Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Employee Data. Show all posts
SMS
Compliance Cyber Security Employee Data Google Google RCS security SMS

Google’s New Update Allows Employers To Archive Texts On Work-Managed Android Phones

 




A recent Android update has marked a paradigm shifting change in how text messages are handled on employer-controlled devices. This means Google has introduced a feature called Android RCS Archival, which lets organisations capture and store all RCS, SMS, and MMS communications sent through Google Messages on fully managed work phones. While the messages remain encrypted in transport, they can now be accessed on the device itself once delivered.

This update is designed to help companies meet compliance and record-keeping requirements, especially in sectors that must retain communication logs for regulatory reasons. Until now, many organizations had blocked RCS entirely because of its encryption, which made it difficult to archive. The new feature gives them a way to support richer messaging while still preserving mandatory records.

Archiving occurs via authorized third-party software that integrates directly with Google Messages on work-managed devices. Once enabled by a company's IT, the software will log every interaction inside of a conversation, including messages received, sent, edited, or later deleted. Employees using these devices will see a notification when archiving is active, signaling their conversations are being logged.

Google's indicated that this functionality only refers to work-managed Android devices, personal phones and personal profiles are not impacted, and the update doesn't allow employers access to user data on privately-owned devices. The feature must also be intentionally switched on by the organisation; it is not automatically on.

The update also brings to the surface a common misconception about encrypted messaging: End-to-end encryption protects content only while it's in transit between devices. When a message lands on a device that is owned and administered by an employer, the organization has the technical ability to capture it. It does not extend to over-the-top platforms - such as WhatsApp or Signal - that manage their own encryption. Those apps can expose data as well in cases where backups aren't encrypted or when the device itself is compromised.

This change also raises a broader issue: one of counterparty risk. A conversation remains private only if both ends of it are stored securely. Screenshots, unsafe backups, and linked devices outside the encrypted environment can all leak message content. Work-phone archiving now becomes part of that wider set of risks users should be aware of.

For employees, the takeaway is clear: A company-issued phone is a workplace tool, not a private device. Any communication that originates from a fully managed device can be archived, meaning personal conversations should stay on a personal phone. Users reliant on encrypted platforms have reason to review their backup settings and steer clear of mixing personal communication with corporate technology.

Google's new archival option gives organisations a compliance solution that brings RCS in line with traditional SMS logging, while for workers it is a further reminder that privacy expectations shift the moment a device is brought under corporate management. 


Read more »
Personal Data
AI Privacy AI Systems AI technology ChatGPT Cyber Security Employee Data monitoring Personal Data

AI Emotional Monitoring in the Workplace Raises New Privacy and Ethical Concerns

 

As artificial intelligence becomes more deeply woven into daily life, tools like ChatGPT have already demonstrated how appealing digital emotional support can be. While public discussions have largely focused on the risks of using AI for therapy—particularly for younger or vulnerable users—a quieter trend is unfolding inside workplaces. Increasingly, companies are deploying generative AI systems not just for productivity but to monitor emotional well-being and provide psychological support to employees. 

This shift accelerated after the pandemic reshaped workplaces and normalized remote communication. Now, industries including healthcare, corporate services and HR are turning to software that can identify stress, assess psychological health and respond to emotional distress. Unlike consumer-facing mental wellness apps, these systems sit inside corporate environments, raising questions about power dynamics, privacy boundaries and accountability. 

Some companies initially introduced AI-based counseling tools that mimic therapeutic conversation. Early research suggests people sometimes feel more validated by AI responses than by human interaction. One study found chatbot replies were perceived as equally or more empathetic than responses from licensed therapists. This is largely attributed to predictably supportive responses, lack of judgment and uninterrupted listening—qualities users say make it easier to discuss sensitive topics. 

Yet the workplace context changes everything. Studies show many employees hesitate to use employer-provided mental health tools due to fear that personal disclosures could resurface in performance reviews or influence job security. The concern is not irrational: some AI-powered platforms now go beyond conversation, analyzing emails, Slack messages and virtual meeting behavior to generate emotional profiles. These systems can detect tone shifts, estimate personal stress levels and map emotional trends across departments. 

One example involves workplace platforms using facial analytics to categorize emotional expression and assign wellness scores. While advocates claim this data can help organizations spot burnout and intervene early, critics warn it blurs the line between support and surveillance. The same system designed to offer empathy can simultaneously collect insights that may be used to evaluate morale, predict resignations or inform management decisions. 

Research indicates that constant monitoring can heighten stress rather than reduce it. Workers who know they are being analyzed tend to modulate behavior, speak differently or avoid emotional honesty altogether. The risk of misinterpretation is another concern: existing emotion-tracking models have demonstrated bias against marginalized groups, potentially leading to misread emotional cues and unfair conclusions. 

The growing use of AI-mediated emotional support raises broader organizational questions. If employees trust AI more than managers, what does that imply about leadership? And if AI becomes the primary emotional outlet, what happens to the human relationships workplaces rely on? 

Experts argue that AI can play a positive role, but only when paired with transparent data use policies, strict privacy protections and ethical limits. Ultimately, technology may help supplement emotional care—but it cannot replace the trust, nuance and accountability required to sustain healthy workplace relationships.
Read more »
User Privacy
Apache OpenOffice ASF Data Breach Employee Data User Privacy

ASF Rejects Akira Breach Claims Against Apache OpenOffice

 

Apache OpenOffice, an open-source office suite project maintained by the Apache Software Foundation (ASF), is currently disputing claims of a significant data breach allegedly perpetrated by the Akira ransomware gang. 

On October 30, 2025, Akira published a post on its data leak site asserting that it had compromised Apache OpenOffice and exfiltrated 23 GB of sensitive corporate documents, including employee personal information—such as home addresses, phone numbers, dates of birth, driver’s licenses, social security numbers, and credit card data—as well as financial records and internal confidential files. The group further claimed it would soon release these documents publicly.

