Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Employee Data. Show all posts
employee productivity
Accountability Cyber Security Data Privacy Data security software Data tracking Employee employee cybersecurity Employee Data employee productivity

Balancing Accountability and Privacy in the Age of Work Tracking Software

 

As businesses adopt employee monitoring tools to improve output and align team goals, they must also consider the implications for privacy. The success of these systems doesn’t rest solely on data collection, but on how transparently and respectfully they are implemented. When done right, work tracking software can enhance productivity while preserving employee dignity and fostering a culture of trust. 

One of the strongest arguments for using tracking software lies in the visibility it offers. In hybrid and remote work settings, where face-to-face supervision is limited, these tools offer leaders critical insights into workflows, project progress, and resource allocation. They enable more informed decisions and help identify process inefficiencies that could otherwise remain hidden. At the same time, they give employees the opportunity to highlight their own efforts, especially in collaborative environments where individual contributions can easily go unnoticed. 

For workers, having access to objective performance data ensures that their time and effort are acknowledged. Instead of constant managerial oversight, employees can benefit from automated insights that help them manage their time more effectively. This reduces the need for frequent check-ins and allows greater autonomy in daily schedules, ultimately leading to better focus and outcomes. 

However, the ethical use of these tools requires more than functionality—it demands transparency. Companies must clearly communicate what is being monitored, why it’s necessary, and how the collected data will be used. Monitoring practices should be limited to work-related metrics like app usage or project activity and should avoid invasive methods such as covert screen recording or keystroke logging. When employees are informed and involved from the start, they are more likely to accept the tools as supportive rather than punitive. 

Modern tracking platforms often go beyond timekeeping. Many offer dashboards that enable employees to view their own productivity patterns, identify distractions, and make self-directed improvements. This shift from oversight to insight empowers workers and contributes to their personal and professional development. At the organizational level, this data can guide strategy, uncover training needs, and drive better resource distribution—without compromising individual privacy. 

Ultimately, integrating work tracking tools responsibly is less about trade-offs and more about fostering mutual respect. The most successful implementations are those that treat transparency as a priority, not an afterthought. By framing these tools as resources for growth rather than surveillance, organizations can reinforce trust while improving overall performance. 

Used ethically and with clear communication, work tracking software has the potential to unify rather than divide. It supports both the operational needs of businesses and the autonomy of employees, proving that accountability and privacy can, in fact, coexist.
Read more »
UBS
Cyber Attacks Employee Data swiss media UBS

UBS Acknowledges Employee Data Leak Following Third-Party Cyberattack

 



Swiss financial institution UBS has confirmed that some of its employee data was compromised and leaked online due to a cybersecurity breach at one of its external service providers. The incident did not impact client information, according to the bank.

The breach came to light after reports surfaced from Swiss media suggesting that data belonging to roughly 130,000 UBS staff members had been exposed online for several days. The compromised records reportedly include employee names, job titles, email addresses, phone numbers, workplace locations, and spoken languages.

UBS stated that it responded immediately upon learning of the breach, taking necessary steps to secure its operations and limit potential risks.

The cyberattack did not directly target UBS but rather a company it works with for procurement and administrative services. This supplier, identified as a former UBS spin-off, confirmed that it had been targeted but did not specify the extent of the data breach or name all affected clients.

A threat group believed to be behind the breach is known for using a form of cyber extortion that involves stealing sensitive data and threatening to publish it unless a ransom is paid. Unlike traditional ransomware attacks, this group reportedly skips the step of encrypting files and focuses solely on the theft and public exposure of stolen information.

So far, only one other company besides UBS has confirmed being impacted by this incident, though the service provider involved works with several major international firms, raising concerns that others could be affected as well.

Cybersecurity experts warn that the exposure of employee data, even without customer information can still lead to serious risks. Such data can be misused in fraud, phishing attempts, and impersonation scams. In today’s digital age, tools powered by artificial intelligence can mimic voices or even create fake videos, making such scams increasingly convincing.

There are also fears that exposed information could be used to pressure or manipulate employees, or to facilitate financial crimes through social engineering.

This breach serves as a reminder of how cyber threats are not limited to the primary organization alone. When suppliers and vendors handle sensitive internal information, their security practices become a critical part of the larger cybersecurity ecosystem. Threat actors increasingly target third-party providers to bypass more heavily secured institutions and gain access to valuable data.

As investigations continue, the focus remains on understanding the full scope of the incident and taking steps to prevent similar attacks in the future.

Read more »
Ransomwares
Cyberattack Data Breach Data Leak data security Employee Data Healthcare Interlock gang Interlock ransomware Kettering Health Ransomware attack Ransomware group Ransomwares

Kettering Health Ransomware Attack Linked to Interlock Group

 

Kettering Health, a prominent healthcare network based in Ohio, is still grappling with the aftermath of a disruptive ransomware attack that forced the organization to shut down its computer systems. The cyberattack, which occurred in mid-May 2025, affected operations across its hospitals, clinics, and medical centers. Now, two weeks later, the ransomware gang Interlock has officially taken responsibility for the breach, claiming to have exfiltrated more than 940 gigabytes of data.  

Interlock, an emerging cybercriminal group active since September 2024, has increasingly focused on targeting U.S.-based healthcare providers. When CNN first reported on the incident on May 20, Interlock had not yet confirmed its role, suggesting that ransom negotiations may have been in progress. With the group now openly taking credit and releasing some of the stolen data on its dark web site, it appears those negotiations either failed or stalled. 

