to financial fraud.

The Indian Hotels Company Ltd. (IHCL), the entity overseeing Taj Hotels, promptly responded to the breach. A spokesperson for IHCL acknowledged the situation, emphasizing that the compromised customer data is deemed non-sensitive. However, the company is taking the incident seriously, initiating an investigation and notifying relevant authorities. A commitment to continuous system monitoring is deemed crucial to prevent further unauthorized access.

The severity of the situation is highlighted by the participation of the Indian Computer Emergency Response Team (CERT-In), a government agency responsible for addressing and mitigating cybersecurity incidents in India. CERT-In's involvement suggests that the breach extends beyond a concern for Taj Hotels, carrying broader implications for national cybersecurity.

"Dnacookies" has articulated specific demands, introducing complexity to an already intricate situation. The insistence on a middleman for negotiations, an all-or-nothing approach to data release, and a refusal to provide additional samples hint at a calculated and methodical strategy, raising questions about the motives behind the breach—whether purely financial or with more insidious intentions.
 
Beyond immediate concerns about breached data, the incident poses potential ramifications for both individuals and Taj Hotels. Affected customers face an increased risk of identity theft and financial fraud. Moreover, the reputation of Taj Hotels, synonymous with luxury and trust, is at stake. Customer trust in the overall security measures of the hospitality industry may be compromised.

Taj Hotels and similar establishments find themselves at a critical juncture in reassessing and strengthening their cybersecurity procedures as the investigation unfolds. This involves implementing sophisticated encryption techniques, regularly updating security systems to address new threats, and providing comprehensive training to staff members to raise awareness and prevent security lapses. Staying ahead of cyber threats necessitates collaboration with cybersecurity specialists and government organizations, exemplified by CERT-In's active engagement.
:
The Taj Hotels data breach underscores the intrusive and dynamic nature of cyber threats. Data security should be a primary concern for all businesses, particularly those in the hospitality industry where digital interactions are integral to modern life. The industry at large is urged to learn from the Taj Group's experience, bolster cybersecurity protocols, and collaborate to ensure digital infrastructure resilience against evolving cyber threats.
Read more »
Subscribe to: Posts (Atom)