Responding publicly, the ASF refutes the claims, stating it has no evidence that its systems have been compromised or that a breach has occurred. According to ASF representatives, the data types described by Akira do not exist within the Foundation’s infrastructure. Importantly, the ASF points out the open-source nature of the project: there are no paid employees associated with Apache OpenOffice or the Foundation, and therefore, sensitive employee information as specified by Akira is not held by ASF. 

All development activities, bug tracking, and feature requests for the software are managed openly and transparently, primarily through public developer mailing lists. Thus, any internal reports or application issues cited in the alleged leak are already available in the public domain.

ASF further emphasized its strong commitment to security and clarified that, as of November 4, 2025, it had received no ransom demands directed at either the Foundation or the OpenOffice project. The Foundation has initiated an internal investigation to fully assess the veracity of Akira’s claims but, so far, has found no supporting evidence. 

It has not contacted law enforcement or external cybersecurity experts, signaling that the incident is being treated as a claim without substantiation. As of the time of publication, none of the purported stolen data has surfaced on the Akira leak site, leaving ASF’s assertion unchallenged.

This dispute highlights the increasingly common tactic among ransomware operators of leveraging publicity and unsubstantiated claims to pressure organizations, even when the technical evidence does not support their assertions. For now, ASF continues to reassure users and contributors that Apache OpenOffice remains uncompromised, and stresses the transparency inherent in open-source development as a key defense against misinformation and data exfiltration claims.
Read more »
Sotheby
Data Breach Employee Data Financial Information Ransomware Sotheby

Sotheby’s Investigates Cyberattack That Exposed Employee Financial Information

 



Global auction house Sotheby’s has disclosed that it recently suffered a data breach in which cybercriminals accessed and extracted files containing sensitive information. The company confirmed that the security incident, detected on July 24, 2025, led to unauthorized access to certain internal data systems.

According to a notification filed with the Maine Attorney General’s Office, the compromised records included details such as full names, Social Security Numbers (SSNs), and financial account information. While the filing listed only a few individuals from the states of Maine and Rhode Island, the overall number of people affected by the breach has not been publicly confirmed.

Sotheby’s stated that once the intrusion was identified, its cybersecurity team immediately launched a detailed investigation, working alongside external security experts and law enforcement authorities. The process reportedly took nearly two months as the company conducted a comprehensive audit to determine what type of information was taken and whose data was affected.

In its notice to those impacted, the company wrote that certain Sotheby’s data “appeared to have been removed from our environment by an unknown actor.” It added that an “extensive review of the data” was carried out to identify the affected records and confirm the individuals connected to them.

As a precautionary measure, Sotheby’s is offering affected individuals 12 months of free identity protection and credit monitoring services through TransUnion, encouraging them to register within 90 days of receiving the notification letter.

Initially, it was unclear whether the compromised data involved employees or clients. However, in an update on October 17, 2025, Sotheby’s clarified in a statement to BleepingComputer that the breach involved employee information, not customer data. The company emphasized that it took the incident seriously and immediately involved external cybersecurity experts to support the response and remediation process.

“Sotheby’s discovered a cybersecurity incident that may have involved certain employee information,” a company spokesperson said in an official statement. “Upon discovery, we promptly began an investigation with leading data protection specialists and law enforcement. The company is notifying all impacted individuals as required and remains committed to protecting the integrity of its systems and data.”

Sotheby’s is among the world’s most recognized auction houses, dealing in high-value art and luxury assets. In 2024, the firm recorded total annual sales of nearly $6 billion, highlighting the scale and sensitivity of the data it manages, including financial and transactional records.

Although no ransomware groups have claimed responsibility for this breach so far, similar attacks have previously targeted high-end auction platforms. In 2024, the RansomHub gang allegedly breached Christie’s, stealing personal data belonging to an estimated 500,000 clients. Such incidents indicate that cybercriminals increasingly view global art institutions as lucrative targets due to the financial and personal data they store.

This is not the first time Sotheby’s has dealt with cybersecurity issues. Between March 2017 and October 2018, the company’s website was compromised by a malicious web skimmer designed to collect customer payment information. A comparable supply-chain attack in 2021 also led to unauthorized access to sensitive data.

The latest breach reinforces the growing risks faced by major cultural and financial institutions that handle valuable client and employee data. As investigations continue, Sotheby’s has urged affected individuals to remain vigilant, review their financial statements regularly, and immediately report any suspicious activity to their bank or credit institution.


Read more »
ToolShell
Canada CSE Cyber Attacks Employee Data Microsoft ToolShell

Canada’s Parliament Probes Data Breach Linked to Microsoft Flaws

 




Canada’s House of Commons has launched an investigation after a cyberattack potentially exposed sensitive staff data, raising questions about whether recently discovered Microsoft vulnerabilities played a role.

According to national media reports, an internal email to parliamentary employees revealed that attackers managed to enter a database containing staff information. The data included names, work emails, job titles, office locations, and details about computers and mobile devices connected to the House of Commons network.

The House of Commons and Canada’s Communications Security Establishment (CSE) are now examining the incident. In a public statement, CSE emphasized that attributing a cyberattack is complex and requires time, resources, and caution before drawing conclusions. In the meantime, staff have been urged to remain alert to suspicious messages or unusual activity.


Possible Link to Microsoft Vulnerabilities

Although officials have not confirmed the exact flaw that was exploited, the mention of a “recent Microsoft vulnerability” has led to speculation. In recent weeks, Canada’s Cyber Centre issued warnings about two critical Microsoft security issues:

  • CVE-2025-53770 (“ToolShell”): A flaw in Microsoft SharePoint servers that has been actively exploited since July. It allows attackers to gain unauthorized access and has been linked to incidents involving government networks and organizations worldwide.
  • CVE-2025-53786: A high-risk bug in Microsoft Exchange that can help attackers move through both cloud and on-premises systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently issued an emergency order for federal agencies to fix this vulnerability after warning of its potential to cause complete system compromises.