Kettering Health has maintained a firm position that they are against paying ransoms. John Weimer, senior vice president of emergency operations, previously stated that no ransom had been paid. Despite this, the data breach appears extensive. Information shared by Interlock indicates that sensitive files were accessed, including private patient records and internal documents. Patient information such as names, identification numbers, medical histories, medications, and mental health notes were among the compromised data. 

The breach also impacted employee data, with files from shared network drives also exposed. One particularly concerning element involves files tied to Kettering Health’s in-house police department. Some documents reportedly include background checks, polygraph results, and personally identifiable details of law enforcement staff—raising serious privacy and safety concerns. In a recent public update, Kettering Health announced a key development in its recovery process. 

The organization confirmed it had restored core functionalities of its electronic health record (EHR) system, which is provided by healthcare technology firm Epic. Officials described this restoration as a significant step toward resuming normal operations, allowing teams to access patient records, coordinate care, and communicate effectively across departments once again. The full scope of the breach and the long-term consequences for affected individuals still remains uncertain. 

Meanwhile, Kettering Health has yet to comment on whether Interlock’s claims are fully accurate. The healthcare system is working closely with cybersecurity professionals and law enforcement agencies to assess the extent of the intrusion and prevent further damage.
Read more »
Sensitive Information
Customer Data Cyber Attacks Data Leak Data protection data security Data Theft Employee Data Identity Theft Prevention Radio Station Sensitive Information

iHeartMedia Cyberattack Exposes Sensitive Data Across Multiple Radio Stations

 

iHeartMedia, the largest audio media company in the United States, has confirmed a significant data breach following a cyberattack on several of its local radio stations. In official breach notifications sent to affected individuals and state attorney general offices in Maine, Massachusetts, and California, the company disclosed that cybercriminals accessed sensitive customer information between December 24 and December 27, 2024. Although iHeartMedia did not specify how many individuals were affected, the breach appears to have involved data stored on systems at a “small number” of stations. 

The exact number of compromised stations remains undisclosed. With a network of 870 radio stations and a reported monthly audience of 250 million listeners, the potential scope of this breach is concerning. According to the breach notification letters, the attackers “viewed and obtained” various types of personal information. The compromised data includes full names, passport numbers, other government-issued identification numbers, dates of birth, financial account information, payment card data, and even health and health insurance records. 

Such a comprehensive data set makes the victims vulnerable to a wide array of cybercrimes, from identity theft to financial fraud. The combination of personal identifiers and health or insurance details increases the likelihood of victims being targeted by tailored phishing campaigns. With access to passport numbers and financial records, cybercriminals can attempt identity theft or engage in unauthorized transactions and wire fraud. As of now, the stolen data has not surfaced on dark web marketplaces, but the risk remains high. 

No cybercrime group has claimed responsibility for the breach as of yet. However, the level of detail and sensitivity in the data accessed suggests the attackers had a specific objective and targeted the breach with precision. 

In response, iHeartMedia is offering one year of complimentary identity theft protection services to impacted individuals. The company has also established a dedicated hotline for those seeking assistance or more information. While these actions are intended to mitigate potential fallout, they may offer limited relief given the nature of the exposed information. 

This incident underscores the increasing frequency and severity of cyberattacks on media organizations and the urgent need for enhanced cybersecurity protocols. For iHeartMedia, transparency and timely support for affected customers will be key in managing the aftermath of this breach. 

As investigations continue, more details may emerge regarding the extent of the compromise and the identity of those behind the attack.
Read more »
Employee Data
Australia Australian Businesses Cybersecurity Researchers Data Breach Data Leak data security Database Leaked Database Security Employee Data

Sydney Tools Data Leak Exposes Millions of Customer and Employee Records

 

A major data leak from Sydney Tools, an Australian retailer specializing in power tools, hand tools, and industrial equipment, has potentially exposed the personal information of millions of customers and employees. The breach, discovered by cybersecurity researchers at Cybernews, involved an unprotected Clickhouse database that remained publicly accessible online, allowing unauthorized individuals to view sensitive data.  

According to the report, the database contained more than 5,000 records related to Sydney Tools employees, including both current and former staff. These records included full names, branch locations, salary details, and sales targets. Given that Sydney Tools reportedly employs around 1,000 people, a large portion of the exposed records likely belong to individuals who no longer work for the company. While no banking details were included in the leak, the exposure of employee information still poses a significant security risk. 

Cybercriminals could use these details to craft convincing phishing scams or for identity theft. Beyond employee data, the breach also exposed an even larger volume of customer information. The database reportedly contained over 34 million online purchase records, revealing customer names, email addresses, phone numbers, home addresses, and details of purchased items. The exposure of this information is particularly concerning, as it not only compromises privacy but also increases the risk of targeted scams. 

Customers who purchased expensive tools and equipment may be especially vulnerable to fraud or burglary attempts. Cybernews researchers have expressed serious concerns over the extent of the breach, highlighting that the database includes a mix of personally identifiable information (PII) and financial details. This kind of information is highly valuable to cybercriminals, who can exploit it for various fraudulent activities. The researchers attempted to notify Sydney Tools about the security lapse, urging them to secure the exposed database. 

However, as of their last update, the data reportedly remained accessible, raising further concerns about the company’s response to the issue. This incident underscores the ongoing risks posed by unprotected databases, which continue to be one of the leading causes of data breaches. Companies handling large volumes of customer and employee information must prioritize data security by implementing robust protection measures, such as encryption, multi-factor authentication, and regular security audits. Failing to do so not only puts individuals at risk but also exposes businesses to legal and reputational damage. 

With cybersecurity threats on the rise, organizations must remain vigilant in safeguarding sensitive information. Until Sydney Tools secures the database and provides assurances about how it will handle data protection in the future, customers and employees should remain cautious and monitor their accounts for any suspicious activity.
Read more »
User Privacy
Data Breach Data Leak Employee Data MOVEit Attack User Privacy

Amazon Employee Data Leaked in MOVEit Attack Fallout

 

Amazon has confirmed that some employee data was accessed last year, presumably as part of the huge MOVEit hacking campaign. A hacker recently revealed on the BreachForums cybercrime forum that they had stolen Amazon employee information, such as names, phone numbers, email addresses, job titles, and other job-related information. 

The hacker claimed the data came from the 2023 MOVEit attack, which entailed exploiting a zero-day vulnerability in Progress Software's MOVEit file transfer software to gather sensitive information from thousands of organisations that had used the program. 

The MOVEit campaign, which is widely thought to have been carried out by the Cl0p ransomware group, impacted about 2,800 organisations and compromised the data of approximately 100 million people. 

Amazon confirmed the data theft in a statement released earlier this week, but added several important details. According to the firm, the data was obtained via a third-party property management vendor; neither Amazon or AWS systems were compromised. 

The incident impacted several of the third-party vendor's clients, including Amazon. Amazon stated that only employee work contact information, such as work email addresses, desk phone numbers, and building locations, were revealed, while other, more sensitive information, such as Social Security numbers and financial information, were not compromised. 

The hacker claims that the Amazon employee database has nearly 2.8 million records, however it is unknown how many employees are affected. The same hacker has also leaked employee data from BT, McDonald's, Lenovo, Delta Airlines, and HP. The data appears to be the result of the same MOVEit breach that targeted the same real estate services company that housed Amazon employee information.
Read more »
Software Bug
Apple Bug Data Breach data security Data Theft Employee Data iPhone theft macOS Personal Data Privacy Risks Software Bug

Sevco Report Exposes Privacy Risks in iOS and macOS Due to Mirroring Bug

 

A new cybersecurity report from Sevco has uncovered a critical vulnerability in macOS 15.0 Sequoia and iOS 18, which exposes personal data through iPhone apps when devices are mirrored onto work computers. The issue arose when Sevco researchers detected personal iOS apps showing up on corporate Mac devices. This triggered a deeper investigation into the problem, revealing a systemic issue affecting multiple upstream software vendors and customers. The bug creates two main concerns: employees’ personal data could be unintentionally accessed by their employers, and companies could face legal risks for collecting that data.  

Sevco highlighted that while employees may worry about their personal lives being exposed, companies also face potential data liability even if the access occurs unintentionally. This is especially true when personal iPhones are connected to company laptops or desktops, leading to private data becoming accessible. Sean Wright, a cybersecurity expert, commented that the severity of the issue depends on the level of trust employees have in their employers. According to Wright, individuals who are uncomfortable with their employers having access to their personal data should avoid using personal devices for work-related tasks or connecting them to corporate systems. Sevco’s report recommended several actions for companies and employees to mitigate this risk. 

Firstly, employees should stop using the mirroring app to prevent the exposure of personal information. In addition, companies should advise their employees not to connect personal devices to work computers. Another key step involves ensuring that third-party vendors do not inadvertently gather sensitive data from work devices. The cybersecurity experts at Sevco urged companies to take these steps while awaiting an official patch from Apple to resolve the issue. When Apple releases the patch, Sevco recommends that companies promptly apply it to halt the collection of private employee data. 

Moreover, companies should purge any previously collected employee information that might have been gathered through this vulnerability. This would help eliminate liability risks and ensure compliance with data protection regulations. This report highlights the importance of maintaining clear boundaries between personal and work devices. With an increasing reliance on seamless technology, including mirroring apps, the risks associated with these tools also escalate. 

While the convenience of moving between personal phones and work computers is appealing, privacy issues should not be overlooked. The Sevco report emphasizes the importance of being vigilant about security and privacy in the workplace, especially when using personal devices for professional tasks. Both employees and companies need to take proactive steps to safeguard personal information and reduce potential legal risks until a fix is made available.
Read more »
Indian Government
Data Breach Data Leak Data Privacy Employee Data Indian Government

Hacker Claims Data Breach of India’s Blue-Collar Worker Database

 

A hacker claims to have accessed a large database linked with the Indian government's portal for blue-collar workers emigrating from the country. 

The eMigrate portal's database allegedly includes full names, contact numbers, email addresses, dates of birth, mailing addresses, and passport data of individuals who allegedly registered for the portal.

The Ministry of External Affairs launched eMigrate, which helps Indian workers in emigrating overseas. The portal also offers clearance tracking and insurance services to migrating workers. 

The database for sale on a recognised cybercrime forum looks to be genuine and it even includes the contact information for the Indian government's foreign ambassador. While it is unclear whether the data was stolen directly from the eMigrate portal or via a previous breach, the threat actors claim to have access to at least 200,000 internal and registered user accounts. 

India's Computer Emergency Response Team (CERT-In) is working with the relevant authorities to take appropriate action, while the Ministry of External Affairs is yet to respond on the matter. This is not the first time India's government portals have been accused of data leak. 