Security researchers, including the monitoring platform Shadowserver, have noted that thousands of systems remain unpatched against these flaws, with hundreds of vulnerable servers still running in Canada.


Global Exploitation of ToolShell

The ToolShell vulnerability in particular has been tied to attacks on multiple high-profile organizations, including U.S. government agencies and European institutions. Reports indicate that both state-sponsored groups and cybercriminal gangs have taken advantage of the flaw in recent months, underlining its severity.


Why Updates Matter

Cybersecurity experts consistently stress the importance of keeping systems updated with the latest patches. Unpatched vulnerabilities provide attackers with open doors into critical infrastructure, government bodies, and private organizations. This latest incident underscores how quickly attackers can move to exploit weaknesses once they are made public.


What Happens Next

For now, the House of Commons and CSE are continuing their investigation, and no final determination has been made about the vulnerability used in the breach. However, the case highlights the ongoing risks posed by unpatched software and the need for constant vigilance by organizations and individuals alike.



Read more »
employee productivity
Accountability Cyber Security Data Privacy Data security software Data tracking Employee employee cybersecurity Employee Data employee productivity

Balancing Accountability and Privacy in the Age of Work Tracking Software

 

As businesses adopt employee monitoring tools to improve output and align team goals, they must also consider the implications for privacy. The success of these systems doesn’t rest solely on data collection, but on how transparently and respectfully they are implemented. When done right, work tracking software can enhance productivity while preserving employee dignity and fostering a culture of trust. 

One of the strongest arguments for using tracking software lies in the visibility it offers. In hybrid and remote work settings, where face-to-face supervision is limited, these tools offer leaders critical insights into workflows, project progress, and resource allocation. They enable more informed decisions and help identify process inefficiencies that could otherwise remain hidden. At the same time, they give employees the opportunity to highlight their own efforts, especially in collaborative environments where individual contributions can easily go unnoticed. 

For workers, having access to objective performance data ensures that their time and effort are acknowledged. Instead of constant managerial oversight, employees can benefit from automated insights that help them manage their time more effectively. This reduces the need for frequent check-ins and allows greater autonomy in daily schedules, ultimately leading to better focus and outcomes. 

However, the ethical use of these tools requires more than functionality—it demands transparency. Companies must clearly communicate what is being monitored, why it’s necessary, and how the collected data will be used. Monitoring practices should be limited to work-related metrics like app usage or project activity and should avoid invasive methods such as covert screen recording or keystroke logging. When employees are informed and involved from the start, they are more likely to accept the tools as supportive rather than punitive. 

Modern tracking platforms often go beyond timekeeping. Many offer dashboards that enable employees to view their own productivity patterns, identify distractions, and make self-directed improvements. This shift from oversight to insight empowers workers and contributes to their personal and professional development. At the organizational level, this data can guide strategy, uncover training needs, and drive better resource distribution—without compromising individual privacy. 

Ultimately, integrating work tracking tools responsibly is less about trade-offs and more about fostering mutual respect. The most successful implementations are those that treat transparency as a priority, not an afterthought. By framing these tools as resources for growth rather than surveillance, organizations can reinforce trust while improving overall performance. 

Used ethically and with clear communication, work tracking software has the potential to unify rather than divide. It supports both the operational needs of businesses and the autonomy of employees, proving that accountability and privacy can, in fact, coexist.
Read more »
UBS
Cyber Attacks Employee Data swiss media UBS

UBS Acknowledges Employee Data Leak Following Third-Party Cyberattack

 



Swiss financial institution UBS has confirmed that some of its employee data was compromised and leaked online due to a cybersecurity breach at one of its external service providers. The incident did not impact client information, according to the bank.

The breach came to light after reports surfaced from Swiss media suggesting that data belonging to roughly 130,000 UBS staff members had been exposed online for several days. The compromised records reportedly include employee names, job titles, email addresses, phone numbers, workplace locations, and spoken languages.

UBS stated that it responded immediately upon learning of the breach, taking necessary steps to secure its operations and limit potential risks.

The cyberattack did not directly target UBS but rather a company it works with for procurement and administrative services. This supplier, identified as a former UBS spin-off, confirmed that it had been targeted but did not specify the extent of the data breach or name all affected clients.

A threat group believed to be behind the breach is known for using a form of cyber extortion that involves stealing sensitive data and threatening to publish it unless a ransom is paid. Unlike traditional ransomware attacks, this group reportedly skips the step of encrypting files and focuses solely on the theft and public exposure of stolen information.

So far, only one other company besides UBS has confirmed being impacted by this incident, though the service provider involved works with several major international firms, raising concerns that others could be affected as well.

Cybersecurity experts warn that the exposure of employee data, even without customer information can still lead to serious risks. Such data can be misused in fraud, phishing attempts, and impersonation scams. In today’s digital age, tools powered by artificial intelligence can mimic voices or even create fake videos, making such scams increasingly convincing.

There are also fears that exposed information could be used to pressure or manipulate employees, or to facilitate financial crimes through social engineering.

This breach serves as a reminder of how cyber threats are not limited to the primary organization alone. When suppliers and vendors handle sensitive internal information, their security practices become a critical part of the larger cybersecurity ecosystem. Threat actors increasingly target third-party providers to bypass more heavily secured institutions and gain access to valuable data.

As investigations continue, the focus remains on understanding the full scope of the incident and taking steps to prevent similar attacks in the future.