Earlier this year, an Indian state government website was found exposing sensitive documents and personal information of millions of residents. In May, scammers were found to have tricked government websites into displaying adverts that redirected users to online betting sites. 

The implications of such data breaches is difficult to estimate. However, data breaches can have serious consequences for individuals whose personal information is exposed. Personal information provided on hacker forums is frequently used by attackers to launch phishing attacks, steal identities, and compromise users' financial security. 

“Personal data is its own form of digital currency on the internet and breaches cost organizations a significant amount. The breaches impacting organizations and government entities are what the public sees front and center, but the impact on the end user isn’t as visible.” Satnam Narang, sr. staff research engineer, Tenable stated.
Read more »
UK
Data Breach data security Employee Data Fines ICO Information Commissioner Office Information Security Ireland UK

PSNI Faces £750,000 Fine for Major Data Breach

 

The Police Service of Northern Ireland (PSNI) is set to receive a £750,000 fine from the UK Information Commissioner’s Office (ICO) due to a severe data breach that compromised the personal information of over 9,000 officers and staff. This incident, described as "industrial scale" by former Chief Constable Simon Byrne, included the accidental online release of surnames, initials, ranks, and roles of all PSNI personnel in response to a Freedom of Information request. 

This breach, which occurred last August, has been deemed highly sensitive, particularly for individuals in intelligence or covert operations. It has led to significant repercussions, including Chief Constable Byrne's resignation. Many affected individuals reported profound impacts on their lives, with some forced to relocate or sever family connections due to safety concerns. The ICO's investigation highlighted serious inadequacies in the PSNI's internal procedures and approval processes for information disclosure. 

John Edwards, the UK Information Commissioner, emphasized that the breach created a "perfect storm of risk and harm" due to the sensitive context of Northern Ireland. He noted that many affected individuals had to "completely alter their daily routines because of the tangible fear of threat to life." Edwards criticized the PSNI for not having simple and practical data security measures in place, which could have prevented this "potentially life-threatening incident." He stressed the need for all organizations to review and improve their data protection protocols to avoid similar breaches. 

The ICO's provisional fine of £750,000 reflects a public sector approach, intended to prevent the diversion of public funds from essential services while still addressing serious violations. Without this approach, the fine would have been £5.6 million. In response to the breach, the PSNI and the Northern Ireland Policing Board commissioned an independent review led by Pete O’Doherty of the City of London Police. The review made 37 recommendations for enhancing information security within the PSNI, underscoring the need for a comprehensive overhaul of data protection practices. 

Deputy Chief Constable Chris Todd acknowledged the fine and the findings, expressing regret over the financial implications given the PSNI's existing budget constraints. He confirmed that the PSNI would implement the recommended changes and engage with the ICO regarding the final fine amount. The Police Federation for Northern Ireland (PFNI), representing rank-and-file officers, criticized the severe data security failings highlighted by the ICO. 

PFNI chair Liam Kelly called for stringent measures to ensure such an error never recurs, emphasizing the need for robust data defenses and rigorous protocols. This incident serves as a stark reminder of the critical importance of data security, particularly within sensitive sectors like law enforcement. The PSNI's experience underscores the potentially severe consequences of inadequate data protection measures and the urgent need for organizations to prioritize cybersecurity to safeguard personal information.
Read more »
Two Factor Authentication
CrowdStrike Cyber Attacks cybercriminals Employee Data Employees IBM Identity Theft MFA phishing Two Factor Authentication

Safeguarding Your Employee Data From Identity Theft

 

In today's digital age, where data breaches and cyberattacks are increasingly common, safeguarding against identity-based attacks has become paramount for organizations worldwide. Identity-based attacks, which involve the unauthorized access to sensitive information through compromised user credentials, pose significant risks to businesses of all sizes and industries. 

As CrowdStrike reported, 80% of attacks involve identity and compromised credentials, highlighting the widespread nature of this threat. Additionally, an IBM report found that identity-related attacks are now the top vector impacting global cybercrime, with a staggering 71% yearly increase. 

Cybercriminals employ various tactics to carry out identity-based attacks, targeting organizations through phishing campaigns, credential stuffing, password spraying, pass-the-hash techniques, man-in-the-middle (MitM) attacks, and more. Phishing campaigns, for example, involve the mass distribution of deceptive emails designed to trick recipients into divulging their login credentials or other sensitive information. Spear-phishing campaigns, on the other hand, are highly targeted attacks that leverage personal information to tailor phishing messages to specific individuals, increasing their likelihood of success.  

Credential stuffing attacks exploit the widespread practice of password reuse, where individuals use the same passwords across multiple accounts. Cybercriminals obtain credentials from previous data breaches or password dump sites and use automated tools to test these credentials across various websites, exploiting the vulnerabilities of users who reuse passwords. Password spraying attacks capitalize on human behavior by targeting commonly used passwords that match the complexity policies of targeted domains. 

Instead of trying multiple passwords for one user, attackers use the same common password across many different accounts, making it more difficult for organizations to detect and mitigate these attacks. Pass-the-hash techniques involve obtaining hashed versions of user passwords from compromised systems and using them to authenticate into other systems without needing to crack the actual password. This method allows attackers to move laterally within a network, accessing sensitive data and executing further attacks. MitM attacks occur when attackers intercept network connections, often by setting up malicious Wi-Fi access points. 