Read more »
Ransomwares
Cyberattack Data Breach Data Leak data security Employee Data Healthcare Interlock gang Interlock ransomware Kettering Health Ransomware attack Ransomware group Ransomwares

Kettering Health Ransomware Attack Linked to Interlock Group

 

Kettering Health, a prominent healthcare network based in Ohio, is still grappling with the aftermath of a disruptive ransomware attack that forced the organization to shut down its computer systems. The cyberattack, which occurred in mid-May 2025, affected operations across its hospitals, clinics, and medical centers. Now, two weeks later, the ransomware gang Interlock has officially taken responsibility for the breach, claiming to have exfiltrated more than 940 gigabytes of data.  

Interlock, an emerging cybercriminal group active since September 2024, has increasingly focused on targeting U.S.-based healthcare providers. When CNN first reported on the incident on May 20, Interlock had not yet confirmed its role, suggesting that ransom negotiations may have been in progress. With the group now openly taking credit and releasing some of the stolen data on its dark web site, it appears those negotiations either failed or stalled. 

Kettering Health has maintained a firm position that they are against paying ransoms. John Weimer, senior vice president of emergency operations, previously stated that no ransom had been paid. Despite this, the data breach appears extensive. Information shared by Interlock indicates that sensitive files were accessed, including private patient records and internal documents. Patient information such as names, identification numbers, medical histories, medications, and mental health notes were among the compromised data. 

The breach also impacted employee data, with files from shared network drives also exposed. One particularly concerning element involves files tied to Kettering Health’s in-house police department. Some documents reportedly include background checks, polygraph results, and personally identifiable details of law enforcement staff—raising serious privacy and safety concerns. In a recent public update, Kettering Health announced a key development in its recovery process. 

The organization confirmed it had restored core functionalities of its electronic health record (EHR) system, which is provided by healthcare technology firm Epic. Officials described this restoration as a significant step toward resuming normal operations, allowing teams to access patient records, coordinate care, and communicate effectively across departments once again. The full scope of the breach and the long-term consequences for affected individuals still remains uncertain. 

Meanwhile, Kettering Health has yet to comment on whether Interlock’s claims are fully accurate. The healthcare system is working closely with cybersecurity professionals and law enforcement agencies to assess the extent of the intrusion and prevent further damage.
Read more »
Sensitive Information
Customer Data Cyber Attacks Data Leak Data protection data security Data Theft Employee Data Identity Theft Prevention Radio Station Sensitive Information

iHeartMedia Cyberattack Exposes Sensitive Data Across Multiple Radio Stations

 

iHeartMedia, the largest audio media company in the United States, has confirmed a significant data breach following a cyberattack on several of its local radio stations. In official breach notifications sent to affected individuals and state attorney general offices in Maine, Massachusetts, and California, the company disclosed that cybercriminals accessed sensitive customer information between December 24 and December 27, 2024. Although iHeartMedia did not specify how many individuals were affected, the breach appears to have involved data stored on systems at a “small number” of stations. 

The exact number of compromised stations remains undisclosed. With a network of 870 radio stations and a reported monthly audience of 250 million listeners, the potential scope of this breach is concerning. According to the breach notification letters, the attackers “viewed and obtained” various types of personal information. The compromised data includes full names, passport numbers, other government-issued identification numbers, dates of birth, financial account information, payment card data, and even health and health insurance records. 

Such a comprehensive data set makes the victims vulnerable to a wide array of cybercrimes, from identity theft to financial fraud. The combination of personal identifiers and health or insurance details increases the likelihood of victims being targeted by tailored phishing campaigns. With access to passport numbers and financial records, cybercriminals can attempt identity theft or engage in unauthorized transactions and wire fraud. As of now, the stolen data has not surfaced on dark web marketplaces, but the risk remains high. 

No cybercrime group has claimed responsibility for the breach as of yet. However, the level of detail and sensitivity in the data accessed suggests the attackers had a specific objective and targeted the breach with precision. 

In response, iHeartMedia is offering one year of complimentary identity theft protection services to impacted individuals. The company has also established a dedicated hotline for those seeking assistance or more information. While these actions are intended to mitigate potential fallout, they may offer limited relief given the nature of the exposed information. 

This incident underscores the increasing frequency and severity of cyberattacks on media organizations and the urgent need for enhanced cybersecurity protocols. For iHeartMedia, transparency and timely support for affected customers will be key in managing the aftermath of this breach. 

As investigations continue, more details may emerge regarding the extent of the compromise and the identity of those behind the attack.
Read more »
Employee Data
Australia Australian Businesses Cybersecurity Researchers Data Breach Data Leak data security Database Leaked Database Security Employee Data

Sydney Tools Data Leak Exposes Millions of Customer and Employee Records

 

A major data leak from Sydney Tools, an Australian retailer specializing in power tools, hand tools, and industrial equipment, has potentially exposed the personal information of millions of customers and employees. The breach, discovered by cybersecurity researchers at Cybernews, involved an unprotected Clickhouse database that remained publicly accessible online, allowing unauthorized individuals to view sensitive data.  

According to the report, the database contained more than 5,000 records related to Sydney Tools employees, including both current and former staff. These records included full names, branch locations, salary details, and sales targets. Given that Sydney Tools reportedly employs around 1,000 people, a large portion of the exposed records likely belong to individuals who no longer work for the company. While no banking details were included in the leak, the exposure of employee information still poses a significant security risk. 

Cybercriminals could use these details to craft convincing phishing scams or for identity theft. Beyond employee data, the breach also exposed an even larger volume of customer information. The database reportedly contained over 34 million online purchase records, revealing customer names, email addresses, phone numbers, home addresses, and details of purchased items. The exposure of this information is particularly concerning, as it not only compromises privacy but also increases the risk of targeted scams. 