By doing so, attackers can monitor users' inputs, including login credentials, and steal sensitive information to gain unauthorized access to accounts and networks. To mitigate the risk of identity-based attacks, organizations must adopt a multi-layered approach to security. This includes implementing strong password policies to prevent the use of weak or easily guessable passwords and regularly auditing user accounts for vulnerabilities. 

Multi-factor authentication (MFA) should be implemented across all applications to add an extra layer of security by requiring users to provide a second form of authentication, such as a one-time password or biometric data, in addition to their passwords. Furthermore, organizations should protect against social engineering attacks, which often target service desk staff to gain unauthorized access to sensitive information. Automated solutions can help verify user identification and reduce the risk of social engineering vulnerabilities. 

 Identity-based attacks pose significant risks to organizations, but by implementing robust security measures and remaining vigilant against evolving threats, businesses can effectively mitigate these risks and safeguard their sensitive information from cybercriminals.
Read more »
VoIP
Cisco Data Breach Employee Data Information Security Multi-Factor Authentication (MFA) SMS Supply chain vulnerability third party VoIP

Cisco Duo raises awareness over a breach in third-party data security, revealing the exposure of SMS MFA logs.

 

In the ever-evolving landscape of cybersecurity, safeguarding sensitive information and ensuring secure access to corporate networks are paramount concerns for organizations worldwide. Recently, Cisco Duo, a leading provider of multi-factor authentication (MFA) and Single Sign-On services, found itself grappling with a significant breach that shed light on the evolving threats confronting modern enterprises. 

On April 1, 2024, Cisco Duo's security team sent out a warning to its extensive customer base regarding a cyberattack targeting their telephony provider, which handles the transmission of SMS and VoIP MFA messages. According to reports, threat actors leveraged employee credentials acquired through a sophisticated phishing attack to infiltrate the provider's systems. 

Following the breach, the attackers successfully obtained and extracted SMS and VoIP MFA message logs linked to specific Duo accounts, covering the timeframe from March 1, 2024, to March 31, 2024. The ramifications of this breach are deeply concerning. While the provider assured that the threat actors did not access the contents of the messages or utilize their access to send messages to customers, the stolen message logs contain data that could be exploited in targeted phishing campaigns. 

This poses a significant risk to affected organizations, potentially resulting in unauthorized access to sensitive information, including corporate credentials. In response to the breach, Cisco Duo swiftly mobilized, collaborating closely with the telephony provider to conduct a thorough investigation and implement additional security measures. The compromised credentials were promptly invalidated, and robust measures were instituted to fortify defenses and mitigate the risk of recurrence. 

Additionally, the provider furnished Cisco Duo with comprehensive access to all exposed message logs, enabling a meticulous analysis of the breach's scope and impact. Despite these proactive measures, Cisco Duo has urged affected customers to exercise heightened vigilance against potential SMS phishing or social engineering attacks leveraging the stolen information. Organizations are advised to promptly notify users whose phone numbers were contained in the compromised logs, educating them about the risks associated with social engineering tactics. 

Furthermore, Cisco has emphasized the importance of promptly reporting any suspicious activity and implementing proactive measures to mitigate potential threats. This incident serves as a stark reminder of the persistent and evolving threat landscape faced by organizations in today's digital age. As reliance on MFA and other security solutions intensifies, proactive monitoring, regular security assessments, and ongoing user education are indispensable components of an effective cybersecurity posture. 

Moreover, the Cisco Duo breach underscores the broader issue of supply chain vulnerabilities in cybersecurity. While organizations diligently fortify their internal defenses, they remain susceptible to breaches through third-party service providers. Hence, it is imperative for businesses to meticulously evaluate the security practices of their vendors and establish robust protocols for managing third-party risks. 

As the cybersecurity landscape continues to evolve, organizations must remain agile, adaptive, and proactive in their approach to cybersecurity. By prioritizing robust security measures, fostering a culture of cyber resilience, and fostering close collaboration with trusted partners, organizations can effectively mitigate risks and safeguard their digital assets in the face of evolving threats.
Read more »
SiegedSec
CISA Critical Data Data Breach Employee Data FBI Hacktivist group Idaho National Laboratory Nuclear Agency SiegedSec

Idaho National Laboratory Suffers Data Breach, Employee Data Compromised


Idaho National Laboratory, the nuclear energy testing lab that comprise of an estimated 5,700 experts, has recently suffered a major data breach in their systems.

The data breach took place last Sunday, on November 19. The stolen data comprise of the laboratory’s employees’ critical data, which was later leaked on online forums. 

The investigation on the breach is being carried out by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, who are working in collaboration with INL, a spokesperson informed. Physical addresses, bank account details, and Social Security numbers are among the data that are impacted.

In an interview regarding the incident, the spokesperson told local news outlet EastIdahoNews.com that the breach has impacted INL’s Oracle HCM system, a cloud-based workforce management platform that offers payroll and other HR solutions, was impacted by the attack.

SiegedSec, a self-entitled hacktivist group has since taken responsibility of the attack, following which it published a sample of the stolen employee data online, which included full names, dates of birth, email addresses, contact details and other identity info of the INL employees to their data breach forum. 

The group, which seems to have political motivations, was also accused in the past of stealing information from the Communities of Interest Cooperation Portal, an unclassified information-sharing portal run by NATO.

However, INL has not implied that the breach has had any impact on its classified information or nuclear research, and CISA did not immediately respond to the request for a comment. 

Regardless of whether the classified nuclear details were accessed by the threat actors, Colin Little, security engineer at the cybersecurity firm Centripetal, said it is "highly disconcerting that the staff generating that intellectual property and participating in the most advanced nuclear energy research and development have had their information leaked online."

"Now those who are politically motivated and would very much like to know the names and addresses of the top nuclear energy researchers in the U.S. have that data," he said. 

INL supports large-scale initiatives from the Department of Energy, the Department of Defense. The laboratory bills itself as "a world leader in securing critical infrastructure systems and improving the resiliency of vital national security and defense assets."

Read more »
User Security
Car Maker Data Breach Data Privacy Employee Data User Security

Tesla Begins Notifying Individuals Impacted in a Data Breach Incident

 

Tesla has acknowledged a data breach affecting around 75,000 individuals, but the incident is the result of a whistleblower leak rather than a malicious attack. 

The company informed US authorities that a data breach found in May exposed the personal information, including social security numbers, of over 75,700 people.

According to a notice letter issued to those affected, the data breach is the result of two former workers sending private data to the German news publication Handelsblatt. Tesla stated that the former employees "misappropriated the information in violation of Tesla's IT security and data protection policies." 

The leaked data includes names, contact information, and employment-related details for current and previous employees. Individuals affected are being offered credit monitoring and identity protection services. 

The leak was discovered in May when Handelsblatt claimed that a whistleblower had given it 100 Gb of private Tesla data. According to the publication, Tesla did not effectively protect the data of its partners, customers, and employees. 

The 'Tesla Files', which were leaked, apparently contained information on over 100,000 current and former employees, bank account information for customers, trade secrets for production, and customer concerns about driver assistance systems. The car maker has been reassured by Handelsblatt that it has no plans to publish the whistleblower's personal information. 

Given the circumstances of the incident, the chances of the exposed data being misused are minimal, with Tesla likely commencing the data breach disclosure process owing to legal constraints. Tesla has filed litigation against the employees responsible for the data breach, whose lawyer labelled the leaker as a "disgruntled former employee" when the leak was discovered. 

“These lawsuits resulted in the seizure of the former employees’ electronic devices that were believed to have contained the Tesla information. Tesla also obtained court orders that prohibit the former employees from further use, access, or dissemination of the data, subject to criminal penalties,” the car manufacturer noted in its recent breach notification.
Read more »
US Firm
Data Breach Data Leak Email Account Compromise Employee Data US Firm

Data of 2.5 Lakh Customers Sent to Personal Account by CFPB Employee

 

The Wall Street Journal reported that a consumer financial protection bureau (CFPB) employee sent records containing private information to a personal email address that included confidential supervisory information from 45 other financial institutions as well as personal information on roughly 256,000 customers at one financial institution.

The agency, which was already under siege from Republican lawmakers, presented the breach to Congress as a catastrophic incident. 

The emails contained customer information from seven businesses, although the majority of the personal data was linked to customers at one unnamed institution, a CFPB spokeswoman told the Journal. 

The incident was discovered by the agency for the first time in February, and it was revealed to lawmakers on March 21, according to the Journal. The reason the employee, who was later fired, forwarded the emails to a personal account was not disclosed by the CFPB. 

According to the CFPB, the personal information includes two spreadsheets with names and transaction-specific account numbers that were used internally by the financial institution, which downplays the severity of the data theft.

According to the representative, the spreadsheets do not contain the customers' bank account details and cannot be utilised to access a customer's account. As of Wednesday, the former CFPB employee had not complied with a request to erase the emails. Republican lawmakers seized on the data leak and demanded additional information from Director Rohit Chopra in statements they released. 

The CFPB has expanded enforcement efforts against the mortgage industry under Chopra, which has increased compliance expenses.

In October, Mortgage Bankers Association President and CEO Bob Broeksmit described the agency as a "judge, jury, and executioner all rolled into one." 

He urged the government to "establish clear and consistent standards, providing notice and comment when enacting rules." Unfortunately, the Bureau does not often follow this reasonable procedure, announcing new legal responsibilities without formal process or deliberation, enforcing novel and untested legal theories, and making it extremely difficult for businesses to grasp their legal obligations." 

Additionally, the agency is battling constitutional issues on various fronts. The agency's funding structure—by which it is funded by the Fed as opposed to appropriations legislation enacted through Congress—will be decided by the Supreme Court in a case that will be heard there. The agency's financing source was ruled to be illegal in 2022 by a panel of Trump appointees on the Fifth Circuit U.S. Court of Appeals. 

The funding provisions for the CFPB were found to be constitutional in March by the Second Circuit U.S. Court of Appeals, which includes the districts of Connecticut, New York, and Vermont.
Read more »
Security
Data Breach Data Leak Data Safety Employee Data Safety Security

Bogus DHL Emails Enable Attackers to Hack Microsoft 365 Accounts

 

As per experts, a new phishing campaign has been discovered that impersonates logistics giant DHL in order to steal Microsoft 365 credentials from victims in the education industry. Cybersecurity researchers from Armorblox recently found a significant phishing campaign, with more than 10,000 emails sent to inboxes connected to a "private education institution". 

The email is designed to appear to be from DHL, with the company branding and tone of voice one would expect from the shipping giant. The recipient is informed in the email titled "DHL Shipping Document/Invoice Receipt" that a customer sent a parcel to the incorrect address and that the correct delivery address must be provided.

False login prompt
The email apparently includes an attachment, labeled "Shipping Document Invoice Receipt," which, when opened, appears to be a blurred-out preview of a Microsoft Excel file.