Customers who purchased expensive tools and equipment may be especially vulnerable to fraud or burglary attempts. Cybernews researchers have expressed serious concerns over the extent of the breach, highlighting that the database includes a mix of personally identifiable information (PII) and financial details. This kind of information is highly valuable to cybercriminals, who can exploit it for various fraudulent activities. The researchers attempted to notify Sydney Tools about the security lapse, urging them to secure the exposed database. 

However, as of their last update, the data reportedly remained accessible, raising further concerns about the company’s response to the issue. This incident underscores the ongoing risks posed by unprotected databases, which continue to be one of the leading causes of data breaches. Companies handling large volumes of customer and employee information must prioritize data security by implementing robust protection measures, such as encryption, multi-factor authentication, and regular security audits. Failing to do so not only puts individuals at risk but also exposes businesses to legal and reputational damage. 

With cybersecurity threats on the rise, organizations must remain vigilant in safeguarding sensitive information. Until Sydney Tools secures the database and provides assurances about how it will handle data protection in the future, customers and employees should remain cautious and monitor their accounts for any suspicious activity.
Read more »
User Privacy
Data Breach Data Leak Employee Data MOVEit Attack User Privacy

Amazon Employee Data Leaked in MOVEit Attack Fallout

 

Amazon has confirmed that some employee data was accessed last year, presumably as part of the huge MOVEit hacking campaign. A hacker recently revealed on the BreachForums cybercrime forum that they had stolen Amazon employee information, such as names, phone numbers, email addresses, job titles, and other job-related information. 

The hacker claimed the data came from the 2023 MOVEit attack, which entailed exploiting a zero-day vulnerability in Progress Software's MOVEit file transfer software to gather sensitive information from thousands of organisations that had used the program. 

The MOVEit campaign, which is widely thought to have been carried out by the Cl0p ransomware group, impacted about 2,800 organisations and compromised the data of approximately 100 million people. 

Amazon confirmed the data theft in a statement released earlier this week, but added several important details. According to the firm, the data was obtained via a third-party property management vendor; neither Amazon or AWS systems were compromised. 

The incident impacted several of the third-party vendor's clients, including Amazon. Amazon stated that only employee work contact information, such as work email addresses, desk phone numbers, and building locations, were revealed, while other, more sensitive information, such as Social Security numbers and financial information, were not compromised. 

The hacker claims that the Amazon employee database has nearly 2.8 million records, however it is unknown how many employees are affected. The same hacker has also leaked employee data from BT, McDonald's, Lenovo, Delta Airlines, and HP. The data appears to be the result of the same MOVEit breach that targeted the same real estate services company that housed Amazon employee information.
Read more »
Software Bug
Apple Bug Data Breach data security Data Theft Employee Data iPhone theft macOS Personal Data Privacy Risks Software Bug

Sevco Report Exposes Privacy Risks in iOS and macOS Due to Mirroring Bug

 

A new cybersecurity report from Sevco has uncovered a critical vulnerability in macOS 15.0 Sequoia and iOS 18, which exposes personal data through iPhone apps when devices are mirrored onto work computers. The issue arose when Sevco researchers detected personal iOS apps showing up on corporate Mac devices. This triggered a deeper investigation into the problem, revealing a systemic issue affecting multiple upstream software vendors and customers. The bug creates two main concerns: employees’ personal data could be unintentionally accessed by their employers, and companies could face legal risks for collecting that data.  

Sevco highlighted that while employees may worry about their personal lives being exposed, companies also face potential data liability even if the access occurs unintentionally. This is especially true when personal iPhones are connected to company laptops or desktops, leading to private data becoming accessible. Sean Wright, a cybersecurity expert, commented that the severity of the issue depends on the level of trust employees have in their employers. According to Wright, individuals who are uncomfortable with their employers having access to their personal data should avoid using personal devices for work-related tasks or connecting them to corporate systems. Sevco’s report recommended several actions for companies and employees to mitigate this risk. 

Firstly, employees should stop using the mirroring app to prevent the exposure of personal information. In addition, companies should advise their employees not to connect personal devices to work computers. Another key step involves ensuring that third-party vendors do not inadvertently gather sensitive data from work devices. The cybersecurity experts at Sevco urged companies to take these steps while awaiting an official patch from Apple to resolve the issue. When Apple releases the patch, Sevco recommends that companies promptly apply it to halt the collection of private employee data. 

Moreover, companies should purge any previously collected employee information that might have been gathered through this vulnerability. This would help eliminate liability risks and ensure compliance with data protection regulations. This report highlights the importance of maintaining clear boundaries between personal and work devices. With an increasing reliance on seamless technology, including mirroring apps, the risks associated with these tools also escalate. 

While the convenience of moving between personal phones and work computers is appealing, privacy issues should not be overlooked. The Sevco report emphasizes the importance of being vigilant about security and privacy in the workplace, especially when using personal devices for professional tasks. Both employees and companies need to take proactive steps to safeguard personal information and reduce potential legal risks until a fix is made available.
Read more »
Indian Government
Data Breach Data Leak Data Privacy Employee Data Indian Government

Hacker Claims Data Breach of India’s Blue-Collar Worker Database

 

A hacker claims to have accessed a large database linked with the Indian government's portal for blue-collar workers emigrating from the country. 

The eMigrate portal's database allegedly includes full names, contact numbers, email addresses, dates of birth, mailing addresses, and passport data of individuals who allegedly registered for the portal.

The Ministry of External Affairs launched eMigrate, which helps Indian workers in emigrating overseas. The portal also offers clearance tracking and insurance services to migrating workers. 

The database for sale on a recognised cybercrime forum looks to be genuine and it even includes the contact information for the Indian government's foreign ambassador. While it is unclear whether the data was stolen directly from the eMigrate portal or via a previous breach, the threat actors claim to have access to at least 200,000 internal and registered user accounts. 