A Microsoft login page appears over the blurred-out document, attempting to deceive people into believing they must log into their Microsoft 365 accounts in order to view the file's contents. If the victims provide the login credentials, they will be sent directly to the attackers.

Armorblox explained, “The email attack used language as the main attack vector in order to bypass both Microsoft Office 365 and EOP email security controls. These native email security layers are able to block mass spam and phishing campaigns and known malware and bad URLs. However, this targeted email attack bypassed Microsoft email security because it did not include any bad URLs or links and included an HTML file that included a malicious phishing form.”

Businesses can safeguard themselves against phishing attacks by training their employees to recognize red flags in their inboxes, such as the sender's email address, typos and spelling errors, a feeling of urgency (legitimate emails almost never require the user to respond urgently), and unexpected links/attachments.

According to the researchers, the attackers used a valid domain to avoid Microsoft's email(opens in new tab) authentication checks.
Read more »
User Privacy
California Cookies Data Privacy Laws Employee Data Privacy User Privacy

California's Consumer Privacy Act has Been Updated

 

California's unique consumer privacy law was strengthened on January 1 as a result of a ballot initiative that 2020 voters endorsed. A new privacy law that puts new requirements on companies to make sure that employees have more authority over the gathering and utilization of their personal data takes effect this year.

What does California's Consumer Privacy Act imply?

In June 2018, Governor Brown signed the California Consumer Privacy Act (CCPA) into law. A ground-breaking piece of legislation, it imposes requirements on California businesses regarding how they acquire, use, or disclose Californians' data and gives the people of California a set of data rights equal to those found in Europe.

The California Privacy Rights Act (CPRA), which amends the historic California CCPA by extending its protections to staff, job seekers, and independent contractors, will go into effect on January 1, 2023, and firms that employ California residents must ensure they have taken the necessary steps to comply by that date.

An updated version of CCPA

Residents of California can ask for their data to be updated, destroyed, or not sold as a result. These standards now also apply to employers for the first time.

If you've noticed those boxes at the bottom of almost every website asking about your preferences for data privacy, you know the California privacy legislation has a significant impact. Employment lawyer Darcey Groden of Fisher Phillips predicts that it will also apply to employers.

While many businesses have the infrastructure in place to deal with customer data, attorney Darcey Groden noted that the employment connection is significantly more complex. In the job situation, there is just a lot of data that is continually being collected.

In most cases, you will need to account for your human resources file, health information, emails, and surveillance footage. This law is exceedingly intricate and it will be expensive to adhere to it. According to Zoe Argento, it will be particularly difficult for businesses that do not deal with consumers, for instance, businesses in the manufacturing and construction industries.

Companies with many employees and gathering a lot of data, like gig platforms, could also be significantly impacted. They normally do not have a privacy department, so this is quite new to them. Increased accountability around how some platforms use worker data to design their algorithm may result from more transparency.




Read more »
User Privacy
Elon Musk Employee Data Privacy Subscription Twitter User Privacy

Over 50% of Twitter Staff are Sacked by Elon Musk


Elon Musk, the new owner of Twitter, defended the decision on Saturday, claiming that there was 'no choice because the firm was losing millions of dollars daily. This comes amid a wave of widespread layoffs at Twitter around the world, including in India, and the outrage that followed.

Elon Musk made the decision to fire over 50% of the Twitter workers. After overnight limiting access to the company's headquarters and internal systems, employees were notified by email of their employment status.

To announce their departure, employees are tweeting using the hashtag #LoveWhereYouWorked and a saluting emoji. Elon justified the choice by claiming that the business was losing $4 million daily. Three months' worth of severance pay was provided to everyone who lost their jobs.

In contrast to a profit of $66 million during the same period last year, the corporation reported a net loss of $270 million for the second quarter that concluded on June 30, 2022. There are rumors that up to half of Twitter's 8,000 jobs could be eliminated. The website has trouble turning a profit. Making a dent in the salary cost is one method to solve the issue.

Simon Balmain, a senior community manager for Twitter in the UK, said that he had been signed out of both his work laptop and the Slack chat app, leading him to fear that he had been fired.

After already terminating some employees, several Twitter employees on Thursday night filed a class action complaint, according to CNN, alleging that Twitter violated the federal and California Worker Adjustment and Retraining Notification Act (WARN Act).

According to the WARN Act, if a mass layoff "affects 50 or more employees at a single site of employment," the employer has to give 60 days written notice in advance. Additionally, Twitter has let go of the majority of its over 200 Indian staff. According to sources, the engineering, sales and marketing, and communications teams will all be affected".

Following Elon Musk's takeover of the social media company, Twitter founder Jack Dorsey finally spoke out about the widespread layoffs. He stated, " I realize many are angry with me. I own the responsibility for why everyone is in this situation: I grew the company size too quickly. I apologise for that.”

The cost-cutting comes in response to criticism of Twitter's efforts to collect money by putting up a proposal to charge $8 (£7) per month for a blue check-mark that says, "Verified."Those that pay could receive more promotion for their tweets and see fewer advertisements in addition to the verification badge.

Since a few years prior, Twitter has not turned a profit, and its monthly user base of around 300 million people has remained broadly stable. Experts cautioned that Twitter's ability to battle misinformation may be impacted by the dismissal of half of its workers, particularly with the US midterm elections set for next week.





Read more »
Ransomware
Data Breach Data Leak Employee Data G4S Ransomware

Australian Security Firm G4S Hacked, Staff on Alert


Ransomware Attack, G4S Breached

Present and earlier employees of security organization G4S have been alarmed to be cautious, due to a ransomware attack where personal information was stolen and posted online. The leaked info includes tax file numbers, medical checks, and bank account information. 

The attack comes after the massive Optus data leak incident in Australia, joining two more data breaches. It seeks government plans to reform cybersecurity and follow higher penalties under the Privacy Act.

G4S offers services to Australian prisons

G4S offers services to prisons throughout Australia, earlier it offered services to offshore detention centers on Manus Island, belonging to the federal government. 

It informed its former and current customers earlier this week that it suffered a cyber incident, allowing unauthorized access to a third party, and giving malware programs access to G4S systems. 

According to Guardian Australia, it believes the incident to be a ransomware attack targeting Port Philip prison. The media reported on this incident in early July. 

"Guardian Australia was also alerted on Tuesday to another Optus-style data breach involving an employment agency. The breach was the result of a similar open application programming interface (API) to that believed to have been breached in the Optus attack. Personal documents such as photos of passport pages and Covid-19 vaccination certificates were accessible via the vulnerability."

What can the victims do?

During mid-September, G4S came to know that some data was leaked online. However, it only informed the affected customers about the degree of the attack and the compromised documents in an e-mail earlier this week. 

The stolen data includes employee names, dates of birth, address, medical and police records, contact info, bank account details, tax file numbers, license details, and Medicare numbers. 

In some incidents, health info is given to the company, payslips, and Workcover claims information and incident reports have also been leaked.

Though the incident happened at Port Philip prison, the cyber criminal got access to the company's entire network throughout Australia. 

Casualties not confirmed

The number of staff impacted by the breach is yet to be known, G4S didn't give answers to questions about the victims, on the other hand, saying the company is working with affected individuals to provide them full assistance. 

G4S advised the victims to change their identity documents but didn't provide compensation for replacements or give credit monitoring. 

The Guardian reports:

"Separately, photos of identity documents – including driver licenses – of hundreds of thousands of the company’s clients were publicly available via Google image search results because users had uploaded their licences as their profile photo. The company has since acted to prevent users from uploading sensitive documents to profiles."





Read more »
User Security
Data Breach Data Leak Data Safety data security Employee Data User Data User Security

Attackers Compromise Employee Data at PVC-Maker Eurocell

According to a law firm, a leading British PVC manufacturer has been contacting current and former employees to notify them of a "substantial" data breach. 

A data protection law specialist, Derbyshire-based Eurocell, which also operates as a distributor of UPVC windows, doors, and roofing products, disclosed the news in a letter to those affected. The firm apparently explained in it that an unauthorised third party gained access to its systems, as per Hayes Connor.

The compromised data included employment terms and conditions, dates of birth, next of kin, bank account, NI and tax reference numbers, right-to-work documents, health and wellbeing documents, learning and development records, and disciplinary and grievance docs. That's a lot of information for potential fraudsters to use in subsequent phishing or even extortion.

Eurocell has reportedly stated that there is no proof of data misuse, but this will provide little comfort to those affected. It is also unknown how many employees would be affected.

“The company has over 2,000 current employees, but it is possible that many more former employees could also be at risk given the type of information that has been exposed,” warned Hayes Connor legal representative, Christine Sabino.

“Every employer has various obligations when it comes to data security, which means they have a duty to keep sensitive information secure. This type of incident warrants a significant investigation. Our team has started to make our own enquiries into the case and are determined to ensure our clients get the justice they deserve.”

Hayes Connor made headlines earlier this year when it announced that over 100 current and former employees of a leading luxury car dealership would sue the firm following a data breach. On that occasion, they were dissatisfied with LSH Auto's lack of transparency regarding the incident.
Read more »
Employee Data
Bug Bounty Cyber Security Data Privacy data security Employee Data

HackerOne Employee Stole Data From Bug Bounty Reports for Financial Advantages

 

HackerOne has revealed information on a former employee who it alleges accessed company data for personal financial benefit. The unknown individual received information from bug bounty platform security reports and attempted to reveal the same vulnerabilities outside of the site. 

According to HackerOne, he had access to the data between April 4 and June 23, 2022. On June 22, 2022, HackerOne was notified of the problem by a suspicious client who had received similar bug reports from the platform and the person. 

“This is a clear violation of our values, our culture, our policies, and our employment contracts,” the platform stated. 

“In under 24 hours, we worked quickly to contain the incident by identifying the then-employee and cutting off access to data. We have since terminated the employee, and further bolstered our defences to avoid similar situations in the future.” 

According to HackerOne, the submitter of this off-platform disclosure "reportedly used intimidating language in conversation with our customer," and the actor's intent was to collect more bounties. HackerOne also stated that, after consulting with lawyers, it will determine if a criminal referral of this situation is necessary. 

A HackerOne spokesperson informed The Daily Swig: “Since the founding of HackerOne, we have honoured our steadfast commitment to disclosing security incidents because we believe that sharing security information is essential to building a safer internet. 

“At HackerOne, we value the trusted relationships with our customers and the hacking community. It’s important for us to continue to demonstrate transparency as a core tenant of Corporate Security Responsibility and therefore shared this Incident Report.” 

The spokesperson added: “Our Code of Conduct sets the foundation for building trust. We will continue to prioritize coordinated disclosure and to act fast to ensure we uphold these strong standards.”
Read more »
Subscribe to: Posts (Atom)