India's Computer Emergency Response Team (CERT-In) is working with the relevant authorities to take appropriate action, while the Ministry of External Affairs is yet to respond on the matter. This is not the first time India's government portals have been accused of data leak. 

Earlier this year, an Indian state government website was found exposing sensitive documents and personal information of millions of residents. In May, scammers were found to have tricked government websites into displaying adverts that redirected users to online betting sites. 

The implications of such data breaches is difficult to estimate. However, data breaches can have serious consequences for individuals whose personal information is exposed. Personal information provided on hacker forums is frequently used by attackers to launch phishing attacks, steal identities, and compromise users' financial security. 

“Personal data is its own form of digital currency on the internet and breaches cost organizations a significant amount. The breaches impacting organizations and government entities are what the public sees front and center, but the impact on the end user isn’t as visible.” Satnam Narang, sr. staff research engineer, Tenable stated.
Read more »
UK
Data Breach data security Employee Data Fines ICO Information Commissioner Office Information Security Ireland UK

PSNI Faces £750,000 Fine for Major Data Breach

 

The Police Service of Northern Ireland (PSNI) is set to receive a £750,000 fine from the UK Information Commissioner’s Office (ICO) due to a severe data breach that compromised the personal information of over 9,000 officers and staff. This incident, described as "industrial scale" by former Chief Constable Simon Byrne, included the accidental online release of surnames, initials, ranks, and roles of all PSNI personnel in response to a Freedom of Information request. 

This breach, which occurred last August, has been deemed highly sensitive, particularly for individuals in intelligence or covert operations. It has led to significant repercussions, including Chief Constable Byrne's resignation. Many affected individuals reported profound impacts on their lives, with some forced to relocate or sever family connections due to safety concerns. The ICO's investigation highlighted serious inadequacies in the PSNI's internal procedures and approval processes for information disclosure. 

John Edwards, the UK Information Commissioner, emphasized that the breach created a "perfect storm of risk and harm" due to the sensitive context of Northern Ireland. He noted that many affected individuals had to "completely alter their daily routines because of the tangible fear of threat to life." Edwards criticized the PSNI for not having simple and practical data security measures in place, which could have prevented this "potentially life-threatening incident." He stressed the need for all organizations to review and improve their data protection protocols to avoid similar breaches. 

The ICO's provisional fine of £750,000 reflects a public sector approach, intended to prevent the diversion of public funds from essential services while still addressing serious violations. Without this approach, the fine would have been £5.6 million. In response to the breach, the PSNI and the Northern Ireland Policing Board commissioned an independent review led by Pete O’Doherty of the City of London Police. The review made 37 recommendations for enhancing information security within the PSNI, underscoring the need for a comprehensive overhaul of data protection practices. 

Deputy Chief Constable Chris Todd acknowledged the fine and the findings, expressing regret over the financial implications given the PSNI's existing budget constraints. He confirmed that the PSNI would implement the recommended changes and engage with the ICO regarding the final fine amount. The Police Federation for Northern Ireland (PFNI), representing rank-and-file officers, criticized the severe data security failings highlighted by the ICO. 

PFNI chair Liam Kelly called for stringent measures to ensure such an error never recurs, emphasizing the need for robust data defenses and rigorous protocols. This incident serves as a stark reminder of the critical importance of data security, particularly within sensitive sectors like law enforcement. The PSNI's experience underscores the potentially severe consequences of inadequate data protection measures and the urgent need for organizations to prioritize cybersecurity to safeguard personal information.
Read more »
Two Factor Authentication
CrowdStrike Cyber Attacks cybercriminals Employee Data Employees IBM Identity Theft MFA phishing Two Factor Authentication

Safeguarding Your Employee Data From Identity Theft

 

In today's digital age, where data breaches and cyberattacks are increasingly common, safeguarding against identity-based attacks has become paramount for organizations worldwide. Identity-based attacks, which involve the unauthorized access to sensitive information through compromised user credentials, pose significant risks to businesses of all sizes and industries. 

As CrowdStrike reported, 80% of attacks involve identity and compromised credentials, highlighting the widespread nature of this threat. Additionally, an IBM report found that identity-related attacks are now the top vector impacting global cybercrime, with a staggering 71% yearly increase. 

Cybercriminals employ various tactics to carry out identity-based attacks, targeting organizations through phishing campaigns, credential stuffing, password spraying, pass-the-hash techniques, man-in-the-middle (MitM) attacks, and more. Phishing campaigns, for example, involve the mass distribution of deceptive emails designed to trick recipients into divulging their login credentials or other sensitive information. Spear-phishing campaigns, on the other hand, are highly targeted attacks that leverage personal information to tailor phishing messages to specific individuals, increasing their likelihood of success.  

Credential stuffing attacks exploit the widespread practice of password reuse, where individuals use the same passwords across multiple accounts. Cybercriminals obtain credentials from previous data breaches or password dump sites and use automated tools to test these credentials across various websites, exploiting the vulnerabilities of users who reuse passwords. Password spraying attacks capitalize on human behavior by targeting commonly used passwords that match the complexity policies of targeted domains. 

Instead of trying multiple passwords for one user, attackers use the same common password across many different accounts, making it more difficult for organizations to detect and mitigate these attacks. Pass-the-hash techniques involve obtaining hashed versions of user passwords from compromised systems and using them to authenticate into other systems without needing to crack the actual password. This method allows attackers to move laterally within a network, accessing sensitive data and executing further attacks. MitM attacks occur when attackers intercept network connections, often by setting up malicious Wi-Fi access points. 

By doing so, attackers can monitor users' inputs, including login credentials, and steal sensitive information to gain unauthorized access to accounts and networks. To mitigate the risk of identity-based attacks, organizations must adopt a multi-layered approach to security. This includes implementing strong password policies to prevent the use of weak or easily guessable passwords and regularly auditing user accounts for vulnerabilities. 

Multi-factor authentication (MFA) should be implemented across all applications to add an extra layer of security by requiring users to provide a second form of authentication, such as a one-time password or biometric data, in addition to their passwords. Furthermore, organizations should protect against social engineering attacks, which often target service desk staff to gain unauthorized access to sensitive information. Automated solutions can help verify user identification and reduce the risk of social engineering vulnerabilities. 

 Identity-based attacks pose significant risks to organizations, but by implementing robust security measures and remaining vigilant against evolving threats, businesses can effectively mitigate these risks and safeguard their sensitive information from cybercriminals.
Read more »
VoIP
Cisco Data Breach Employee Data Information Security Multi-Factor Authentication (MFA) SMS Supply chain vulnerability third party VoIP

Cisco Duo raises awareness over a breach in third-party data security, revealing the exposure of SMS MFA logs.

 

In the ever-evolving landscape of cybersecurity, safeguarding sensitive information and ensuring secure access to corporate networks are paramount concerns for organizations worldwide. Recently, Cisco Duo, a leading provider of multi-factor authentication (MFA) and Single Sign-On services, found itself grappling with a significant breach that shed light on the evolving threats confronting modern enterprises. 

On April 1, 2024, Cisco Duo's security team sent out a warning to its extensive customer base regarding a cyberattack targeting their telephony provider, which handles the transmission of SMS and VoIP MFA messages. According to reports, threat actors leveraged employee credentials acquired through a sophisticated phishing attack to infiltrate the provider's systems. 

Following the breach, the attackers successfully obtained and extracted SMS and VoIP MFA message logs linked to specific Duo accounts, covering the timeframe from March 1, 2024, to March 31, 2024. The ramifications of this breach are deeply concerning. While the provider assured that the threat actors did not access the contents of the messages or utilize their access to send messages to customers, the stolen message logs contain data that could be exploited in targeted phishing campaigns. 

This poses a significant risk to affected organizations, potentially resulting in unauthorized access to sensitive information, including corporate credentials. In response to the breach, Cisco Duo swiftly mobilized, collaborating closely with the telephony provider to conduct a thorough investigation and implement additional security measures. The compromised credentials were promptly invalidated, and robust measures were instituted to fortify defenses and mitigate the risk of recurrence. 

Additionally, the provider furnished Cisco Duo with comprehensive access to all exposed message logs, enabling a meticulous analysis of the breach's scope and impact. Despite these proactive measures, Cisco Duo has urged affected customers to exercise heightened vigilance against potential SMS phishing or social engineering attacks leveraging the stolen information. Organizations are advised to promptly notify users whose phone numbers were contained in the compromised logs, educating them about the risks associated with social engineering tactics. 

Furthermore, Cisco has emphasized the importance of promptly reporting any suspicious activity and implementing proactive measures to mitigate potential threats. This incident serves as a stark reminder of the persistent and evolving threat landscape faced by organizations in today's digital age. As reliance on MFA and other security solutions intensifies, proactive monitoring, regular security assessments, and ongoing user education are indispensable components of an effective cybersecurity posture. 

Moreover, the Cisco Duo breach underscores the broader issue of supply chain vulnerabilities in cybersecurity. While organizations diligently fortify their internal defenses, they remain susceptible to breaches through third-party service providers. Hence, it is imperative for businesses to meticulously evaluate the security practices of their vendors and establish robust protocols for managing third-party risks. 

As the cybersecurity landscape continues to evolve, organizations must remain agile, adaptive, and proactive in their approach to cybersecurity. By prioritizing robust security measures, fostering a culture of cyber resilience, and fostering close collaboration with trusted partners, organizations can effectively mitigate risks and safeguard their digital assets in the face of evolving threats.
Read more »
SiegedSec
CISA Critical Data Data Breach Employee Data FBI Hacktivist group Idaho National Laboratory Nuclear Agency SiegedSec

Idaho National Laboratory Suffers Data Breach, Employee Data Compromised


Idaho National Laboratory, the nuclear energy testing lab that comprise of an estimated 5,700 experts, has recently suffered a major data breach in their systems.

The data breach took place last Sunday, on November 19. The stolen data comprise of the laboratory’s employees’ critical data, which was later leaked on online forums. 

The investigation on the breach is being carried out by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, who are working in collaboration with INL, a spokesperson informed. Physical addresses, bank account details, and Social Security numbers are among the data that are impacted.

In an interview regarding the incident, the spokesperson told local news outlet EastIdahoNews.com that the breach has impacted INL’s Oracle HCM system, a cloud-based workforce management platform that offers payroll and other HR solutions, was impacted by the attack.

SiegedSec, a self-entitled hacktivist group has since taken responsibility of the attack, following which it published a sample of the stolen employee data online, which included full names, dates of birth, email addresses, contact details and other identity info of the INL employees to their data breach forum. 

The group, which seems to have political motivations, was also accused in the past of stealing information from the Communities of Interest Cooperation Portal, an unclassified information-sharing portal run by NATO.

However, INL has not implied that the breach has had any impact on its classified information or nuclear research, and CISA did not immediately respond to the request for a comment. 

Regardless of whether the classified nuclear details were accessed by the threat actors, Colin Little, security engineer at the cybersecurity firm Centripetal, said it is "highly disconcerting that the staff generating that intellectual property and participating in the most advanced nuclear energy research and development have had their information leaked online."

"Now those who are politically motivated and would very much like to know the names and addresses of the top nuclear energy researchers in the U.S. have that data," he said. 

INL supports large-scale initiatives from the Department of Energy, the Department of Defense. The laboratory bills itself as "a world leader in securing critical infrastructure systems and improving the resiliency of vital national security and defense assets."

Read more »
User Security
Car Maker Data Breach Data Privacy Employee Data User Security

Tesla Begins Notifying Individuals Impacted in a Data Breach Incident

 

Tesla has acknowledged a data breach affecting around 75,000 individuals, but the incident is the result of a whistleblower leak rather than a malicious attack. 

The company informed US authorities that a data breach found in May exposed the personal information, including social security numbers, of over 75,700 people.

According to a notice letter issued to those affected, the data breach is the result of two former workers sending private data to the German news publication Handelsblatt. Tesla stated that the former employees "misappropriated the information in violation of Tesla's IT security and data protection policies." 

The leaked data includes names, contact information, and employment-related details for current and previous employees. Individuals affected are being offered credit monitoring and identity protection services. 

The leak was discovered in May when Handelsblatt claimed that a whistleblower had given it 100 Gb of private Tesla data. According to the publication, Tesla did not effectively protect the data of its partners, customers, and employees. 

The 'Tesla Files', which were leaked, apparently contained information on over 100,000 current and former employees, bank account information for customers, trade secrets for production, and customer concerns about driver assistance systems. The car maker has been reassured by Handelsblatt that it has no plans to publish the whistleblower's personal information. 

Given the circumstances of the incident, the chances of the exposed data being misused are minimal, with Tesla likely commencing the data breach disclosure process owing to legal constraints. Tesla has filed litigation against the employees responsible for the data breach, whose lawyer labelled the leaker as a "disgruntled former employee" when the leak was discovered. 

“These lawsuits resulted in the seizure of the former employees’ electronic devices that were believed to have contained the Tesla information. Tesla also obtained court orders that prohibit the former employees from further use, access, or dissemination of the data, subject to criminal penalties,” the car manufacturer noted in its recent breach notification.
Read more »
US Firm
Data Breach Data Leak Email Account Compromise Employee Data US Firm

Data of 2.5 Lakh Customers Sent to Personal Account by CFPB Employee

 

The Wall Street Journal reported that a consumer financial protection bureau (CFPB) employee sent records containing private information to a personal email address that included confidential supervisory information from 45 other financial institutions as well as personal information on roughly 256,000 customers at one financial institution.

The agency, which was already under siege from Republican lawmakers, presented the breach to Congress as a catastrophic incident. 

The emails contained customer information from seven businesses, although the majority of the personal data was linked to customers at one unnamed institution, a CFPB spokeswoman told the Journal. 

The incident was discovered by the agency for the first time in February, and it was revealed to lawmakers on March 21, according to the Journal. The reason the employee, who was later fired, forwarded the emails to a personal account was not disclosed by the CFPB. 

According to the CFPB, the personal information includes two spreadsheets with names and transaction-specific account numbers that were used internally by the financial institution, which downplays the severity of the data theft.

According to the representative, the spreadsheets do not contain the customers' bank account details and cannot be utilised to access a customer's account. As of Wednesday, the former CFPB employee had not complied with a request to erase the emails. Republican lawmakers seized on the data leak and demanded additional information from Director Rohit Chopra in statements they released. 

The CFPB has expanded enforcement efforts against the mortgage industry under Chopra, which has increased compliance expenses.

In October, Mortgage Bankers Association President and CEO Bob Broeksmit described the agency as a "judge, jury, and executioner all rolled into one." 

He urged the government to "establish clear and consistent standards, providing notice and comment when enacting rules." Unfortunately, the Bureau does not often follow this reasonable procedure, announcing new legal responsibilities without formal process or deliberation, enforcing novel and untested legal theories, and making it extremely difficult for businesses to grasp their legal obligations." 

Additionally, the agency is battling constitutional issues on various fronts. The agency's funding structure—by which it is funded by the Fed as opposed to appropriations legislation enacted through Congress—will be decided by the Supreme Court in a case that will be heard there. The agency's financing source was ruled to be illegal in 2022 by a panel of Trump appointees on the Fifth Circuit U.S. Court of Appeals. 

The funding provisions for the CFPB were found to be constitutional in March by the Second Circuit U.S. Court of Appeals, which includes the districts of Connecticut, New York, and Vermont.
Read more »
Security
Data Breach Data Leak Data Safety Employee Data Safety Security

Bogus DHL Emails Enable Attackers to Hack Microsoft 365 Accounts

 

As per experts, a new phishing campaign has been discovered that impersonates logistics giant DHL in order to steal Microsoft 365 credentials from victims in the education industry. Cybersecurity researchers from Armorblox recently found a significant phishing campaign, with more than 10,000 emails sent to inboxes connected to a "private education institution". 

The email is designed to appear to be from DHL, with the company branding and tone of voice one would expect from the shipping giant. The recipient is informed in the email titled "DHL Shipping Document/Invoice Receipt" that a customer sent a parcel to the incorrect address and that the correct delivery address must be provided.

False login prompt
The email apparently includes an attachment, labeled "Shipping Document Invoice Receipt," which, when opened, appears to be a blurred-out preview of a Microsoft Excel file.

A Microsoft login page appears over the blurred-out document, attempting to deceive people into believing they must log into their Microsoft 365 accounts in order to view the file's contents. If the victims provide the login credentials, they will be sent directly to the attackers.

Armorblox explained, “The email attack used language as the main attack vector in order to bypass both Microsoft Office 365 and EOP email security controls. These native email security layers are able to block mass spam and phishing campaigns and known malware and bad URLs. However, this targeted email attack bypassed Microsoft email security because it did not include any bad URLs or links and included an HTML file that included a malicious phishing form.”

Businesses can safeguard themselves against phishing attacks by training their employees to recognize red flags in their inboxes, such as the sender's email address, typos and spelling errors, a feeling of urgency (legitimate emails almost never require the user to respond urgently), and unexpected links/attachments.

According to the researchers, the attackers used a valid domain to avoid Microsoft's email(opens in new tab) authentication checks.
Read more »
Subscribe to: Comments (Atom)